1.

Introduction and General Description of Plant AP1000 Design Control Document

1.9 Compliance with Regulatory Criteria

1.9.1 Regulatory Guides

Regulatory guides are issued by the NRC in the following 10 broad divisions:

• Division 1 - Power Reactors

• Division 2 - Research and Test Reactors
• Division 3 - Fuels and Materials Facilities
• Division 4 - Environmental and Siting
• Division 5 - Materials and Plant Protection
• Division 6 - Products
• Division 7 - Transportation
• Division 8 - Occupational Health
• Division 9 - Antitrust and Financial Review
• Division 10 - General

Divisions 2, 3, 6, 7, 9, and 10 of the regulatory guides do not apply to the design and design
certification phase of AP1000. The following sections provide a summary discussion of NRC
Divisions 1, 4, 5, and 8 of the regulatory guides applicable to the design and design certification
phase of AP1000.

Appendix 1A provides a discussion of AP1000 regulatory guide conformance.

[Link] Division 1 Regulatory Guides - Power Reactors

Currently there are approximately 190 Division 1 regulatory guides that have been issued by the
NRC for implementation or for comment.

Appendix 1A provides an evaluation of the degree of AP1000 compliance with NRC Division 1
regulatory guides. The revisions of the regulatory guides against which AP1000 is evaluated are
indicated. Any exceptions or alternatives to the provisions of the regulatory guides are identified
and justification is provided. For those regulatory guides applicable to the AP1000 Table 1.9-1
identifies the appropriate DCD cross-references. The cross-referenced sections contain descriptive
information applicable to the regulatory guide positions found in Appendix 1A.

The superseded or canceled regulatory guides are not considered in Appendix 1A or Table 1.9-1.

[Link] Division 4 Regulatory Guides - Environmental and Siting

One Division 4 regulatory guide, Regulatory Guide 4.7, merits discussion.

Regulatory Guide 4.7, "General Site Suitability Criteria for Nuclear Power Stations," provides
guidelines for identifying suitable candidate sites for nuclear power stations. The guidance of this
regulatory guide is considered as appropriate in the establishment of the AP1000 site interface
criteria, and is described in Sections 2.1 and 2.5.

Tier 2 Material 1.9-1 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

[Link] Division 5 Regulatory Guides - Materials and Plant Protection

Three Division 5 regulatory guides, Regulatory Guides 5.9, 5.12, and 5.65, merit discussion.

Regulatory Guide 5.9, "Guidelines for Germanium Spectroscopy Systems for Measurement of
Special Nuclear Material," provides guidelines for data acquisition systems associated with the use
of a lithium-drifted germanium gamma ray spectroscopy system. This regulatory guide is not
applicable to AP1000 design certification.

Regulatory Guide 5.12, "General Use of Locks in the Protection and Control of Facilities and
Special Nuclear Materials," provides guidelines for the selection and use of commercially
available locks in the protection of facilities and special nuclear material. The guidance of this
regulatory guide is considered as appropriate in the AP1000 design.

Regulatory Guide 5.65, "Vital Area Access Controls, Protection of Physical Security Equipment,
and Key and Lock Controls," is not applicable to design certification.

[Link] Division 8 Regulatory Guides - Occupational Health

Two Division 8 regulatory guides, Regulatory Guides 8.8 and 8.19 merit discussion.

Regulatory Guide 8.8, "Information Relevant to Ensuring that Occupational Radiation Exposure at
Nuclear Power Stations will be As Low As is Reasonably Achievable (ALARA)," provides NRC
guidance for meeting the requirements of 10 CFR Part 20. This regulatory guide includes
guidance in the following areas for maintaining radiation exposures ALARA:

• Overall program (e.g., policy, organization, and training)

• Facility and equipment design features
• Radiation protection program
• Radiation protection facilities, instrumentation, and equipment

Regulatory Guide 8.8 is written primarily for utility applicants and licensees. However,
Westinghouse has established policy, design, and operational considerations that will be applied in
the AP1000 design in accordance with this regulatory guide. These considerations are discussed in
Section 12.1.

Regulatory Guide 8.19, "Occupational Radiation Dose Assessment in Light-Water Reactor Power
Plants" describes a method acceptable to the NRC staff for performing an assessment of collective
occupational radiation dose as part of the ongoing design review process involved in designing a
light-water-cooled power reactor so that occupational radiation exposures will be ALARA. This
regulatory guide includes guidance for estimating occupational radiation exposures (principally
during the design stage) as a result of:

• Reactor operations and surveillance

• Routine maintenance
• Waste processing
• Refueling

Tier 2 Material 1.9-2 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

• Inservice inspection
• Special maintenance

Occupational radiation exposure estimates that are in accordance with Regulatory Guide 8.19 are
described in Section 12.4.

[Link] Combined License Information

The Combined License applicant will address conformance with regulatory guides that are not
applicable to the certified design or not addressed by the activities required by COL Information
Items. The Regulatory Guides included in this Information Item are as follows:

• Regulatory Guide 1.86, Revision 0, 6/74 – Termination of Operating Licenses for Nuclear
Reactors

• Regulatory Guide 1.111, Revision 1, 7/77 – Methods for Estimating Atmosphere Transport
and Dispersion of Gaseous Effluents in Routine Releases from Light-Water-Cooled Reactors

• Regulatory Guide 1.113, Revision 1, 4/77 – Estimating Aquatic Dispersion of Effluents from
Accidental and Routine Reactor Releases for the Purpose of Implementing Appendix I

• Regulatory Guide 1.159, Revision 0, 8/90 – Assuring the Availability of Funds for
Decommissioning Nuclear Reactors

• Regulatory Guide 1.162, Revision 0, 2/96 – Format and Content of Report for Thermal
Annealing of Reactor Pressure Vessels

• Regulatory Guide 1.174, Revision 0, 7/98 – An Approach for using Probabilistic Risk
Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis

• Regulatory Guide 1.179, Revision. 0, 9/99 – Standard Format and Content of License
Termination Plans for Nuclear Power Reactors

• Regulatory Guide 1.181, Revision 0, 9/99 – Content of the Updated Final Safety Analysis
Report in Accordance with 10 CFR 50.71(e)

• Regulatory Guide 1.184, Revision 0, 8/00 – Decommissioning of Nuclear Power Reactors

• Regulatory Guide 1.185, Revision 0, 8/00 – Standard Format and Content for Post-shutdown
Decommissioning Activities Report

• Regulatory Guide 1.186, Revision 0, 12/00 – Guidance and Examples of Identifying

10 CFR 50.2 Design Bases

• Regulatory Guide 1.187, Revision 0, 11/00 – Guidance for Implementation of 10 CFR 50.59,
Changes, Tests, and Experiments

• Regulatory Guide 5.9 Revision 2, 12/83 – Specifications for Ge (Li) Spectroscopy Systems
for Material Protection Measurements Part 1: Data Acquisition Systems

Tier 2 Material 1.9-3 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

1.9.2 Compliance with Standard Review Plan (NUREG-0800)

WCAP-15799, "AP1000 Compliance with SRP Acceptance Criteria," provides the results of a
review of the AP1000 compliance with the acceptance criteria for each section of the Standard
Review Plan, NUREG-0800.

1.9.3 Three Mile Island Issues

This section identifies the Three Mile Island issues of 10 CFR 50.34(f) that are addressed by
AP1000 design features or program plans. The additional issues of NUREG-0660 and
NUREG-0737 that apply to the AP1000 are resolved in accordance with the guidance of
NUREG-0933, with specific details provided in the applicable sections of the DCD.

Some of the 10 CFR 50.34(f) issues initially identified as applicable only to Boiling Water
Reactors (BWRs) or Babcock and Wilcox plants have also been addressed for the AP1000 design.
For example, the AP1000 design incorporates an automatic depressurization system with some
similarity to that utilized for BWRs.

10 CFR 50.34(f):

(1)(i) Plant/Site Specific TMI-Related Risk Assessment (NUREG-0660 Item II.B.8)

"Perform a plant/site specific probabilistic risk assessment, the aim of which is to seek such
improvements in the reliability of core and containment heat removal systems as are significant
and practical and do not impact excessively on the plant."

AP1000 Response:

A plant-specific Probabilistic Risk Assessment (PRA) performed on the AP1000 design evaluates
the plant in terms of core damage frequency and containment integrity. The PRA supports the
design effort and establishes the capability of the design to meet established safety goals. Level 1
(Plant), 2 (Containment), and 3 (Site) PRA evaluations, including internal and external events:

• Demonstrate that the plant design meets the NRC safety goals
• Identify design vulnerabilities, evaluate alternate design features and operational strategies,
and modify the design to reduce risk

The PRA process has been integrated into the design process to verify that the design effort meets
the targeted goals and resolves the identified vulnerabilities. As a result, specific design changes
were incorporated into the plant systems to improve the reliability of the core and containment
heat removal systems.

Close interaction between the plant designers and PRA analysts is maintained to consider severe
accident vulnerabilities as part of the design process. The AP1000 PRA is provided to the NRC as
a separate document.

Tier 2 Material 1.9-4 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

(1)(ii) Auxiliary Feedwater System Evaluation (NUREG-0737 Item II.E.1)

"Perform an evaluation of the proposed auxiliary feedwater system, to include (applicable to

pressurized water reactors only): (A) a simplified Auxiliary Feedwater System reliability analysis
using event-tree and fault-tree logic techniques, (B) a design review of Auxiliary Feedwater
System, and (C) an evaluation of Auxiliary Feedwater System flow design bases and criteria."

AP1000 Response:

The AP1000 design does not utilize an auxiliary feedwater system. A nonsafety-related startup
feedwater system is provided to remove the core decay heat after the reactor trip during postulated
non-LOCA event. Decay heat removal maintains core subcooling and prevents water relief from
the pressurizer safety valves by preventing heatup of the reactor coolant system. The startup
feedwater pumps automatically start following anticipated transients resulting in low steam
generator level. However, operation of the nonsafety-related startup feedwater system is not
credited to mitigate licensing design basis accidents described in Chapter 15.

The safety-related passive core cooling system provides emergency core decay heat removal
during transients, accidents, or whenever the normal nonsafety-related heat removal paths are
unavailable.

The safety-related passive core cooling system design basis and criteria are described in
Section 6.3.

(1)(iii) Reactor Coolant Pump Seals (NUREG-0737 Items II.K.2.16 and II.K.3.25)

"Perform an evaluation of the potential for and impact of reactor coolant pump seal damage
following small-break loss of coolant accident with loss of offsite power. If damage cannot be
precluded, provide an analysis of the limiting small-break loss of coolant accident with subsequent
reactor coolant pump seal damage."

AP1000 Response:

The AP1000 design uses sealless motor pumps for circulating primary reactor coolant through the
reactor core, piping, and steam generators. In the sealless design, all rotating components are
inside a pressure vessel; therefore, no seal can fail and initiate reactor coolant system leakage.

(1)(iv) Automatic Power-Operated Relief Valve Isolation System (NUREG-0737 Item II.K.3.2)

"Perform an analysis of the probability of a small-break loss of coolant accident caused by a

stuck-open power-operated relief valve. If this probability is a significant contributor to the
probability of small-break loss of coolant accidents from all causes, provide a description and
evaluation of the effect on small-break loss of coolant accident probability of an automatic
power-operated relief valve isolation system that would operate when the reactor coolant system
pressure falls after the power-operated relief valve has opened."

