Completion of Phase II of "Control of Heavy Loads at Nuclear Power Plants" NUREG-0612 (Generic Letter No. 85-11)
UNITED STATES
NUCLEAR REGULATORY COMMISSION
WASHINGTON, D. C. 20555
June 28, 1985
TO ALL LICENSEES FOR OPERATING REACTORS
Gentlemen:
SUBJECT: COMPLETION OF PHASE II OF "CONTROL OF HEAVY LOADS AT NUCLEAR POWER
PLANTS" NUREG-0612 (GENERIC LETTER 85-11)
On December 22, 1980, NRC issued a generic letter (unnumbered) which was
supplemented February 3, 1981 (Generic Letter 81-07) regarding NUREG-0612,
"Control of Heavy Loads at Nuclear Power Plants". This letter requested that
you implement certain interim actions and provide the NRC information
related to heavy loads at your facilities. Your submittals were requested in
two parts; a six month response (Phase I) and a nine month response (Phase
II).
All licensees have completed the requirement to perform a review and submit
a Phase I and a Phase II report. Based on the improvements in heavy loads
handling obtained from implementation of NUREG-0612 (Phase I), further
action is not required to reduce the risks associated with the handling of
heavy loads (See enclosed NUREG-0612 Phase II). Therefore, a detailed Phase
II review if heavy loads is not necessary and Phase II is considered
completed. However, while not a requirement, we encourage the implementation
of any actions you identified in Phase II regarding the handling of heavy
loads that you consider appropriate.
For each plant which has a license condition requiring commitments
acceptable to the NRC regarding Phase II, an application for license
amendment may be submitted to the NRC to delete the license condition citing
this letter as the basis. If you have any questions, contact your Project
Manager or Don Neighbors (301) 492-4837.
Sincerely,
Hugh L. Thompson, Jr., Director
Division of Licensing
Enclosure:
As Stated
8506270216
.
Enclosure 1
NUREG-0612,"CONTROL OF HEAVY LOADS AT
NUCLEAR POWER PLANTS"
RESOLUTION OF PHASE II
Generic Technical Activity A-36 was established to systematically examine
the staff's licensing criteria, adequacy of measures in effect at operating
plants and recommend necessary changes to assure the safe handling of heavy
loads. The task involved review of licensee information, evaluation of
historical data, performance of accident analyses and criticality
calculations, development of guidelines for operating plants, and review of
licensing criteria. The review indicated that the major causes of load
handling accidents include operator errors, rigging failures, lack of
adequate inspection and inadequate procedures. The results of the review
culminated in the issuance of NUREG-0612, "Control of Heavy Loads at Nuclear
Power Plants" in July 1980. NUREG-0612 described a resolution of Task A-36.
NUREG-0612 presents an overall philosophy that provides a defense-in-depth
approach for controlling the handling of heavy loads. The approach is
directed to preventing load drops. The following summarizes this
defense-in-depth approach:
1. Assure that there is a well designed handling system.
2. Provide sufficient operator training, load handling instructions, and
equipment inspection to assure reliable operation of the handling
system.
3. Define safe load travel paths and procedures and operator training to
assure to the extent practical that heavy loads are not carried over or
near irradiated fuel or safe shutdown equipment.
4. Provide mechanical stops or electrical interlocks to prevent movement
of heavy loads over irradiated fuel or in proximity to equipment
associated with redundant shutdown paths.
.
2
5. Where mechanical stops or electrical interlocks cannot be provided.
provide a single-failure-proof crane or perform load drop analyses to
demonstrate that unacceptable consequences will not result.
