Information Notice No. 91-11: Inadequate Physical Separation and Electrical Isolation of Non-Safety-Related Circuits From Reactor Protection System Circuits
NUCLEAR REGULATORY COMMISSION
OFFICE OF NUCLEAR REACTOR REGULATION
WASHINGTON, D.C. 20555
February 20, 1991
Information Notice No. 91-11: INADEQUATE PHYSICAL SEPARATION AND
ELECTRICAL ISOLATION OF NON-SAFETY-
RELATED CIRCUITS FROM REACTOR
PROTECTION SYSTEM CIRCUITS
All holders of operating licenses or construction permits for
Westinghouse (W)-designed nuclear power reactors.
This information notice is intended to alert addressees of a potential
failure mechanism that could adversely affect the ability of the reactor
protection system and the engineered safety features actuation system to
perform their safety functions. It is expected that recipients will
review the information for applicability to their facilities and consider
actions, as appropriate, to avoid similar problems. However, suggestions
contained in this information notice do not constitute NRC requirements;
therefore, no specific action or written response is required.
Description of Circumstances:
On May 31, 1990, the licensee for the Trojan Nuclear Plant (Portland
General Electric Company) informed the U.S. Nuclear Regulatory
Commission's Operations Center of potential problems involving the
circuits used to initiate reactor trip upon detection of undervoltage or
underfrequency (UV/UF) conditions associated with the buses supplying
power to the reactor coolant pump motors. The problems were discovered
during a walkdown inspection of the solid state protection system (SSPS)
as part of the design basis documentation program for the Trojan plant.
The SSPS is a safety-related system used to automatically trip the
reactor and to automatically initiate engineered safety features equip-
ment. During the SSPS walkdown inspection, the licensee discovered that
the circuits used to sense UV/UF conditions were installed as
non-safety-related components and were not properly physically separated
or electrically isolated from the safety-related SSPS circuits.
There are four reactor coolant pumps in the Trojan design, with two pumps
powered from each of two 12 kv buses. Each of the buses is monitored by
two channels of UV detection circuitry and two channels of UF detection
circuitry. The four channels of UV/UF circuits are arranged in a
1-out-of-2 taken twice logic for reactor trip. Each channel of UV/UF
detection circuitry actuates an associated SSPS input relay upon
detecting a degraded UV/UF condition.
February 20, 1991
Page 2 of 3
The input relays in turn provide inputs to the logic. Power to the SSPS
input relays is provided by four 120 vac safety-related power supplies
(buses Y11, Y22, Y13 and Y24). The field contacts that actuate the SSPS
input relays are non-safety-related, are located inside the 12 kv
switchgear cabinets that house the 12 kv buses, are normally closed and
carrying current supplied from the 120 vac safety buses, and are directly
wired into the SSPS cabinets. The 12 kv switchgear cabinets are not
safety-related and are not designed to withstand seismic events.
Several concerns have been identified with this configuration at Trojan.
First, the design uses non-safety-related components to perform safety-
related reactor trip functions. Credit is taken for the reactor coolant
pump bus UV/UF trip function in the Trojan Final Safety Analysis Report
(FSAR) safety analysis to protect the core if forced coolant flow is
Second, inadequate physical separation and electrical isolation of
non-safety-related circuits from safety-related SSPS circuits introduces
the potential for challenges that can degrade the SSPS. At Trojan, the
coordination (i.e., location and size) of overcurrent protection devices
within the SSPS was such that the effects of an electrical fault that
originates in the non-safety-related circuits inside the 12 kv switchgear
cabinets may not have been limited to the UV/UF circuits. Because of
inadequate isolation, such a fault could affect the SSPS slave relays.
The SSPS slave relays, which are used to automatically actuate engineered
safety features equipment, require power to accomplish their safety
functions. The slave relays share a common supply fuse (from Y11 for
SSPS train A, and from Y24 for SSPS train B) with the associated reactor
coolant pump bus UV/UF SSPS input relays. Therefore, a fault in one of
the 12 kv switchgear cabinets that causes the fuse to open to clear the
fault in the UV/UF circuits could also result in the loss of power to
that train of slave relays. Because the two non-safety-related 12 kv
switchgear cabinets are adjacent to each other, there are postulated
faults (such as could be caused by a seismic event or equipment failure)
which could result in common mode failure of both switchgear cabinets.
During an accident, such a common mode failure could simultaneously cause
a loss of power to all four reactor coolant pumps, disable the UV/UF
reactor trip function and, because of the loss of power to both trains of
SSPS slave relays, could result in the common mode failure of the
automatic initiation capability for redundant trains of ESF equipment.
However, the affected equipment could be manually initiated because this
capability is independent of the SSPS.
After discovering this problem, the licensee isolated the SSPS circuits
from non-safety-related circuits. This was accomplished by adding
additional overcurrent protection and by improving coordination between
protective devices in the SSPS circuits used to initiate reactor trip on
reactor coolant pump UV/UF. The licensee is planning to upgrade the
UV/UF circuits to safety-related status.
February 20, 1991
Page 3 of 3
Apparently, the UV/UF circuitry was not properly designed because the
reactor vendor and the architect-engineering firm did not communicate
adequately with one another during the original design of the plant. The
staff held discussions with the reactor vendor and the licensee and
believes that other plants may have similar deficiencies in the UV/UF
reactor trip circuitry.
This information notice requires no specific action or written response.
If you have any questions about the information in this notice, please
contact one of the technical contacts listed below or the appropriate NRR
Charles E. Rossi, Director
Division of Operational Events Assessment
Office of Nuclear Reactor Regulation
Technical Contact: Hulbert Li, NRR
Walton Jensen, NRR
Attachment: List of Recently Issued NRC Information Notices
Page Last Reviewed/Updated Friday, May 22, 2015