Tier 2 Material 1.9-5 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response:

The AP1000 design does not include power-operated relief valves. The pressurizer volume is
about 40 percent larger than the pressurizer volume in current plants with a comparable power
rating. The larger pressurizer increases transient operation margins and prevents safety valve
actuation in most accident situations. The pressurizer surge line is also larger to permit a more
rapid transfer of coolant between the reactor coolant system and the pressurizer, and also to
accommodate the automatic depressurization system first- to third-stage flow rates. The surge line
limits the pressure drop during maximum anticipated surge (Condition II loss of load transient) to
prevent exceeding the maximum reactor coolant system pressure limit.

Overpressure protection is provided by two totally enclosed pop-type safety valves. These valves
are spring-loaded and self-actuated and they are designed to meet the requirements of the ASME
Code, Section III. If the pressurizer pressure exceeds the set pressure, the safety valves start
lifting. A temperature indicator in the discharge piping for each safety valve alarms on high
temperature to alert the operator to the presence of high temperature fluid from leakage or when
the valves open.

The AP1000 design also includes an automatic depressurization system. The system consists of
four stages of valves. Three stages are connected to the pressurizer. The fourth stage is connected
to the hot legs. These valves are not actuated on a high pressure signal. Design features are
included to reduce the chance of spurious automatic depressurization system actuation including
appropriate interlocks, 2-out-of-4 instrument actuation, fail as is valves, redundant, closed first,
second, and third stage valves in each line, and redundant series controllers for forth stage valves.
Probabilistic risk assessment is used to determine the probability of a loss of coolant accident
caused by failure of the automatic depressurization system. Results of this evaluation are factored
into the design process. See Chapter 5 and Section 6.3 for additional information.

(1)(v) Separation of HPCI and RCIC System Initiation Levels (NUREG-0737 Item II.K.3.13)

"Perform an evaluation of the safety effectiveness of providing for separation of high pressure
coolant injection (HPCI) and reactor core isolation cooling (RCIC) system initiation levels so that
the RCIC system initiates at a higher water level than the HPCI system, and of providing that both
systems restart on low water level. (For plants with high pressure core spray systems in lieu of
high pressure coolant injection systems, substitute the words 'high pressure core spray' for 'high
pressure coolant injection' and 'HPCS' for 'HPCI')."

AP1000 Response:

This issue is applicable to BWRs only and is not applicable to AP1000.

Tier 2 Material 1.9-6 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

(1)(vi) Relief Valve Challenges (NUREG-0737 Item II.K.3.16)

"Perform a study to identify practicable system modifications that would reduce challenges and
failures of relief valves, without compromising the performance of the valves or other systems."

AP1000 Response:

This issue is applicable to BWRs only and is not applicable to AP1000.

(1)(vii) Automatic Depressurization System Activation (NUREG-0737 Item II.K.3.18)

"Perform a feasibility and risk assessment study to determine the optimum automatic
depressurization system design modifications that would eliminate the need for manual activation
to ensure adequate core cooling."

AP1000 Response:

Although this issue is identified as applicable to BWRs only, the AP1000 design uses an
automatic depressurization system with some similarity to that used on BWRs.

The automatic depressurization system actuates on Low-1 core makeup tank level, coincident with
a core makeup tank actuation signal. Therefore manual actuation of the automatic depressurization
system is not required to maintain core cooling. As discussed in Section (1)(i), PRA analysis
confirms the reliability of the automatic actuation. Additional information is provided in
Section 6.3.

(1)(viii) Core Spray and Low Pressure Coolant Injection Systems (NUREG-0737 Item II.K.3.21)

"Perform a study of the effect on all core-cooling modes under accident conditions of designing
the core spray and low pressure coolant injection systems to ensure that the systems will
automatically restart on loss of water level, after having been manually stopped, if an initiation
signal is still present."

AP1000 Response:

This issue is applicable to BWRs only and is not applicable to AP1000.

(1)(ix) RCIC and HPCI Additional Space Cooling (NUREG-0737 Item II.K.3.24)

"Perform a study to determine the need for additional space cooling to ensure reliable long-term
operation of the reactor core isolation cooling (RCIC) and high-pressure coolant injection (HPCI)
systems, following a complete loss of offsite power to the plant for at least two (2) hours. (For
plants with high pressure core spray systems in lieu of high pressure coolant injection systems,
substitute the words 'high pressure core spray' for 'high pressure coolant injection' and 'HPCS' for
'HPCI')."

Tier 2 Material 1.9-7 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response:

This issue is applicable to BWRs only and is not applicable to AP1000.

(1)(x) Automatic Depressurization System Functionality During Accidents (NUREG-0737

Item II.K.3.28)

"Perform a study to ensure that the Automatic Depressurization System, valves, accumulators, and
associated equipment and instrumentation will be capable of performing their intended functions
during and following an accident situation, taking no credit for non-safety related equipment or
instrumentation, and accounting for normal expected air (or nitrogen) leakage through valves."

AP1000 Response:

Although this issue is identified as applicable to BWRs only, the AP1000 uses a safety-related
automatic depressurization system that is different from that presently used on BWRs. The
AP1000 automatic depressurization system uses safety-related dc motor-operated valves and squib
valves to initiate depressurization. The motive power for these valves is safety-related dc power.
There is no nonsafety-related equipment or instrumentation, including instrument air or nitrogen
supply, relied on in the operation of these valves.

These valves are designed and qualified to function in the conditions of an accident. They will
also be subject of pre-operational and in-service testing. They will be included in the reliability
assurance program. Additional information is provided in Section 6.3 for the passive core cooling
system, subsection 3.9.3 for valve operability requirements, Chapter 14 for the initial test program,
subsection 3.9.6 for in-service testing, and Section 16.2 for the reliability assurance program.

(1)(xi) Depressurization Methods/Rapid Cooldown (NUREG-0737 Item II.K.3.45)

"Provide an evaluation of depressurization methods, other than by full actuation of the automatic
depressurization system, that would reduce the possibility of exceeding vessel integrity limits
during rapid cooldown."

AP1000 Response:

This issue is applicable to BWRs only.

(1)(xii) Hydrogen Control System Evaluation (NUREG-0660 Item II.B.8)

"Perform an evaluation of alternative hydrogen control systems that would satisfy the
requirements of paragraph (f)(2)(ix) of this section (50.34). As a minimum include consideration
of a hydrogen ignition and post-accident inerting system. The evaluation shall include: (A) a
comparison of costs and benefits of the alternative systems considered, (B) for the selected system,
analyses and test data to verify compliance with the requirements of (f)(2)(ix) of this section
(50.34), and (C) for the selected system, preliminary design descriptions of equipment, function,
and layout."

Tier 2 Material 1.9-8 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response:

Continuous indication of hydrogen concentration in the containment atmosphere is provided. The

containment hydrogen control system maintains hydrogen concentrations below 10 percent
following the reaction of 100 percent of the active zircaloy cladding.

Hydrogen igniters control rapid releases of hydrogen during and after postulated degraded core
and core melt accidents to maintain concentration below 10 percent.

Sufficient vent area is provided for each subcompartment in the containment to prevent high local
concentrations of hydrogen.

See subsection 6.2.4 for additional information.

(2)(i) Simulator Capability (NUREG-0933 Item I.A.4.2)

"Provide simulator capability that correctly models the control room and includes the capability to
simulate small-break loss of coolant accidents."

AP1000 Response:

Simulator capability is not included within the scope of the AP1000 design certification.
Functional requirements for simulator capability are derived from Human Factors Engineering
Program described in Chapter 18.

(2)(ii) Plant Procedures (NUREG-0933 Item I.C.9)

"Establish a program to begin during construction and follow into operation, for integrating and
expanding current efforts to improve plant procedures. The scope of the program shall include
emergency procedures, reliability analyses, human factors engineering, crisis management,
operator training, and coordination with INPO and other industry efforts."

AP1000 Response:

See Chapter 13 of the DCD for a discussion of plant procedures, training of operations personnel
and emergency planning.

(2)(iii) Control Room Design (NUREG-0737 Item I.D.1)

"Provide, for Commission review, a control room design that reflects state-of-the-art human factor
principles prior to committing to fabrication or revision of fabricated control room panels and
layouts."

AP1000 Response:

The human factors engineering design process of the AP1000 has been developed to conform with
NUREG-0711, "Human Factors Engineering Program Review Model." The elements of the
design process provide a structured top-down system analysis using accepted human factors

Tier 2 Material 1.9-9 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

engineering principles. The design of the main control room and the other operation and control
centers reflect state-of-the-art human factors principles. See Appendix 1A for information on
conformance with applicable regulatory guides. See Chapter 18 for additional information on the
AP1000 human factors engineering design process.

(2)(iv) Safety Parameter Display System (NUREG-0737 Item I.D.2)

"Provide a plant safety parameter display console that will display to operators a minimum set of
parameters defining the safety status of the plant, capable of displaying a full range of important
plant parameters and data trends on demand, and capable of indicating when process limits are
being approached or exceeded."

AP1000 Response:

The purpose of the plant safety parameter display console (or safety parameter display system) is
to display important plant variables in the main control room in order to assist in rapidly and
reliably determining the safety status of the plant.

The requirements for the safety parameter display system are specified during the main control
room design process, and are met by the main control room design, specifically as part of the
alarms, displays, and controls. The requirements for a safety parameter display system
(NUREG-0696, Reference 1) are met by grouping the alarms by plant process or purpose, as
directly related to the critical safety functions.

The process data presented on the graphic displays is similarly grouped, facilitating an easy
transition for the operators. The safety parameter display system requirement for presentation of
plant data in an analog fashion prior to reactor trip is met by the design of the graphic CRT
displays.

Displays are available at the operator workstations, the remote shutdown workstation, and at the
technical support center. See Chapter 18 for additional information pertaining to the safety
parameter display system design.

(2)(v) Safety System Status Indication (NUREG-0933 Item I.D.3)

"Provide for automatic indication of the bypassed and [in]operable status of safety systems."

AP1000 Response:

The AP1000 main control room meets the NRC Regulatory Guide 1.47 recommendations,
including automatic indication of bypassed and inoperable status of plant safety systems, as
described in Appendix 1A.

Plant safety parameters, protection system status, and plant component status signals are processed
by the protection and safety monitoring system and made available to the entire instrumentation
and control system via the redundant monitor bus.

Tier 2 Material 1.9-10 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Class 1E signals are provided to the qualified data processor, which is part of the protection and
safety monitoring system, for accident monitoring displays. The display of this data is
incorporated in the process data displays on the graphic CRTs in the AP1000 main control room.

See Chapters 7 and 18 for additional information pertaining to bypass inoperable status indication.
Appendix 1A describes conformance with Regulatory Guide 1.47.

(2)(vi) Reactor Coolant System High Point Vents (NUREG-0737 Item II.B.1)

"Provide the capability of high point venting of noncondensible gases from the reactor coolant
system, and other systems that may be required to maintain adequate core cooling. Systems to
achieve this capability shall be capable of being operated from the control room and their
operation shall not lead to an unacceptable increase in the probability of loss-of-coolant accident
or an unacceptable challenge to containment integrity."

AP1000 Response:

In the AP1000 design, the capability for remotely operated high point venting of the reactor
coolant system is provided by the safety-related automatic depressurization system valves and the
safety-related reactor vessel head vent system. Both of these vent paths discharge to the in-
containment refueling water storage tank.