By Generic Letters dated December 22, 1980, and February 3, 1981- (Generic
Letter 81-07), all utilities were requested to evaluate their plants against
the guidance of NUREG-0612 and to provide their submittals in two parts;
Phases I (six month response) and Phase Il (nine month response). Phase I
responses were to address Section 5.1.1 of NUREG-0612 which covers the
following areas:
1. Definition of safe load paths
2. Development of load handling procedures
3. Periodic inspection and testing of cranes
4. Qualifications, training and specified conduct of operators
5. Special lifting devices should satisfy the guidelines of ANSI N14.6
6. Lifting devices that are not specially designed should be installed and
used in accordance with the guidelines of ANSI B30.9
7. Design of cranes to ANSI B30.2 or CMAA-70
Phase II responses were to address Sections 5.1.2 thru 5.1.6 of NUREG-0612
which cover the need for electrical interlocks/mechanical stops, or
alternatively, single-failure-proof cranes or load drop analyses in the
spent fuel pool area (PWR), containment building (PWR), reactor building
(BWR), other areas and the specific guidelines for single-failure-proof
"handling systems.
We have completed our review of the utilities' submittals for Phase I for
nearly all operating reactors. Only one plant still remains to be reviewed.
During our review we verified that the seven guidelines listed above were
providing the desired level of safety indicated in NUREG-0612. By way of the
utilities' responses to the criteria of NUREG-0612, Section 5.1.1 and
through discussions with our consultants based on their experiences from the
reviews, we have concluded that the Phase I guidelines have provided an
increased awareness by the utilities of the importance of heavy load
handling.
Our review has indicated that satisfaction of the Phase I guidelines assures
that the potential for a load drop is extremely small. We have noted
.
3
improvements in heavy load handling procedures and training and crane and
handling tool inspection and testing. These changes have been geared to .
limiting the handling of heavy loads over safety-related equipment and spent
fuel to the extent practical, but where this can not be avoided, to
accomplishing it with the operational and other features of the program
implemented in Phase I. We therefore conclude that the guidelines of Phase I
are adequately providing the intended level of protection against load drop
accidents.
To date we have received Phase II submittals from all licensees. We
interpret Phase II of NUREG-0612 as an enhancement to Phase I. Thus, prior
to undertaking a review of the utilities' Phase II response for all of the
operating reactors, and as a test of the adequacy of the Phase I program, we
decided to undertake a pilot program with a limited number of plants. The
findings from the pilot program would then provide a basis for a decision on
whether to proceed with the review of the Phase II submittals for all
operating reactors, to reduce the scope of the review, or to. totally
eliminate the review.
The pilot program involved the review of operating reactors at 12 sites, a
total of 20 reactors (eight BWRs and 12 PWRs). Of the 20 reactors, 5 BWRs
(Browns Ferry 1, 2 and 3 and Peach Bottom 2 and 3) have single-failure-proof
cranes for all heavy load lifts. "Single-failure-proof" is used to mean a
crane which meets the guidelines of NUREG-0554, "Single-Failure-Proof Cranes
for Nuclear Power Plants." Three BWR units (Dresden 2 and 3 and Big Rock
Point) have taken credit for a combination of single-failure-proof cranes in
some plant areas and load drop analyses in others. Five PWR reactors
(Millstone 2, Prairie Island 1 and 2, and Surry 1 and 2) have utilized the
load drop analysis approach. One plant (Kewaunee) has taken credit for a
combination of electrical interlocks in some plant areas and load drop
analyses in others. The remaining six reactors (Davis Besse, Indian Point 2,
Arkansas 1 and 2 and Calvert Cliffs 1 and 2) chose to take credit for a
combination of administrative controls, procedures and Technical
Specification restrictions in conjunction with some type of load drop
analysis. This approach does not meet the criteria of Sections 5.1.2 to
5.1.6 of NUREG-0612. Rather, It is an amplification of the guidelines of the
Phase I effort, reflecting Section 5.1.1 of NUREG-0612.
.
4
It should also be noted that we have completed our review of Phase II for
five operating license applicants. Of these, two (WNP-2 and Fermi-2) have
single-failure-proof cranes. The remaining three (Callaway, Wolf Creek and
Catawba 1 and 2) employ a combination of electrical interlocks, mechanical
stops, limit switches and load drop analyses.
