Resolution of Generic Safety Issues: Issue 186: Potential Risk and Consequences of Heavy Load Drops in Nuclear Power Plants ( NUREG-0933, Main Report with Supplements 1–34 )

DESCRIPTION

Historical Background

This issue was identified¹⁸⁴⁵ by NRR in April 1999 when the concern was raised that licensees operating within the regulatory guidelines of GL 85-11¹⁸⁴⁴ may not have taken adequate measures to assess and mitigate the consequences of dropped heavy loads. Prior to the issuance of GL 85-11,¹⁸⁴⁴ GLs 80-113,¹⁸⁴² 81-07,¹⁸⁴³ and 83-42¹⁸⁴⁷ were issued with requirements for operating licensees following the resolution of Issue A-36. In April 1996, NRC Bulletin 96-02¹⁸⁴⁸ was issued to alert licensees of potential high consequences that could result from a cask drop and to remind them of complying with existing regulatory guidelines on the control and handling of heavy loads.

Safety Significance

In nuclear plant operation, maintenance, and refueling activities, heavy loads may be handled in several plant areas. If these loads were to drop because of human error or crane failure, they could impact on stored spent fuel, fuel in the core, or on equipment that may be required to achieve safe shutdown or permit continued decay heat removal. In some instances, load drops at specific times, locations, and weights could potentially lead to offsite doses that exceed 10 CFR Part 100 limits.

Moreover, in 2003, many spent fuel pools were approaching their capacity. If a licensee elected to use long-term dry storage casks to store excess spent fuel, the large, heavy casks would have to be hoisted and transported to and from the spent fuel pool while the plant is at full power operation.

In general, very heavy load drops in BWR plants are more risk significant than very heavy load drops in PWRs because of plant systems layout. For PWRs, spent fuel cask transfers occur near ground level in an area separate from the reactor building and many safety-related systems. However, for BWRs, many very heavy loads are commonly lifted and moved on the upper floor of the reactor building or the auxiliary building. Should a floor breach occur during a load drop, there are many safety-related components located on lower floors which could be disabled. A load drop in certain areas could simultaneously initiate an accident and disable accident mitigation equipment. These types of events have the potential to defeat defense-in-depth.

ANALYSIS

Frequency Estimate

A comprehensive analysis of U.S. nuclear industry crane operating experience from 1968 through 2002 was conducted by the NRC and documented in NUREG-1774.¹⁸⁴⁶ Some of the NRC's findings were: (1) the human error rate for crane operating events increased significantly; (2) load drop events between the period 1993-2002 increased over the period 1981-1992; (3) the number of below-the-hook crane events (mainly rigging deficiencies or failures) increased greatly; (4) calculational methodologies, assumptions, and predicted consequences varied greatly from licensee to licensee for very similar accident scenarios; (5) the number of mobile crane events declined slightly; and (6) there were few load slips or drops involving very heavy loads.

Based on actual crane operating experience data from commercial U.S. nuclear power plants, it was estimated that the average rate of drops for very heavy loads was 5.6 x 10^-5/demand. This estimate could be higher or lower at a specific plant because of varying human error rates which appeared to dominate load drop events. Based on data estimates collected from the U.S. Navy, the frequency of a handling system failure for nuclear plant cranes was estimated in NUREG-0612⁷⁴⁷ to be between 10^-5 and 1.5 x 10^-4 per lift. However, the Navy crane data did not indicate how many lifts were actually performed, i.e., only the number of problems was quantified.

Consequence Estimate

Of the 74 plants that responded to Bulletin 96-02,¹⁸⁴⁸ only eight indicated that a consequence analysis for heavy load drops had been done at their plants. While the number of operating power plants during the 1993-2002 period only increased 9% over the previous period from 1981 to 1992, the number of crane-related injuries during the 1993-2002 period increased 100% over those in the 1981-1992 period. Between 1969 and 2002, there were 10 reported crane events that led to deaths in the nuclear industry and these deaths occurred primarily during the construction phase of the plants.

Other Considerations

The following observations were documented in NUREG-1774:¹⁸⁴⁶

• Although single-failure-proof cranes share many common design features (e.g., dual reeving, redundant limit switches, and redundant brakes), the remaining criteria for declaring a crane as single-failure-proof (e.g., for new cranes or upgraded cranes) were applied inconsistently. Crane manufacturers were of the opinion that NUREG-0554¹⁸⁴⁹ was ambiguous in some areas and that clarifications or changes to both NUREG-0612⁷⁴⁷ and NUREG-0554¹⁸⁴⁹ were needed. The industry suggested that a preferred approach would be to consider adopting ASME NOG-1 (Rules for Construction of Overhead and Gantry Cranes) Type I, with minor changes, as an acceptable approach to meeting NUREG-0554¹⁸⁴⁹ and for upgrading cranes to single-failure-proof status. NOG-1 contains much more specific design criteria for single-failure-proof cranes than does NUREG-0554.¹⁸⁴⁹ In addition, while some licensees listed their cranes as single-failure-proof or indicated that they met the NUREG-0612⁷⁴⁷ upgrade requirements, all the single-failure-proof design criteria listed in NUREG-0554¹⁸⁴⁹ may not have been fully met. Among events occurring during the period 1968 through 2002 involving cranes suitable for an upgrade to a single-failure-proof design, most load drop events were the result of poor program implementation or human performance errors that led to hoist wire rope or below-the-hook failures. All three very heavy load drops were the result of rigging failures, not crane failures. Consequently, there were no very heavy load drop events that could have been prevented had only a single-failure-proof crane been employed in the lift. However, there were load or hook and block assembly drops that could have been prevented with the use of single-failure-proof cranes and lifting devices.

• Between 1976 and 2003, there were 29 NRC generic communications that involved load movements at U.S. nuclear power plants, nine of which addressed: (1) heavy loads moved on the refueling floor; (2) load drop analysis for heavy loads; (3) the identification of heavy loads that are lifted over safe shutdown equipment; and (4) the consequence of a load drop on selected equipment. Among these communications were generic letters and a bulletin which requested licensees to provide information on their crane programs for NRC evaluation. The accuracy and consistency of information received in response to some of these communications were questionable. Many of the licensees that responded to the latest request (Bulletin 96-02¹⁸⁴⁸) provided incomplete information. Also, in many instances, information previously provided to the NRC was not verified to be accurate.

CONCLUSION

The screening and technical assessment of the issue were documented in NUREG-1774.¹⁸⁴⁶ At the completion of the technical assessment, four recommendations were made for followup guidance development by the NRC staff:

• Evaluate the capability of various rigging components and materials to withstand rigging errors and issue necessary guidelines for rigging applications.
• Endorse ASME NOG-1 for Type I cranes as an acceptable method of qualifying new or upgraded cranes as single-failure-proof and issue guidance endorsing the standard, as appropriate.
• Reemphasize the need to follow Phase I guidelines involving good practices for crane operations and load movements and continue to assess licensee implementation of heavy load controls in safety-significant applications.
• Request the appropriate industry Code Committees to evaluate the need to standardize load drop calculational methodologies for nuclear power plants.