During loss of cooling accident events, the automatic depressurization system automatically
depressurizes the reactor coolant system so that the passive core cooling system may effectively
deliver core cooling flow. Depressurization via the automatic depressurization system results in
creation of a gas-steam volume in the upper region of the vessel. This vapor volume expands
down to the inside of the hot leg before it begins venting through the hot leg either via the
automatic depressurization system paths connected to the pressurizer or directly from the hot legs
via the fourth stage automatic depressurization system paths. This process provides an open
injection and steam venting flow path through the reactor vessel, maintaining required core
cooling flow.

The reactor vessel head vent system can also be operated from the main control room to directly
vent from the top of the reactor vessel head. Subsection 5.4.12 provides additional information
pertaining to the reactor coolant system venting capabilities.

(2)(vii) Plant Radiation Shielding (NUREG-0737 Item II.B.2)

"Perform radiation and shielding design reviews of spaces around systems that may, as a result of
an accident, contain TID-14844 source term radioactive materials, and design as necessary to
permit adequate access to important areas and to protect safety equipment from the radiation
environment."

AP1000 Response:

Post-accident radiation sources, used in the shield design and assessment of post-accident access
to vital areas, are addressed in subsection [Link]. The post-LOCA instantaneous and integrated
source strengths as a function of time are also included as Tables 12.2-20 and 12.2-21,

Tier 2 Material 1.9-11 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

respectively. The sources are based on the core activity release model from Regulatory
Guide 1.183, which supersedes the TID-14844 source term assumptions as reflected in Regulatory
Guide 1.4.

Vital areas for post-accident personnel access are addressed in Section 12.3, including radiation
zone maps that show projected dose rates in these areas and access routes for the various
post-accident actions in vital areas. Time estimates have been made for ingress, egress, and
performance of actions at the vital area locations and have been used in demonstrating that total
individual radiation doses are limited to less than 5 rem and that Item II.B.2 of NUREG-0737 and
GDC-19 requirements are met.

Environmental qualification of safety-related equipment is addressed in Section 3.11. The

determination of the radiation environments during postulated accident situations considers the
activity release model based on NUREG-1465, which supersedes the source term definition of
Parts 1 and 4 of Item II.B.2 of NUREG-0737.

Subsection 12.2.3 defines the responsibility to address any additional contained radiation sources
not identified in 12.2.1. Thus, appropriate source terms have been identified and used in
establishing that the requirements of Item II.B.2 of NUREG-0737 and GDC 19 are met and the
issues are resolved.

(2)(viii) Post-Accident Sampling (NUREG-0737 Item II.B.3)

"Provide a capability to promptly obtain and analyze samples from the reactor coolant system and
containment that may contain TID-14844 source term radioactive materials without radiation
exposures to any individual exceeding 5 rem to the whole-body or 50 rem to the extremities.
Materials to be analyzed and quantified include certain radionuclides that are indicators of the
degree of core damage (e.g., noble gases, iodines and cesiums, and non-volatile isotopes),
hydrogen in the containment atmosphere, dissolved gases, chloride, and boron concentrations."

AP1000 Response:

Recently the NRC published a model Safety Evaluation Report on eliminating post-accident
sampling system requirements from technical specifications for operating plants (Federal Register
Volume 65, Number 211, October 31, 2000). The AP1000 sampling design is consistent with the
approach in the Model safety evaluation report and not the guidance outlined in NUREG-0737
and Regulatory Guide 1.97. The primary sampling system design is consistent with contingency
plans to obtain and analyze highly radioactive post-accident samples from the reactor coolant
system, the containment sump, and the containment atmosphere.

Tier 2 Material 1.9-12 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

(2)(ix) Hydrogen Control (NUREG-0660 Item II.B.8)

"Provide a system for hydrogen control that can safely accommodate hydrogen generated by the
equivalent of a 100 percent fuel-clad metal-water reaction. Preliminary design information on the
tentatively preferred system option of those being evaluated in paragraph (1)(xii) of this
section (50.34) is sufficient at the construction permit stage. The hydrogen control system and
associated systems shall provide, with reasonable assurance, that:

(A) Uniformly distributed hydrogen concentrations in the containment do not exceed 10 percent
during and following an accident that releases an equivalent amount of hydrogen as would
be generated from a 100 percent fuel-clad metal-water reaction, or that the post-accident
atmosphere will not support hydrogen combustion.

(B) Combustible concentrations of hydrogen will not collect in areas where unintended
combustion or detonation could cause loss of containment integrity or loss of appropriate
mitigating features.

(C) Equipment necessary for achieving and maintaining safe shutdown of the plant and
maintaining containment integrity will perform its safety function during and after being
exposed to the environmental conditions attendant with the release of hydrogen generated by
the equivalent of a 100 percent fuel-clad metal-water reaction including the environmental
conditions created by activation of the hydrogen control system.

(D) If the method chosen for hydrogen control is a post-accident inerting system, inadvertent
actuation of the system can be safely accommodated during plant operation."

AP1000 Response:

See the response provided for issue (1)(xii).

(2)(x) Reactor Coolant System Valve Testing (NUREG-0737 Item II.D.1)

"Provide a test program and associated model development and conduct tests to qualify reactor
coolant system relief and safety valves and, for pressurized water reactors, power-operated relief
valves, block valves, for all fluid conditions expected under operating conditions, transients and
accidents. Consideration of anticipated transients without scram (ATWS) conditions shall be
included in the test program. Actual testing under ATWS conditions need not be carried out until
subsequent phases of the test program are developed."

AP1000 Response:

The AP1000 reactor coolant system design does not include power-operated relief valves and their
associated block valves. However, the safety valve and discharge piping used in the AP1000
design will be either of design similar to those items tested by EPRI and documented in EPRI
Report EPRI NP-2770-LD (Reference 2) or will be tested in accordance with the guidelines of
Item [II.D.1] of NUREG-0737.

Tier 2 Material 1.9-13 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

The AP1000 design includes automatic depressurization system valves which are used to
depressurize the plant and establish conditions for injection from the accumulators and the in-
containment refueling water storage tank. The operability of the automatic depressurization system
valves and spargers is confirmed by a test program. See Section 1.5 for information pertaining to
the testing program.

Accident analyses for the AP1000 determine fluid conditions expected under operating
conditions, transients, and accidents, and the postulated system responses to these conditions,
including the operation of reactor coolant system safety valves. Anticipated transients without
scram events are analyzed. Appropriate valve qualification documentation is maintained.

(2)(xi) Valve Position Indication (NUREG-0737 Item II.D.3)

"Provide direct indication of relief and safety valve position (open or closed) in the control room."

AP1000 Response:

The AP1000 design does not include power-operated relief valves and their associated block
valves from the reactor coolant system.

Direct indication of relief and safety valve position (open or closed) is provided in the main
control room.

(2)(xii) Auxiliary Feedwater System Initiation and Indication (NUREG-0737 Item II.E.1.2)

"Provide automatic and manual auxiliary feedwater system initiation, and provide auxiliary
feedwater system flow indication in the control room."

AP1000 Response:

As previously noted in the AP1000 response to Issue (1)(ii), the AP1000 design includes a
nonsafety-related startup feedwater system, but not an auxiliary feedwater system. Flow indication
of the startup feedwater system is provided in the main control room.

The startup feedwater pumps automatically start following anticipated transients resulting in low
steam generator level. The startup feedwater control valves automatically control feedwater flow
to the steam generators during operation. They can also be operated manually from the main
control room.

The safety-related passive core cooling system provides for emergency core decay heat removal
during transients, accidents, or whenever the normal heat removal paths are unavailable.
Automatic and manual actuation and flow rate indication are available in the main control room.

(2)(xiii) Pressurizer Heater Power Supplies (NUREG-0737 Item II.E.3.1)

"Provide pressurizer heater power supply and associated motive and control power interfaces
sufficient to establish and maintain natural circulation in hot standby conditions with only onsite
power available."

Tier 2 Material 1.9-14 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response:

The AP1000 pressurizer heaters are powered from the nonsafety-related ac power system. During
loss of offsite power events, a portion of the pressurizer heaters is capable of being powered from
the nonsafety-related onsite standby power system. The pressurizer heaters are capable of
establishing and maintaining natural circulation in hot standby condition, with only the diesel
generators supplying electrical power.

With only safety-related dc (Class 1E dc) power available, the safety-related passive core cooling
system can establish and maintain natural circulation cooling using the passive residual heat
removal heat exchangers, transferring the decay heat to the in-containment refueling water storage
tank water and to the passive containment cooling system.

Therefore, the nonsafety-related pressurizer heaters are not required for core decay heat removal
following a loss of offsite power. See Section 8.3 for additional information.

(2)(xiv) Containment Isolation System (NUREG-0737 Item II.E.4.2)

"Provide containment isolation systems that: (A) ensure all nonessential systems are isolated
automatically by the containment isolation system, (B) for each non-essential penetration (except
instrument lines) have two isolation barriers in series, (C) do not result in reopening of the
containment isolation valves on resetting of the isolation signal, (D) utilize a containment set point
pressure for initiating containment isolation as low as is compatible with normal operation, and
(E) include automatic closing on a high radiation signal for all systems that provide a path to the
environs."

AP1000 Response:

The AP1000 containment isolation design satisfies NRC requirements, including post-TMI
requirements. In general, this means that two barriers are provided -- one inside containment and
the other outside containment. Usually these barriers are valves, but in some cases they are closed,
seismic Category I piping systems not connected to the reactor coolant system or to the
containment atmosphere. Table 6.2.3-1 identifies containment isolation design provisions for
mechanical penetrations. The isolation signal and maximum closure times are defined for each
remotely operated valve. Containment penetrations, other than equipment hatches and flanges,
incorporate two isolation barriers in series.

The AP1000 design incorporates a reduction in the number of required penetrations compared to
the number in previous plant designs. The majority of these penetrations are normally closed.
Those few that are normally open, use automatically closed isolation valves.

Containment isolation is automatically actuated by a safeguards actuation signal, using two-out-of-

four coincident logic. The containment isolation actuation is set as low as reasonable without
creating potential for spurious trips during normal operations. Containment isolation can also be
initiated manually from the main control room. Containment penetrations do not automatically
reopen on the resetting of the isolation signal. See subsection 6.2.3 for additional information.

Tier 2 Material 1.9-15 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

(2)(xv) Containment Purging/Venting (NUREG-0933 Item II.E.4.4)

"Provide a capability for containment purging/venting designed to minimize the purging time
consistent with ALARA principles for occupational exposure. Provide and demonstrate high
assurance that the purge system will reliably isolate under accident conditions."

AP1000 Response:

Containment purging for the AP1000 is provided by the nonsafety-related containment air
filtration system. The function of the system is to clean up the containment atmosphere to
acceptable radiation levels during plant operation and prior to personnel entry. It can also be used
for containment pressure equalization.

The containment air filtration system is designed to reliably isolate under accident conditions.
There are two penetrations and two containment filtration subsystems for AP1000.

See subsection 9.4.7 for additional information.

(2)(xvi) ECCS Actuation Cycles (NUREG-0933 Item II.E.5.1)

"Establish a design criterion for the allowable number of actuation cycles of the emergency core
cooling system and reactor protection system consistent with the expected occurrence rates of
severe overcooling events (considering both the expected transients and accidents)."

AP1000 Response:

This issue is applicable to Babcock & Wilcox designs only.

The AP1000 design uses the passive core cooling system to provide emergency reactor coolant
inventory control and emergency decay heat removal. Component design criteria have been
established for the number of actuation cycles for the passive core cooling system. The identified
actuation cycles include inadvertent actuation, as well as the system response to expected plant
trip occurrences, including overcooling events.

Automatic depressurization system operation is not expected for either design basis or best
estimate overcooling events. See subsection 3.9.1 for additional information.