In addition to the detailed reviews of the Phase II reports in the pilot
program and in connection with the five operating license applications, we
have performed a sufficient review of all other Phase II reports to flag any
outstanding plant-specific concerns reported.
From our pilot program and OL Phase II reviews, together with the
abovementioned reviews of the other Phase II reports,we have concluded that
the risks associated with damage to safe shutdown systems are relatively
small because:
1. nearly all load paths avoid this equipment
2. most equipment is protected by an intervening floor
3. of the general independence between crane failure probability and
safety-related systems which has been observed
4. redundancy of components
We did not identify any outstanding plant specific safety concern associated
with heavy loads handling.
Therefore, most of the risk appears to be associated with carrying heavy
loads over or in a location where spent fuel could be damaged. The single
most important example of this concerns loads handled over the open reactor
vessel during refueling (such as the reactor vessel head). However, as
previously mentioned, this is limited to the extent practical and where
necessary, is performed with a specifically implemented program in
conformance with the Phase I guidelines.
From the pilot program and OL reviews, we noted that nine of the twenty
reactors, all PWRs, do not have single-failure-proof cranes. To date, we
have not identified any PWRs with single-failure-proof cranes. Further,
since electrical interlocks and mechanical stops are not possible for PWR
polar
.
5
cranes, these reactors would be required to perform costly detailed load
drop analyses. If satisfactory results could not be demonstrated from these
analyses, NUREG-0612 would call for installation of a single- failure-proof
crane.
Based on the above, since a single failure proof crane becomes the only
solution for satisfying the NUREG-0612 criteria, the cost/benefit should be
examined. Because we are dealing primarily with PWRs, the cost for
modification of a polar crane to meet single failure criteria (NUREG-0554)
guidelines) is approximately $30 million. This includes, as the dominant
cost element, the cost of the extended shutdown which is required in order
to gain access to containment. On the benefit side, given the improvements
obtained from the Phase I implementation and the information obtained in the
course of the pilot program and OL Phase II reviews, we cannot perceive a
significant enough benefit in conversion to single-failure-proof polar
cranes to warrant the high costs. (See Attachment I for a cost-benefit
analysis.) We believe that the cost/ benefit analysis in NUREG-0612 is no
longer valid because of the benefits realized by Phase I implementation.
We believe the above assessment is further borne out by the industry
experience with handling of heavy loads over the years. Precautions have
been and are being taken such that no heavy load drop accidents affecting
any features of the defense-in-depth against severe core damage accidents
have occurred.* This determination is also supported by the recommendation
of our contractor for the pilot program reviews (Franklin Research Center)
and our benefit-cost analysis suggesting that we accept other, less
stringent but less costly means for Phase II compliance as an alternative to
the criteria of NUREG-0612 with respect to conversion to
single-failure-proof cranes.
Conclusion and Recommendation
Based on the above, we believe the Phase I implementation has provided
sufficient protection such that the risk associated with potential heavy
load
*There have, however, been recent occurrences of lesser severity. (See for
example, IE information Notice No..85-12: Recent Fuel Handling Events; LER
84-015, Fort Calhoun 1, Load Over the RCS; and LER 84-006, San Onofre 2,
Polar Crane Malfunction). According, nothing in this e Lion should be
regarded as a basis for any de-emphasis of continued attention to the safe
handling of heavy loads.
.
6
drops is acceptably small. We further conclude that the objective identified
in Section 5.1 of NUREG-0612 for providing "maximum practical defense, in
depth" is satisfied by the Phase I compliance, and that the Phase II
analysis did not indicate the need to require further generic action at this
time. This conclusion has been confirmed by the results obtained from the
Phase II pilot program and additional Phase II reviews, which identified no
residual heavy loads handling concerns of sufficient significance to demand
further generic action. All plants have examined their load handling
practices against the recommendations of Phase II and submitted the Phase II
report. In this way, the utilities were required to identify any unexpected
problems to the staff.
.