(2)(xvii) Specific Accident Monitoring Instrumentation (NUREG-0737 Item II.F.1)

"Provide instrumentation to measure, record and readout in the control room: (A) containment
pressure, (B) containment water level, (C) containment hydrogen concentration, (D) containment
radiation intensity (high level), and (E) noble gas effluents at all potential accident release points.
Provide for continuous sampling of radioactive iodines and particulates in gaseous effluents from
all potential accident release points, and for onsite capability to analyze and measure these
samples."

Tier 2 Material 1.9-16 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response:

AP1000 post-accident monitoring is described in Chapter 7.

AP1000 post-accident monitoring provides for indication of the specified parameters as follows:

• Containment pressure
• Containment water level
• Containment radiation intensity (high level)
• Noble gas effluents - to ascertain reactor coolant system integrity

Other noble gas effluents are designated Type E variables and include information to permit the
operators to:

• Monitor the habitability of the main control room

• Monitor plant areas where access may be required to service equipment necessary to monitor
or mitigate the consequences of an accident

• Estimate the magnitude of release of radioactive materials through identified pathways

• Monitor radiation levels and radioactivity in the environment surrounding the plant

DCD subsection 11.5.5 has additional information on measurement of radioactive effluents and
conformance with Regulatory Guide 1.97.

The AP1000 primary sampling system is designed to provide post accident sampling functions.
See DCD subsection [Link] for additional information on the post accident sampling system.

The human factors aspects of the AP1000 are discussed in Chapter 18.

(2)(xviii) Inadequate Core Cooling Instrumentation (NUREG-0737 Item II.F.2)

"Provide instruments that provide in the control room an unambiguous indication of inadequate
core cooling, such as primary coolant saturation meters in PWRs, and a suitable combination of
signals from indicators of coolant level in the reactor vessel and in-core thermocouples in PWRs
and BWRs."

AP1000 Response:

The AP1000 reactor system includes instrumentation for detecting voids in the reactor vessel head
and other reactor vessel inventory deficits that could lead to inadequate core cooling.

The available instrumentation includes core subcooling margin monitors, core exit thermocouples,
pressurizer level indicators, reactor coolant system reactor vessel level, and reactor coolant pump
status (motor current). Reactor vessel level indication is provided from a range in the vessel from
the bottom of the hot leg to approximately the reactor vessel mating flange via level
instrumentation connected to the hot legs.

Tier 2 Material 1.9-17 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

The AP1000 features that provide margin to or indication of inadequate core cooling include the
following:

• A larger pressurizer than most current PWRs, with a pressurizer that is located above the
reactor pressure vessel head

• No automatic power-operated relief valves

• An improved reactor vessel head venting capability

• A passive core cooling system

• A passive containment cooling system

• No dependence on ac power to maintain adequate core and containment cooling

• Reactor coolant system hot leg level instrumentation

• Improved reactor system instrumentation

• Core subcooling monitoring

See Sections 6.3 and 7.5 for additional information.

(2)(xix) Post-Accident Monitoring Instrumentation (NUREG-0933 Item II.F.3)

"Provide instrumentation adequate for monitoring plant conditions following an accident that
includes core damage."

AP1000 Response:

The AP1000 post-accident monitoring system was developed by using Regulatory Guide 1.97 as a
guidance document.

Data used for post-accident monitoring is displayed either by the normal control room display
system or by the qualified data processing system.

The normal control room display system is used for display of nonsafety-related signals which are
not required to be displayed by a qualified system. The qualified data processing system provides
for the display of signals which must be displayed by a qualified system.

The qualified data processing system is a microprocessor-based, safety-related system that

provides instrumentation to monitor the plant variables and systems during and following an
accident. The system consists of two independent, electrically isolated, physically separated
divisions.

Additional details pertaining to this system are provided in the AP1000 response to issue (2)(xvii)
and in Chapter 7.

Tier 2 Material 1.9-18 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

(2)(xx) Power Supplies for Pressurizer Relief Valves, Block Valves, and Level Indicators
(NUREG-0737 Item II.G.1)

"Provide power supplies for pressurizer relief valves, block valves, and level indicators such that:
(A) level indicators are powered from vital buses, (B) motive and control power connections to the
emergency power sources are through devices qualified in accordance with requirements
applicable to systems important to safety, and (C) electric power is provided from emergency
power sources."

AP1000 Response:

The AP1000 design does not include power-operated relief valves and their associated block
valves from the reactor coolant system.

Pressurizer level indication is provided by instrumentation powered from the Class 1E dc and UPS
system. The system provides safety-related, uninterruptible power for the Class 1E plant
instrumentation, control, monitoring, and other vital functions, including safety-related
components that are essential for safe shutdown of the plant.

The Class 1E direct current system is designed such that these critical plant loads are powered
during emergency plant conditions when both onsite and offsite ac power sources are unavailable.

See Chapter 7 and Section 8.3 for additional information.

(2)(xxi) Auxiliary Heat Removal Systems (NUREG-0933 Item II.K.1.22)

"Design auxiliary heat removal systems such that necessary automatic and manual actions can be
taken to ensure proper functioning when the main feedwater system is not operable."

AP1000 Response:

Although this issue is applicable to BWRs only, there are some considerations for AP1000.

Following a loss of main feedwater for the AP1000, there are a number of plant systems that
automatically actuate to provide decay heat removal. The startup feedwater system is a nonsafety-
related system, that can be powered by the nonsafety-related diesel generators, and is
automatically actuated and controlled by steam generator level.

For design basis events, the safety-related passive core cooling system includes a passive residual
heat removal heat exchanger which automatically actuates to provide emergency core decay heat
removal if the nonsafety-related systems are not available.

The AP1000 main control room meets the NRC guidelines for manual actuation of protective
functions including those that are used in the event of a loss of normal feedwater.

See Sections 6.3 and 10.4 for additional information.

Tier 2 Material 1.9-19 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

(2)(xxii) Failure Mode and Effects Analysis for Control Systems (NUREG-0933 Item II.K.2.9)

"Provide a failure modes and effects analysis of the integrated control system to include
consideration of failures and effects of input and output signals to the integrated control system."

AP1000 Response:

This issue is applicable to Babcock & Wilcox plants only.

(2)(xxiii) Safety-Grade Anticipatory Reactor Trip (NUREG-0737 Item II.K.2.10)

"Provide, as part of the reactor protection system, an anticipatory reactor trip that would be
actuated on loss of main feedwater and on turbine trip."

AP1000 Response:

This issue is applicable to Babcock & Wilcox plants only.

The AP1000 trip logic includes an anticipatory reactor trip for loss of main feedwater using low
steam generator water level. See Section 7.2 for additional information.

Since the AP1000 design does not include power-operated relief valves and their associated block
valves in the reactor coolant system, the anticipatory reactor trip on turbine trip is not required for
AP1000.

(2)(xxiv) Central Water Level Recording (NUREG-0933 Item II.K.3.23)

"Provide the capability to record reactor vessel water level in one location on recorders that meet
normal post-accident recording requirements."

AP1000 Response:

This issue is applicable to BWRs only.

(2)(xxv) Emergency Response Facilities (NUREG-0737 Item III.A.1.2)

"Provide an onsite technical support center, an onsite operational support center, and, for
construction permit applications only, a nearsite emergency operations facility."

AP1000 Response:

The AP1000 provides for an onsite technical support center and an operational support center. See
the figures in Section 1.2 for additional information on the location. The detailed design of the
workstations and the associated man-machine interface for the technical support center and the
operational support center is guided by the human factors engineering design process described in
Chapter 18 of the DCD. The offsite emergency response facility is discussed in subsection 18.2.6.

Tier 2 Material 1.9-20 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

(2)(xxvi) Leakage Control Outside Containment (NUREG-0737 Item III.D.1.1)

"Provide for leakage control and detection in the design of systems outside containment that
contain (or might contain) TID-14844 source term radioactive materials following an accident.
Applicants shall submit a leakage control program, including an initial test program, a schedule
for retesting these systems, and the actions to be taken for minimizing leakage from such systems.
The goal is to minimize potential exposures to workers and public, and to provide reasonable
assurance that excessive leakage will not prevent the use of systems needed in an emergency."

AP1000 Response:

As described in issue (2)(vii), the safety-related AP1000 passive systems do not recirculate
radioactive fluids outside of containment following an accident. A nonsafety-related system can be
used to recirculate coolant outside of containment following an accident, but this system is not
operated when high containment radiation levels exist.

(2)(xxvii) In-Plant Monitoring (NUREG-0737 Item III.D.3.3)

"Provide for monitoring of inplant radiation and airborne radioactivity as appropriate for a broad
range of routine and accident conditions."

AP1000 Response:

Area radiation monitors (ARMs) are provided to supplement the personnel and area radiation
survey provisions of the AP1000 health physics program described in Section 12.5 and to comply
with the personnel radiation protection guidelines of 10 CFR 20, 10 CFR 50, 10 CFR 70, and
Regulatory Guides 1.97, 8.2, and 8.8. In addition to the installed detectors, periodic plant
environmental surveillance is established.

(2)(xxviii) Control Room Habitability (NUREG-0737 Item III.D.3.4)

"Evaluate potential pathways for radioactivity and radiation that may lead to control room
habitability problems under accident conditions resulting in a TID-14844 source term release, and
make necessary design provisions to preclude such problems."

AP1000 Response:

Normally, a nonsafety-related HVAC system keeps the AP1000 main control room slightly
pressurized to prevent infiltration of air from other plant areas. During accident conditions, a
safety-related isolation of the main control room is automatically actuated.

Upon the loss of nonsafety-related ac power, the main control room environment is sufficient to
protect the operators and support the man-machine interfaces necessary to establish and maintain
safe shutdown conditions for the plant following postulated design basis accident conditions. The
sources are based on the core activity release model from Regulatory Guide 1.183, which
supersedes the TID-14844 source term assumptions as reflected in Regulatory Guide 1.4.

Tier 2 Material 1.9-21 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

The main control room is sealed with safety-related connections to a safety-related compressed air
breathing source. This compressed air system provides continued pressurization and a source of
fresh air for operator habitability. The air supply is sized to last for 72 hours following an
accident. It is expected that the onsite nonsafety-related normal HVAC system will be operational
before the installed compressed air supply is exhausted.

The nonsafety-related HVAC system, equipped with a refrigeration-type air conditioning unit,
normally provides main control room cooling. This equipment is powered from the onsite diesel
generators. If the normal HVAC system is not available, outside air is not allowed into the main
control room, and the safety-related compressed air storage system is actuated.

(3)(i) Industry Experience (NUREG-0737 Item I.C.5)

"Provide administrative procedures for evaluating operating, design, and construction experience
and for ensuring that applicable important industry experiences will be provided in a timely
manner to those designing and constructing the plant."

AP1000 Response:

AP1000 design engineers are continually involved in reviewing industry experiences from sources
such as NRC Bulletins, Licensee Event Reports, NRC request for information letters to holders of
operating licenses for nuclear power reactors, Federal Register information, and generic letters.
Lessons learned experience was incorporated in the AP600 through the Westinghouse
participation in developing Volume III of the ALWR Utility Requirements Document and
participation in the ALWR Utility Steering Committee activities. The AP1000 design is closely
based on the AP600. See Section [Link] for additional information.

(3)(ii) Quality Assurance List (NUREG-0933 Item I.F.1)

"Ensure that the quality assurance list required by Criterion II, Appendix B, 10 CFR Part 50
includes all structures, systems and components important to safety."

AP1000 Response:

The AP1000 Quality Assurance Plan is described in Chapter 17. Structures, systems, and
components are classified as described in Section 3.2.

(3)(iii) Quality Assurance Program (NUREG-0737 Item I.F.2)

"Establish a quality assurance program based on consideration of: (A) ensuring independence of
the organization performing checking functions from the organization responsible for performing
the functions; (B) performing quality assurance/quality control functions at construction sites to
the maximum feasible extent; (C) including Quality Assurance personnel in the documented
review of and concurrence in quality related procedures associated with design, construction and
installation; (D) establishing criteria for determining Quality Assurance programmatic
requirements; (E) establishing qualification requirements for Quality Assurance and Quality
Control personnel; (F) sizing the Quality Assurance staff commensurate with its duties and

Tier 2 Material 1.9-22 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

responsibilities; (G) establishing procedures for maintenance of "as-built" documentation; and

(H) providing a Quality Assurance role in design and analysis activities."

AP1000 Response:

The AP1000 Quality Assurance Plan described in Chapter 17 meets the requirements of
issue 1.F.2.

(3)(iv) Dedicated Containment Penetrations (NUREG-0660 Item II.B.8)

"Provide one or more dedicated containment penetrations, equivalent in size to a single 3-foot
diameter opening, in order not to preclude future installation of systems to prevent containment
failure, such as a filtered vented containment system."

AP1000 Response:

The containment analysis for the AP1000, including PRA and severe accident assessments,
demonstrate that the containment, with its passive heat rejection capability, does not need a
filtered vent to prevent overpressurization.

The 36-inch diameter containment air filtration system penetration provided for AP1000 meets the
requirement of 10 CFR 50.34(f)(3)(iv). See Figure 9.4.7-1, note 6, for additional information.

(3)(v) Containment Design (NUREG-0660 Item II.B.8)

"Provide preliminary design information at a level of detail consistent with that normally required
at the construction permit stage of review sufficient to demonstrate that:

(A)(1) Containment integrity will be maintained (i.e., for steel containments by meeting the
requirements of the ASME Boiler and Pressure Vessel Code, Section III, Division 1,
Subarticle NE-3220, Service Level C Limits, except that evaluation of instability is not required,
considering pressure and dead load alone. For concrete containments by meeting the requirements
of the ASME Boiler and Pressure Vessel Code, Section III, Division 2 Subarticle CC-3720,
Factored Load Category, considering pressure and dead load alone) during an accident that
releases hydrogen generated from 100 percent fuel clad metal-water reaction accompanied by
either hydrogen burning or the added pressure from post-accident inerting assuming carbon
dioxide is the inerting agent. As a minimum, the specific code requirements set forth above,
appropriate for each type of containment, will be met for a combination of dead load and an
internal pressure of 45 psig. Modest deviations from these criteria will be considered by the staff,
if good cause is shown by an applicant. Systems necessary to ensure containment integrity shall
also be demonstrated to perform their function under these conditions.

(2) Subarticle NE-3220, Division 1, and subarticle CC-3720, Division 2, of Section III of the
July 1, 1980 ASME Boiler and Pressure Vessel Code, which are referenced in
paragraph (f)(3)(v)(A)(1) and (f)(3) (v)(B)(1) of this section, were approved for incorporation by
reference by the Director of the Office of the Federal Register. A notice of any changes made to
the material incorporated by reference will be published in the Federal Register. . . .

Tier 2 Material 1.9-23 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

(B)(1) Containment structure loadings produced by an inadvertent full actuation of a

post-accident inerting hydrogen control system (assuming carbon dioxide), but not including
seismic or design basis accident loadings will not produce stresses in steel containments in excess
of the limits set forth in the ASME Boiler and Pressure Vessel Code, Section III, Division 1,
Subarticle NE-3220, Service Level A Limits, except that evaluation of instability is not required
(for concrete containments the loadings specified above will not produce strains in the
containment liner in excess of the limits set forth in the ASME Boiler and Pressure Vessel Code,
Section III, Division 2, Subarticle CC-3720, Service Load Category), (2) The containment has the
capability to safely withstand pressure tests at 1.10 and 1.15 times (for steel and concrete
containments, respectively) the pressure calculated to result from carbon dioxide inerting."

AP1000 Response:

The AP1000 containment vessel is designed to meet the requirements of the ASME Code,
Section III, Division I, Subsection NE. A severe accident containment analysis is conducted to
support the design effort. The results of the analysis are fission product source terms and plant
thermal-hydraulic response for each of the accident sequences chosen to be representative of the
plant damage states determined in level 1 PRA analysis.

Results of the analysis indicate that containment failure is not predicted for cases in which the
passive containment cooling system cooling water is available. The hydrogen igniter system
controls hydrogen and mitigates threats to the containment due to hydrogen.

See Section 6.2 for additional information.

(3)(vi) Hydrogen Recombiners (NUREG-0737 Item II.E.4.1)

"For plant designs with external hydrogen recombiners, provide redundant dedicated containment
penetrations so that, assuming a single failure, the recombiner systems can be connected to the
containment atmosphere."

AP1000 Response:

Since external hydrogen recombiners are not provided for the AP1000, this requirement is not
applicable. See Section 6.2 for additional information.

(3)(vii) Management Plan (NUREG-0933 Item II.J.3.1)

"Provide a description of the management plan for design and construction activities, to include:
(A) the organizational and management structure singularly responsible for direction of design and
construction of the proposed plant; (B) technical resources director by the applicant; (C) details of
the interaction of design and construction within the applicant's organization and the manner by
which the applicant will ensure close integration of the architect engineer and the nuclear steam
supply vendor; (D) proposed procedures for handling the transition to operation; (E) the degree of
top level management oversight and technical control to be exercised by the applicant during
design and construction, including the preparation and implementation of procedures necessary to
guide the effort."

Tier 2 Material 1.9-24 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response:

The AP1000 design team has developed a management plan for the AP1000 project which
consists of a properly structured organization with open lines of communication, clearly defined
responsibilities, well-coordinated technical efforts, and appropriate control channels. The
procedures to be used in the construction, startup, and operation phases of the plant are provided
in accordance with the Master Plan and Procedure Development Process identified in
APP-GW-GLR-040 (Reference 72).

1.9.4 Unresolved Safety Issues and Generic Safety Issues

Proposed technical resolutions of Unresolved Safety Issues and medium- and high-priority
Generic Safety Issues, as identified in NUREG-0933, Reference 3 are required for new plants as
part of the NRC policy on severe accidents and are required for design certification in accordance
with 10 CFR 52.47(a)(1)(iv).

The current program for identifying and establishing the priority of open safety issues is
summarized in NUREG-0933. This program provides for the prioritization and tracking of
previously categorized Unresolved Safety Issues and Generic Safety Issues, New Generic Issues,
TMI Action Plan Items Under Development, and Human Factors Program Plan Issues.

The following subsection reviews each of the NUREG-0933 safety issues and identifies the safety
issues that are applicable to the AP1000. For each of these issues guidance is provided on how the
issue is addressed for the AP1000.

[Link] Review of NRC List of Unresolved Safety Issues and Generic Safety Issues

Applicants for design certification are required by 10 CFR 52.47(a)(1)(iv) to identify:

"Proposed technical resolutions of those Unresolved Safety Issues and medium- and high-priority
Generic Safety Issues which are identified in the version of NUREG-0933 current on the date
six months prior to application and which are technically relevant to the design."

NUREG-0933, "A Prioritization of Generic Safety Issues," through Supplement 25 identifies

hundreds of issues. The issues tabulated in Supplement 25 were reviewed to determine which
issues are technically relevant to the AP1000 design. In this review process, the following
screening criteria were applied:

a. Issue has been prioritized as Low, Drop, or has not been prioritized.

b. Issue is not an AP1000 design issue. Issue is applicable to GE, B&W, or CE designs only.

c. Issue resolved with no new requirements.

d. Issue is not a design issue (Environmental Issue, Licensing Issue, Regulatory Impact Issue, or
covered in an existing NRC program).

Tier 2 Material 1.9-25 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

e. Issue superseded by one or more issues.

f. Issue is not an AP1000 design certification issue. Issue is applicable to NTOL plants only,
responsibility of combined license applicant, or issue is limited to current generation
operating plants.

Issues meeting one or more of the preceding screening criteria were screened out of the review
process as issues that are not applicable to the AP1000 design. The remaining issues fall into one
of the following two categories:

g. Issue is resolved by establishment of new regulatory requirements and/or guidance.

h. Issue is unresolved pending generic resolution (e.g., prioritized as High, Medium, or

possible resolution identified).

Table 1.9-2 identifies the results of the screening review. For those issues identified as relevant to
the AP1000 design (i.e., issues screened as g or h), Table 1.9-2 identifies the DCD subsection that
addresses the issue.

[Link] AP1000 Resolution of Unresolved Safety Issues and Generic Safety Issues

[Link].1 TMI Action Plan Issues

TMI Action Plan issues that were not incorporated in 10CFR50.34(f) are addressed in the
following. Those issues incorporated into 10CFR50.34(f) are addressed in subsection 1.9.3.

I.D.5(2) Plant Status and Post-Accident Monitoring Discussion:

TMI action plant item I.D.5(2) addresses the need to improve the operators' ability to prevent,
diagnose and properly respond to accidents. The emphasis is on the information needs
(i.e., indication of plant status) of the operator. This issue was resolved with the issuance of
Revision 2 to Regulatory Guide 1.97, "Instrumentation for Light Water Cooled Nuclear Power
Plants to Assess Plant Environs Conditions During and Following an Accident."

AP1000 Response:

The AP1000 conforms to and meets the intent of Regulatory Guide 1.97. Regulatory Guide 1.97
provides the requirements for post-accident monitoring of nuclear reactor safety parameters,
including plant process parameters important to safety and the monitoring of effluent paths and
plant environs for radioactivity. These guidelines include definition and categorization of plant
variables that are available to the main control room operators for monitoring the plant safety
status following a design basis event.

For the AP1000, an analysis is conducted to identify the appropriate variables and to establish the
appropriate design basis and qualification criteria for instrumentation used by the operator for
monitoring conditions in the reactor coolant system, the secondary heat removal system, the
containment, and the systems used for attaining a safe shutdown condition, as discussed in
Section 7.5.

Tier 2 Material 1.9-26 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

The instrumentation is used by the operator to monitor and maintain the safety of the plant during
operating conditions, including anticipated operational occurrences and accident and post-accident
conditions. A set of plant parameters identified according to the Regulatory Guide 1.97 guidelines
are processed and displayed by the qualified data processing system (QDPS), which is discussed
in subsection 18.8. The verification and validation (V&V) of the QDPS complies with the V&V
process described in Section 18.11.

I.D.5(3) On-Line Reactor Surveillance System

Discussion:

TMI action plan item I.D.5(3) addresses the benefit to plant safety and operations of continuous
on-line automated surveillance systems. Continuous on-line surveillance systems that
automatically monitor reactors can assist plant operations by providing diagnostic information
which can predict anomalous behavior.

Various methods of on-line reactor surveillance have been used, including neutron noise
monitoring in boiling water reactors (BWRs) to detect internals vibration, and pressure noise
surveillance at TMI-2 to monitor primary loop degasification.

AP1000 Response:

The AP1000 reactor coolant pressure boundary is monitored for leaks from the reactor coolant and
associated systems by a variety of components located in multiple systems. The leak detection
system provides information permitting the plant operators to take corrective action if any detected
leakage exceeds technical specifications. The leak detection system is designed according to the
requirements of 10 CFR 50, Appendix A, General Design Criterion 30. The system provides a
means to detect and, to the extent practical, to identify the source of the reactor coolant pressure
boundary leakage. DCD subsection 5.2.5 provides further discussion of leak detection.