ATTACHMENT I
SUMMARY OF COST-BENEFIT ANALYSIS OF
PWR POLAR CRANE CONVERSION TO SINGLE-FAILURE-PROOF FEATURES
SCOPE
The safety benefit of converting the polar crane in the containment of an
operating or completed or nearly completed PWR to single-failure-proof
features and the cost of the conversion were estimated and compared.
The safety benefit was estimated in terms of the resulting reduction in the
risk of a severe accident, involving major radioactive material release,
during the remaining plant life. The risk was expressed as the product of
the accident probability and the population radiation dose from the release,
c should the accident occur.
The cost estimate included the cost of shutdown (or extension of a
non-operating period) needed to accomplish the conversion.
ACCIDENT FREQUENCY ESTIMATES
Crane Failure Frequency
There were 32 crane LER events in the approximately 400 reactor-years of
U.S. power-reactor operation in the 10-year period July 1969 to July 1979
(NUREG-0612, p. 4-6). None resulted in radioactive release. Of the 32
events, 17 (i.e., just over half) were apparently due to hardware design or
fabrication causes, the other 15 to human factors. (Navy crane statistics,
cited in NUREG-0612, for 40 load-drop or potential load-drop events in
1974-77 show 80% of the events to be due to human factors.)
.
- 2 -
It may be assumed, as a rough approximation, that Phase I of NRC's
heavy-loads generic program is addressed to all the human factors causes and
one-half of the hardware causes and succeeds in reducing the affected part
of the failure frequency to a quite small fraction of the frequency
originally present. Since human factors and hardware each contribute about
one-half of the failures, approximately 3/4 of the total crane failures can
be expected to be eliminated by the Phase I program. Single-failure-proof
(SFP) cranes should substantially reduce the remaining 1/4 of the failure
frequency, though those failures would not be eliminated altogether, since
the SFP feature (as defined in NUREG-0554) does not protect against all
types of possible failure (e.g., the bridge is not SFP and the SFP feature
itself is subject to defeat by some types of human error). On the other
hand, the SFP feature would make the cranes more "forgiving" of
imperfections in the Phase I implementation. Accordingly, one may reasonably
assume that the SFP feature would have a net effect of eliminating 1/4 of
the pre-Phase I failure frequency.
Frequency of Accidents Involving Radioactive Release
Not all LER events involve radioactive release. In over 600 reactor-years of
U.S. power-reactor operation to date [1982] there have, to our knowledge,
been no radioactive releases due to load drops. The 10-year period covered
by the survey in NUREG-0612, which included 32 crane LER events, all without
release, represents about 60% of all U.S. power-reactor operating time to
date. An assumption of a pre-fix frequency of some radioactive release once
in 1,000 reactor-years appears consistent with the LER-reflected failure
experience, taken together with the absence of releases to date. With 1/4 of
these releases averted by an SFP crane feature, the pertinent release
frequency reduction would be 1 in 4,000 RY. For the most part, these can be
assumed to be minor releases due to limited fuel damage in the spent-fuel
storage pool or in the reactor.
.
- 3 -
Frequency of Accidents Involving Major Releases
For a load-drop event to cause a major accident, with major radioactive l
release, special circumstances need to be present -- circumstances that
Phase I is intended to make much less likely to occur. A highly damaging
heavy load drop, such as one that could destroy a core cooling feature
through violation of -- or imperfections in -- Phase I provisions combined
with other failures, should be unlikely, and very unlikely to lead to major
release, because of back-up safety provisions (e.g., independent additional
core cooling provisions).
Review of typical load paths and associated crane-operation frequencies
suggests that of all load drops in a typical PWR plant that could have
radiological consequences, some 1/4 could involve equipment with a role in
safe reactor shutdown, including primary-system piping. If one assumes that
there is typically a 1% probability that back-up revisions would also fail,
then the pertinent major-release frequency is 1 in 1,600,000 reactor-years.