A digital metal impact monitoring system (DMIMS) monitors the reactor coolant system for the
presence of loose metallic parts. This system conforms with the guidance provided in Regulatory
Guide 1.133, Rev. 1, May 1981. An advanced microprocessor-based system, employing digital
technology, automatically actuates audible and visual alarms if a signal exceeds the preset alarm
level.

I.F.1 Expand Quality Assurance List

Discussion:

Item I.F.1 addressed the issue of systems that are "important to safety" that are not on the Quality
Assurance List. The suggestion was made that equipment important to safety be ranked and that
ranking used to determine systems that should be added to the Quality Assurance List. This
approach has not been implemented by the NRC on either a generic or cases-by case basis. In
NUREG-0933 this item was classified as resolved with no additional requirements established.

Tier 2 Material 1.9-27 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response:

The requirements of 10 CFR Appendix B apply to safety-related systems and components. See
subsection 3.2.2 for a discussion of the AP1000 equipment classification system and the
associated quality assurance requirements, including requirements for nonsafety-related systems.

I.G.1 Training Requirements

Discussion:

Item I.G.1 included the issue of natural circulation testing for use as input into operator training.

AP1000 Response:

For the AP1000, natural circulation heat removal using the steam generators is not safety-related,
as in current plants. This safety-related function is performed by the passive residual heat removal
system. Natural circulation heat removal via the passive residual heat removal heat exchanger is
tested for every plant during hot functional testing. This testing of passive residual heat removal
system meets the intent of the requirement to perform natural circulation testing and the results of
this testing is factored into the operator training.

For the AP1000, the tests outlined below are contained in the AP1000 initial test plan and
demonstrate the effectiveness of natural circulation cooling.

1. During hot functional testing, prior to fuel load, with the reactor coolant pumps not running
and no onsite power available, the heat removal capability of the passive residual heat
removal heat exchanger with natural circulation flow is verified (See subsection [Link].3,
item e).

2. After fuel loading, but prior to criticality, with the reactor system at no-load operating
temperature and pressure and all reactor coolant pumps operating, the depressurization rate is
determined by de-energizing the heaters and pressure is further reduced through use of sprays
(See subsection [Link].19).

3. After criticality is achieved and the plant is at ~ 3% power, the plant is placed in a natural
circulation mode by tripping all reactor coolant pumps and observing the plant response
using the steam generators (See subsection [Link].6) and then using the PRHR (see
subsection [Link].7) as the primary heat sinks. These tests are performed for the first plant
only.

4. A loss-of-offsite power test is performed with the plant at minimum power level supplying
normal house loads. The turbine is tripped and the plant is placed in a stable condition using
batteries and the diesel generator (See subsection [Link].26).

5. Data obtained from the first plant only natural circulation tests using the steam generators
and PRHR is provided for operator training on a plant simulator at the earliest opportunity.
Operating training for subsequent plants is also obtained while performing the hot functional
PRHR natural circulation test described in item 1 above.

Tier 2 Material 1.9-28 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

This response as modified for the AP1000 design is consistent with the response to
NUREG-0737, action item I.G.1 which provided a proposal for low power testing of existing and
future Westinghouse pressurized water reactors in Attachment 4 to letter NS-EPR-2465 from
Westinghouse (E. P. Rahe) to the NRC (H. R. Denton) dated July 8, 1981.

I.G.2 Scope of Test Program

Discussion:

TMI Action Plan Items I.G.2 recommended additional testing during preoperational and startup
programs to search for anomalies in a plants response to transients. The Standard Review Plan,
Section 14 was revised to provide additional guidance for preoperational and startup test
programs.

AP1000 Response:

The program plan for preoperational and startup testing of the AP1000 is in Section 14.2. This
section addresses the Standard Review Plan, Section 14. The conformance with Standard Review
Plan, Section 14 is outlined in AP1000 Compliance with SRP Acceptance Criteria, WCAP-15799.

II.E.1.3 Update Standard Review Plan and Develop Regulatory Guide

Discussion:

This item was a requirement to update Section 10.4.9 of the Standard Review Plan to address the
requirements of Items II.E.1.1 and II.F.1.2 for auxiliary feedwater systems. Standard Review
Plan 10.4.9 was revised and this issue is classified as resolved.

AP1000 Response:

The AP1000 does not have a safety-related auxiliary feedwater system. For conformance of the
AP1000 with Items II.E.1.1 and II.E.1.2 see the write-up for (1)(ii) and (2)(xii) in
subsection 1.9.3. For conformance with Standard Review Plan Section 10.4.9 see WCAP-15799.

II.E.6.1 Test Adequacy Study

Discussion:

This item was intended to establish the adequacy of requirements for safety-related valve testing.
Subsequent to this item, expanded requirements were written into the ASME OM Code for valve
testing.

AP1000 Response:

The AP1000 is designed for an in-service test program in accordance with the ASME OM Code.
See subsection 3.9.6 for additional information on the in-service testing program plan.

Tier 2 Material 1.9-29 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

II.K.1(10) Review and Modify Procedures for Removing Safety-related Systems from Service

Discussion:

This item required operating plants to review and modify (as required) their procedures for
removing safety-related systems from service to assure operability status is known.

AP1000 Response:

DCD Section 13.5 describes the AP1000 procedure development, preparation, and responsibility.

II.K.1(13) Propose Technical Specification Changes Reflecting Implementation of All Bulletin Items.

Discussion:

This item required that operating plants propose technical specification changes to address
Bulletin items.

AP1000 Response:

The AP1000 Technical Specifications (Section 16.1) are based on and were reviewed against the
Westinghouse Standard Technical Specifications, which incorporated the requirements of the
bulletins for the TMI Action Plan.

II.K.1(17) Trip PZR Level Bistable So That Low Pressure Will Initiate Safety Injection

Discussion:

This item required operating licensees and operating license applicants with Westinghouse
designed nuclear steam supply systems to trip the pressurizer level bistable so that the pressurizer
low pressure (rather than the pressurizer low pressure and pressurizer low level coincidence)
would initiate safety injection.

AP1000 Response:

This issue does not apply to AP1000. The AP1000 does not rely on coincident low pressurizer
pressure and low pressurizer level for actuation. See Section 6.3 for a discussion of actuation of
the passive core cooling system.

II.K.1(24) Perform LOCA Analyses for a Range of Small-Break Sizes and a Range of Time Lapses
Between Reactor Trip and Reactor Coolant Pump Trip

Discussion:

This item requires analyses to provide the basis for the comparison of analytical methods.

Tier 2 Material 1.9-30 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response:

The analyses documented in Chapter 15 cover a range of small break sizes. The AP1000
automatically trips the reactor coolant pump on an SI signal. The need to look at time lapses
between reactor trip and pump trip is not required.

II.K.3(5) Automatic Trip of Reactor Coolant Pumps

Discussion:

This item requires that operating plants and operating plant applicants study the need for
automatic trip of reactor coolant pumps and to modify procedures of designs as appropriate.

AP1000 Response:

The AP1000 design provides for an automatic trip of the reactor coolant pumps on actuation of
the passive core cooling system. This trip is provided to prevent reactor coolant pump interaction
with the operation of the core makeup tank. See Section 6.3 for additional information.

II.K.3(9) Proportional Integral Derivative Controller Modification

Discussion:

TMI action plan item II.K.3(9) required all Westinghouse plants to raise the interlock bistable trip
setting to preclude derivative action from opening the PORVs.

AP1000 Response:

This issue is not applicable to the AP1000. The AP1000 does not include power-operated relief
valves. See subsections 5.1.2 and 5.2.2 for additional information.

[Link].2 Task Action Plan Items

A-1 Water Hammer

Discussion:

Generic Safety Issue A-1 was raised after the occurrence of various incidents of water hammer
that involved steam generator feedrings and piping, emergency core cooling systems, residual heat
removal systems, containment spray, service water, feedwater, and steam lines. The incidents have
been attributed to such causes as rapid condensation of steam pockets, steam-driven slugs of
water, pump startup with partially empty lines, and rapid valve motion. Most of the damage has
been relatively minor and involved pipe hangers and restraints. However, several incidents have
resulted in piping and valve damage. This item was originally identified in NUREG-0371,
(Reference 4) and was later determined to be an Unresolved Safety Issue.

Tier 2 Material 1.9-31 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response:

Specific sections of the Standard Review Plan (NUREG-0800) address criteria for mitigation of
water hammer concerns. The applicable Standard Review Plan sections as well as information
provided in NUREG-0927 (Reference 5) were reviewed. The AP1000 meets the water hammer
provisions as specified. The discussion that follows provides a brief description of selected
systems identified as being subject to water hammer occurrences and special design features that
mitigate or prevent water hammer damage.

Design features are incorporated as appropriate to prevent water hammer damage in applicable
systems including steam generator feedrings and piping, passive core cooling system, passive
residual heat removal system, service water system, feedwater system, and steam lines.

Water hammer issues are considered in the design of the AP1000 passive core cooling system.
The passive core cooling system design includes a number of design features specifically to
prevent or mitigate water hammer.

The automatic depressurization system operation uses multiple, sequenced valve stages to provide
a relatively slow, controlled depressurization of the reactor coolant system, which helps to reduce
the potential for water hammer.

Once the depressurization is complete, gravity injection from the in-containment refueling water
storage tank is initiated by opening squib valves and then check valves, which reposition slowly.
Gravity injection flow actuates slowly, without water hammer, as the pressure differential across
the gravity injection check valves equalizes, and the valves open and initiate flow.

The passive residual heat removal heat exchanger is normally aligned with an open inlet valve and
closed discharge valves. This alignment keeps the system piping at reactor coolant system
pressure, preventing water hammer upon initiation of flow through the heat exchanger.
Instrumentation is provided at the system high point to detect a void in the system.

The core makeup tanks are normally aligned with an open inlet line from the reactor coolant cold
leg to keep the tanks at reactor coolant system pressure. This alignment keeps the system piping at
reactor coolant pressure, preventing water hammer upon initiation of flow through the tank. In
addition, instrumentation is provided at each high point to detect voids within the system.
Section 6.3 of the DCD provides additional information on the passive core cooling system.

The potential for water hammer in the feedwater line is minimized by the improved design and
operation of the feedwater delivery system. The steam generator features include introducing
feedwater into the steam generator at an elevation above the top of the tube bundles and below the
normal water level by a top discharge spray tube feedring. The feedring is welded to the feedwater
nozzle to limit the potential for inadvertent draining. The layout of the feedwater line is consistent
with industry standard recommendations to reduce the potential of a steam generator water
hammer.

The startup feedwater system is a nonsafety-related system that provides feedwater during normal
plant startup, shutdown, and hot standby. The startup feedwater line is separate from the main

Tier 2 Material 1.9-32 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

feedwater line and therefore does not contribute to the potential of water hammer in the feedwater
piping or steam generator feedring.

The main steam line drains are designed to remove accumulated condensate from the main steam
lines and to maintain the turbine bypass header at operating temperature during plant operation.
The system is designed to accommodate drain flows during startup, shutdown, transient, and
normal operation to protect the turbine and the turbine bypass valves from water slug damage.

A-2 Asymmetric Blowdown Loads on Reactor Primary Coolant Systems

Discussion:

Generic Safety Issue A-2 pertains to asymmetric loadings that could act on a pressurized water
reactor's primary system as the result of a postulated double-ended rupture of the piping in the
primary coolant system. The magnitude of these loads is potentially large enough to damage the
supports of the reactor vessel, the reactor internals, and other primary components of the system.
Therefore, the NRC initiated a generic study to develop criteria for an evaluation of the response
of the primary systems in pressurized water reactors to these loads.

AP1000 Response:

The use of mechanistic pipe break criteria permits elimination of the evaluation of dynamic effects
of sudden circumferential and longitudinal pipe breaks in the structural analysis of structures,
systems, and components. General Design Criterion 4 allows the use of analyses to eliminate from
the design basis the dynamic effects of pipe ruptures postulated at locations defined in
subsection 3.6.2. Dynamic effects include jet impingement, pipe whip, jet reaction forces on other
portions of the piping and components, subcompartment pressurization including reactor cavity
asymmetric pressurization transients, and traveling pressure waves from the depressurization of
the system.

The AP1000 reactor coolant loop and pressurizer surge line are designed in accordance with
mechanistic pipe break criteria. In addition, other high energy ASME Code, Section III, Class 1
and 2 piping of 6 inches and greater nominal diameter is evaluated against leak-before-break
criteria. The evaluation methodology is described in subsection 3.6.3 and Appendix 3B.

A-3 Steam Generator Tube Integrity

Discussion:

Pressurized water reactor steam generator tube integrity is subject to various degradation
mechanisms, including corrosion-induced wastage, cracking, reduction in tube diameter, denting,
(which leads to primary side stress corrosion cracking), vibration-induced fatigue cracks, and wear
or fretting due to loose parts in the secondary system. The primary concern is the capability of
degraded tubes to maintain their integrity during normal operation and under accident conditions
(LOCA or a main steam line break) with adequate safety margins.

Steam generator tube integrity concerns for the three steam generator suppliers, Westinghouse,
Combustion Engineering, and Babcock and Wilcox, are addressed by an integrated NRC program

Tier 2 Material 1.9-33 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

for Generic Safety Issues A3, A4, and A5. This program addresses the areas of steam generator
integrity, plant systems response, human factors, radiological consequences, and the response of
various organizations to a steam generator tube rupture.

AP1000 Response:

The AP1000 steam generators are designed in accordance with the recommendations of Generic
Letter 85-02 and NUREG-0844 (References 6 and 7). The AP1000 steam generator is equipped
with a number of features to enhance steam generator tube performance and reliability. These
features are described in subsection 5.4.2.

A-9 Anticipated Transients Without Scram

Discussion:

Generic Safety Issue A-9 was resolved with the publication of 10 CFR 50.62. This regulation sets
forth the requirements for reduction of risks from anticipated transients without scram.

AP1000 Response:

The AP1000 complies with the requirements of 10 CFR 50.62 except that the AP1000 does not
have a safety-related auxiliary feedwater system. In lieu of the automatic initiation of the auxiliary
feedwater system under conditions indicative of an ATWS as required by 10 CFR 50.62 (c)(1),
the AP1000 automatically initiates the passive residual heat removal system as discussed in
Section 6.3.

A discussion of the AP1000 design features used to address the probability of an ATWS is
presented in subsection 1.9.5 and Section 7.7.

A-11 Reactor Vessel Materials Toughness

Discussion:

Generic Issue A-11 addresses a concern with the reduction of reactor vessel fracture toughness as
plants accumulate more and more service time. 10 CFR 50, Appendix G provides requirements
for reactor vessel material toughness.

AP1000 Response:

The AP1000 reactor vessel design complies with the requirements of 10 CFR 50, Appendix G and
includes numerous features to reduce neutron fluence, enhance material toughness at low
temperature and eliminate weld seams in critical areas. Material requirements are provided in
subsection 5.3.2. Pressure and temperature limits are provided in subsection 5.3.3.

Tier 2 Material 1.9-34 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

A-12 Fracture Toughness of Steam Generator and Reactor Coolant Pump Supports

Discussion:

Generic Safety Issue A-12 addresses a concern with the potential for lamellar tearing of steam
generator and RCP support material. NUREG-0577 (Reference 8) categorizes operating plants
relative to the adequacy of the plant's steam generator and reactor coolant pump supports with
respect to fracture toughness.

AP1000 Response:

The steam generator and reactor coolant pump supports are described in subsection 5.4.10. The
supports are designed in accordance with subsection NF of Section III of the ASME Code. Design
and fabrication of these supports in accordance with Subsection NF requirements provide
acceptable fracture toughness of materials, and conform with NUREG-0577.

A-13 Snubber Operability Assurance

Discussion:

Generic Issue A-13 addresses snubber operability concerns. Snubbers are utilized primarily as
seismic and pipe whip restraints at nuclear power plants. Their safety function is to operate as
rigid supports for restraining the motion of attached systems or components under rapidly applied
load conditions such as earthquakes, pipe breaks, and severe hydraulic transients.

Operating experience reports show that a substantial number of snubbers have leaked hydraulic
fluid and that the rejection rate from functional testing and inspection is high. This has led to an
NRC and ACRS concern regarding the effect of snubber malfunctions on plant safety.

AP1000 Response:

The use of snubbers is minimized in the AP1000. Gapped support devices, leak-before-break
considerations, and state-of-the-art piping analysis methods are used to minimize the use of
snubbers. Snubbers applied in safety-related applications are constructed to ASME Code,
Section III, Subsection NF as discussed in DCD subsection [Link].3.

A-17 Systems Interactions in Nuclear Power Plants

Discussion:

This item addresses the potential systems interactions among systems including safety-related and
nonsafety-related structures, systems, and components. There can be unintended and unrecognized
dependencies among structures, systems, and components. A number of specific types of
interactions have been addressed in other generic safety issues and NRC staff activities. These
include guidance for inclusion of internal flooding in the IPE program, requirements that address
seismically-induced systems interactions, and evaluation of electric power supplies for electric
power reliability. NUREG-0933 classifies this item as resolved with no new requirements.

Tier 2 Material 1.9-35 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response:

In addition to addressing the specific system interaction guidance mentioned above, the AP1000
was the subject of a systematic evaluation of potential adverse systems interactions documented in
WCAP-15992, "AP1000 Adverse Systems Interactions Evaluation Report" (Reference 69).

A-24 Qualification of Class 1E Safety-Related Equipment

Discussion:

Generic Issue A-24 was resolved with the publication of 10 CFR 50.49, prescribing aging and
testing for synergistic effects. The NRC has also issued Revision 1 to Regulatory Guide 1.89 for
comment. The proposed revision describes a method acceptable to the NRC staff to demonstrate
compliance with the requirements of 10 CFR 50.49.

AP1000 Response:

The AP1000 environmental qualification methodology described in Appendix 3D is based on the

generic Westinghouse qualification program approved by the NRC. The Westinghouse
methodology addresses the requirements of General Design Criteria 4 and 10 CFR 50.49, as well
as the guidance of Regulatory Guide 1.89 and IEEE Standard 323-1974. See Appendix 1A and
Reference 9.

A-25 Non-Safety Loads on Class 1E Power Sources

Discussion:

Generic Issue A-25 addresses whether nonsafety-related loads should be allowed to share
Class 1E power sources with safety-related plant systems. Past regulatory practice has allowed the
connection of nonsafety-related loads in addition to the required safety loads to Class 1E power
sources by imposing some restrictions. The purpose of this issue is for the NRC to determine
whether the reliability of the Class 1E power sources is significantly affected by the sharing of
safety and nonsafety-related loads.

The NRC considers this issue as technically resolved with the issuance of Revision 2 to
Regulatory Guide 1.75. This regulatory guide includes special requirements for connection of
nonsafety-related loads to a Class 1E source.

AP1000 Response:

The AP1000 conforms with the criteria of Regulatory Guide 1.75 with minor exceptions (see
Appendix 1A and IEEE 384-1974). The AP1000 safety-related power source is the Class 1E dc
and UPS system, which supplies power to the ac inverters for the plant instrumentation and
control systems. The system also provides power to dc loads associated with the four protection
channels and the accident monitoring system. Non-Class 1E loads powered from Class 1E sources
are limited to loads that need connection to a reliable power source. No Credible failure of non-
Class 1E equipment or systems will degrade the Class 1E system below an acceptable level.
Subsection [Link].1 provides a discussion on the Class 1E power source.

Tier 2 Material 1.9-36 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

A-26 Reactor Vessel Pressure Transient Protection

Discussion:

Generic Issue A-26 addresses the need to provide reactor vessel overpressure protection whenever
plants are in a cold shutdown condition. Branch Technical Position RSB 5-2 establishes the
current NRC criteria for a low-temperature overpressurization protection system.

AP1000 Response:

The AP1000 conforms with the criteria established in Branch Technical Position RSB 5-2. The
AP1000 pressurizer is sized to accommodate most pressure transients. Overpressure protection for
the reactor coolant system is provided by either the pressurizer safety valves or the normal residual
heat removal relief valves, as described in subsection 5.2.2.

A-28 Increase in Spent Fuel Pool Storage Capacity

Discussion:

Generic Issue A-28 addresses the safety significance of damage to spent fuel, primarily from a
lack of adequate cooling, that could result in the release of radioactivity.

AP1000 Response:

The AP1000 incorporates the NRC criteria. The heat load is evaluated for the spent fuel storage
capacity.

A-29 Nuclear Power Plant Design for the Reduction of Vulnerability to Industrial Sabotage

Description

This item addresses potential methods to reduce vulnerability to sabotage. The NRC staff
concluded that existing requirements dealing with plant physical security, controlled access to
vital areas, screening for reliable personnel appear to be effective. This item was resolved with no
new requirements.

AP1000 Response:

The passive systems in the AP1000 provided to mitigate the effects of potential accidents may
have an inherent advantage when considering potential acts of sabotage compared to the active
systems in operating plants. The AP1000 includes provisions for access control to the vital area.
The provisions for security are discussed in the AP1000 Security Design Report and outlined in
Section 13.6.

Tier 2 Material 1.9-37 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

A-31 Residual Heat Removal Requirements

Discussion:

Generic Issue A-31 addresses the desire for plants to be able to go from hot-standby to
cold-shutdown conditions (when this is determined to be the safest course of action) under an
accident condition. The safe shutdown of a nuclear power plant following an accident not related
to a loss-of-coolant accident has been typically interpreted as achieving a hot standby condition
(the reactor is shut down, but system temperature and pressure are at or near normal operating
values). There are events that require eventual cooldown and long-term cooling to perform
inspection and repairs.

AP1000 Response:

The AP1000 employs safety-related core decay heat removal systems that establish and maintain
the plant in a safe shutdown condition following design basis events. It is not necessary that these
passive systems achieve cold shutdown as defined by Regulatory Guide 1.139.

The AP1000 complies with General Design Criteria 34 by using a more reliable and simplified
system design. The passive core cooling system is employed for both hot-standby and long-term
cooling modes. Hot-standby conditions are achieved immediately and a temperature of 420°F is
reached within 36 hours. Reactor pressure is controlled and can be reduced to about 250 psig. The
passive residual heat removal system provides a closed cooling system to maintain long-term core
cooling. Passive feed and bleed cooling, using the passive injection features for the feed and the
automatic depressurization system for bleed, provides another closed-loop safety-related cooling
capability. This capability eliminates dependency on open-loop cooling systems, which have
limited ability to remain in hot standby for long-term core cooling. See Section 7.4 for a
discussion of safe shutdown and Section 6.3 for a description of the passive core cooling system.