Frequency Reduction Single-failure-proof cranes may reasonably be expected
to eliminate most, perhaps 90%, of the residual load-drop probability after
the Phase I improvements. Thus, the frequency reduction for major release is
approximately 1 in 1,800,000 RY (90% of 1/1,600,000).
It should be noted that these estimates are sensitive to plant layout.
Plant-specific evaluations could, depending on case specifics, point to a
much higher or lower major-release frequency estimate for a specific case.
For example, should layout of a specific plant be such that a particularly
unfortunate load drop could-destroy all means of core cooling or
incapacitate the control room (possibilities suggested by the situations at
Montecello and Arkansas Nuclear 1, respectively, before remedial actions
were taken at those plants), the above generic analysis could be wide of the
mark
.
- 4 -
for such a plant. The major-release accident frequency could well be an
order of magnitude higher for such a plant (i.e., of the order of 1 in
100,000 reactor-years) -- or even higher, depending on plant and crane
features, load paths, and operating practices.
CONSEQUENCES ESTIMATE
Potential radiological consequences of load-drop accidents encompass a wide
range of possibilities, depending on specific features of plant design,
operating practices, and the nature and location of the specific load-drop
event. We assume that some -- though very rough -- indication of the
severity of the load-drop accident risks may be gained by using in these
simplified calculations certain selected release categories described in
WASH-1400, Appendix VI, pp. 2-1 to 2-4. Category PWR 4 was selected for the
major-release estimates for pressurized water reactors.
In PWR 4 core cooling and containment both fail. Core melt occurs. This
release category is used to explore consequences of a load drop that
incapacitates core cooling (during or promptly after reactor operation),
with containment open.
The release estimates, stated as resulting public dose, based on
representative generic estimates, for a hypothetical site with a projected
Year 2000 mean U.S. power-reactor-site population density, developed by
Battelle Pacific Northwest Laboratories (NUREG/CR-2800) is 2,700,000
person-rem.
COST ESTIMATE
Costs of change-over to single-failure-proof cranes are subject to wide
plant-specific variation, depending on the number of features of the
specific cranes involved and other aspects of plant design and status.
.
- 5 -
Based on advice from the Auxiliary Systems Branch, DSI, and limited vendor
and utility contacts, we take the following estimates as representative (as
of 1982, when the estimates were made).
For future plants, the cost differential for original inclusion of SFP
features is estimated at about $250,000 for PWRs (based on information from
Ederer Crane Co.).
At the pre-operating-license stage, with no startup delay, the costs
-including planning, engineering, hardware, installation, and testing -- are
estimated at $2 million per plant. This is based on the Monticello
experience (1 M in 1976, adjusted for inflation). (The Monticello
information was obtained from the licensee through the NRC resident
inspector.)
For operating PWRs the estimated costs are dominated by plant shutdown,
during modifications of the polar crane located inside the containment
building. (The shutdown may be an extension of a shutdown for refueling or
other purposes.) The cost effect of a startup delay for a completed or
nearly completed plant would be similar. With a 3-month shutdown and with
shutdown costs taken as determined by the cost of replacement power at
$300,000 per day, representative total change-over costs for operating PWRs
are estimated at about $30 million.
RISK REDUCTION
Based on the foregoing frequency and consequences estimates, the "expected
value" of the risk subject to being affected by the possible Phase II SFP
feature, i.e., the magnitude of release times the frequency of its
.
- 6 -
occurrence, integrated for the remaining plant life taken as 20 years, is as
follows:
Major release risk = 20 x 2,700,000 = 30 person-rem/reactor
2,800,000
COST-BENEFIT RATIO
The cost-benefit ratio indicated by the foregoing estimates is approximately
$1,000,000/person-rem. This estimate is subject to wide plant-to-plant
variation as well as large uncertainties in the underlying estimates of
accident frequency and consequences. Nevertheless, it is possible to
conclude with reasonable confidence that the benefit-cost ratio for the
crane conversion would fail to meet a $1,000/person-rem worthwhileness
criterion by a large margin.
Page Last Reviewed/Updated Tuesday, March 09, 2021