Since the passive core cooling system maintains safe conditions indefinitely, cold shutdown is
necessary only to gain access to the reactor coolant system for inspection or repair. On the
AP1000, cold shutdown is accomplished by using non-safety-related systems. These systems are
highly reliable. They have similar redundancy as current generation safety-related systems and are
supplied with ac power from either onsite or offsite sources. See subsection 5.4.7 for a description
of the normal residual heat removal system and subsection [Link] for a discussion of cold
shutdown achieved by use of non-safety-related systems.

A-35 Adequacy of Offsite Power Systems

Discussion:

Generic Issue A-35 addresses the susceptibility of safety-related electric equipment to offsite
power source degradation. The NRC considers this issue as technically resolved with the issuance
of the Standard Review Plan, Section 8.3.1 criteria specified in Appendix A, Branch Technical
Position BTP PSB 1, "Adequacy of Station Electric Distribution System Voltages."

Tier 2 Material 1.9-38 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response:

The AP1000 ac power system is discussed in subsections 8.1 through 8.3. The AP1000 does not
require any ac power source to achieve and maintain safe shutdown.

A-36 Control of Heavy Loads Near Spent Fuel

Discussion:

Generic Issue A-36 addresses the need to review requirements, facility designs, and Technical
Specifications regarding the movement of heavy loads near spent fuel. The NRC has documented
its technical position on this issue in NUREG-0612 (Reference 10) and that issued Standard
Review Plan, Section 9.1.5, which includes NUREG-0612 as a part of the review plan.

AP1000 Response:

The AP1000 design conforms to NUREG-0612 and Standard Review Plan, Section 9.1.5. Light
load handling systems are described in subsection 9.1.4, and overhead heavy-load handling
systems are described in subsection 9.1.5.

A-39 Determination of Safety Relief Valve Pool Dynamic Loads and Temperature Limits for
BWR Containments

Discussion:

Generic Issue A-39 addresses operation of BWR primary system pressure relief valves whose
operation can result in hydrodynamic loads on the suppression pool retaining structures or those
structures located within the pool. These loads result from initial vent clearing of relief valve
piping and steam quenching due to high local pool temperatures. This USI was resolved with the
issuance of SRP Section [Link].C and a series of NUREG reports.

Generic Issue A-39 is not directly applicable to the AP1000. However, the AP1000
in-containment refueling water storage tank (IRWST) has some functional similarity to a
suppression pool when the automatic depressurization system (ADS) is actuated.

AP1000 Response:

The AP1000 in-containment refueling water storage tank design includes consideration of loads
due to automatic depressurization system operation. The effect of hydrodynamic loads is
addressed in DCD subsection [Link].2.

A-40 Seismic Design Criteria - Short Term Program

Discussion:

Generic Issue A-40 addresses a desire to identify and quantify conservatism in the seismic design
process. The Standard Review Plan, Section 3.7 provides clarification of development of
site-specific spectra, justification for use of single synthetic time-history by power spectral density

Tier 2 Material 1.9-39 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

function, location and reductions of input ground motion for soil-structure interaction, and design
of above-ground vertical tanks. The revised provisions are used for margin studies and
re-evaluations or individual plant examination for external events.

AP1000 Response:

The AP1000 conforms to the criteria outlined in the Standard Review Plan, Section 3.7. The
seismic design criteria and seismic evaluation methodology are described in Section 3.7.

The AP1000 employs generic, enveloping seismic design criteria and applies established seismic
evaluation methodology that complies with current regulations and regulatory guidance. For sites
having specific characteristics outside the range of the selected parameters, the AP1000 is
evaluated to demonstrate acceptability to the site-specific characteristics.

A-43 Containment Emergency Sump Performance

Discussion:

Generic Issue A-43 addresses technical concerns as follows:

• Pressurized water reactor sump (or boiling water reactor residual heat removal system suction
intake) hydraulic performance under post-loss-of-coolant accident adverse conditions
resulting from potential vortex formation, air ingestion, and subsequent pump failure

• The possible transport of large quantities of insulation debris generated by a loss-of-coolant

accident resulting from a pipe break to the sump debris screen(s), and the potential for sump
screen (or suction strainer) blockage to reduce net positive suction head (NPSH) margin
below that required for the recirculation pumps to maintain long-term cooling

• The capability of residual heat removal and containment spray system pumps to continue
pumping when subjected to possible air, debris, or other effects, such as particulate ingestion
on pump seal and bearing systems

AP1000 Response:

Air ingestion, vortexing, and debris blockage are not significant concerns for the AP1000.
Containment recirculation includes sump screens that conform to the criteria specified in
Regulatory Guide 1.82. The recirculation screens have a large cross-sectional area to reduce the
fluid flow velocity through the screen and to provide a large screening area to accommodate
accumulated debris. Horizontal plates located above the recirculation screens preclude debris
being deposited in the water directly adjacent to the screens. Pipe subject of loss of coolant pipe
breaks and in the vicinity of these breaks use reflective metallic insulation to preclude the
generation of fibrous insulation debris. See subsection [Link].7 for additional information on the
design of the screens and limits on use of fibrous insulation.

Since the AP1000 design does not use pumps to provide safety injection flow, the passive core
cooling system injection flow rates are substantially lower than those for plants with pumped

Tier 2 Material 1.9-40 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

injection flow. This results in lower fluid flow velocities through the screens, reducing the
potential to draw debris into the sump screens.

The containment recirculation sump piping inlet is located slightly above the compartment floor,
which is substantially below the expected flood-up water level. This precludes air ingestion in the
piping since recirculation does not initiate until the flood-up water level is well above the piping
inlet.

The elimination of pumps also eliminates concerns about the effects on safety injection capability
for vortexing, air ingestion, and blockage effects on pump net positive suction head.

The AP1000 includes the capability to use nonsafety-related normal residual heat removal pumps
to take a suction from the containment recirculation sump to provide reactor coolant system
injection. The sump screen design addresses concerns with screen debris, vortexing, and air
ingestion.

Section 6.3 provides additional information on the operation of the passive core cooling system.
Appendix 1A describes conformance with Regulatory Guide 1.82. Section 6.2 provides additional
information on the containment recirculation sump.

A-44 Station Blackout

Discussion:

Generic Issue A-44 was resolved with the publication of 10 CFR 50.63, which provides
requirements that light-water-cooled nuclear power plants be able to withstand for a specified
duration and recover from a station blackout. It specifies that an alternate ac power source
constitutes acceptable capability to withstand station blackout provided an analysis is performed
that demonstrates that the plant has this capability from the onset of the station blackout until the
alternate ac source(s) and required shutdown equipment are started and lined up to operate.

10 CFR 50.2 for the alternate ac source notes that the alternate ac power source must have
sufficient capability and reliability for operation of all systems required for coping with station
blackout for the time required to place and maintain the plant in safe shutdown.

AP1000 Response:

AC electrical power is not needed to establish or maintain a plant safe shutdown condition for the
AP1000. The ac power system is discussed in Chapter 8. In addition, two nonsafety-related
standby diesel generators are provided as alternate sources of electrical power to nonsafety-related
active systems that provide a defense-in-depth function.

A-46 Seismic Qualification of Equipment in Operating Plants

Discussion:

Generic Issue A-46 addresses the variability among operating plants in the margins of safety
provided in equipment to resist seismically induced loads and perform the intended safety

Tier 2 Material 1.9-41 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

functions. The NRC believes that the seismic qualification of equipment in operating plants must,
therefore, be reassessed to confirm the ability to bring the plant to a safe shutdown condition when
it is subject to a seismic event.

AP1000 Response:

This issue applies to operating plants and, as such, does not specifically apply to the AP1000,
which is designed in accordance with current seismic requirements. The seismic Category I
mechanical and electrical equipment utilized for the AP1000 is qualified in accordance with the
AP1000 qualification methodology discussed in Section 3.10. The methodology is based on the
generic Westinghouse qualification program previously approved by the NRC. This methodology
addresses IEEE Standard 344-1987 (Reference 13) and Regulatory Guide 1.100. See
subsection 1.9.1 (Appendix 1A).

A-47 Safety Implications of Control Systems

Discussion:

Generic Issue A-47 addresses the safety impact of non-safety-related control systems on plant
dynamics. Instrumentation and control systems used by nuclear plants comprise safety-related
protection systems and nonsafety-related control systems. Safety-related systems are used to trip
the reactor when specified parameters exceed allowable limits and to protect the core from
overheating by initiating emergency core cooling systems. Nonsafety-related control systems are
used to maintain the plant within prescribed parameters during shutdown, startup, normal load,
and varying power operation. Nonsafety-related systems are not relied on to perform any safety
functions during or following postulated accidents, but are used to control plant processes.

AP1000 Response:

For the AP1000, control system failures are considered as potential initiating events. The analyses
of these transients demonstrate that the consequences of such failures are bounded by ANS
Condition II criteria. No design basis failure of a control system violates Condition II criteria.

The integrated control system for the AP1000 obtains certain control input signals from signals
used in the integrated protection system. With the integrated control and protection system,
functional independence of the control and protection systems is maintained by providing a signal
selection device in the control system for those signals used in the protection system. The purpose
of the signal selection device is to prevent a failed signal, caused by the failure of a protection
channel, from resulting in a control action that could lead to a plant condition requiring that
protective action. The signal selection device provides this capability by comparing the redundant
signals and automatically eliminating an aberrant signal from use in the control system. This
capability exists for bypassed sensors or for sensors whose signals diverge from the expected error
tolerance.

The plant control system incorporates design features such as redundancy, automatic testing, and
self-diagnostics to prevent challenges to the protection and safety monitoring system. Chapter 7
provides a discussion of the AP1000 instrumentation and controls. The surveillance requirements
for the main and startup feedwater control are found in Technical Specifications 3.7.3 and 3.7.7.

Tier 2 Material 1.9-42 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

A-48 Hydrogen Control Measures and Effects of Hydrogen Burns on Safety Equipment

Discussion:

Generic Issue A-48 addresses postulated light water reactor accidents resulting in a degraded or
melted core that could result in the generation and release to the containment of large quantities of
hydrogen. One source of hydrogen is from the reaction of the zirconium fuel cladding with the
steam at high temperatures. The NRC requires design provisions for handling hydrogen releases
associated with rapid reaction of a large portion of fuel cladding (10 CFR 50.44 and
10 CFR 50.34).

AP1000 Response:

The AP1000 design complies with the provisions of draft changes to 10 CFR 50.44 and
10 CFR 50.34 (f). The mechanisms used to monitor and control hydrogen inside containment are
discussed in subsection 6.2.4.

A-49 Pressurized Thermal Shock

Discussion:

Generic Issue A-49 addresses transients and accidents postulated to occur in pressurized water
reactors that can result in severe overcooling (thermal shock) of the reactor vessel, concurrent with
high pressure. In these pressurized thermal shock events, rapid cooling of the reactor vessel
internal surface causes a temperature distribution across the reactor vessel wall that produces a
thermal stress with maximum tensile stress at the inside surface of the vessel. The magnitude of
the thermal stress varies with the rate of change of temperature and is compounded by coincident
pressure stresses.

As long as the fracture resistance of the reactor vessel material is relatively high, these events are
not expected to cause vessel failure. The fracture resistance of the reactor vessel material
decreases with the integrated exposure to fast neutrons. The rate of decrease is dependent on the
chemical composition of the vessel wall and weld materials.

AP1000 Response:

The AP1000 complies with the requirements of 10 CFR 50.61. Material requirements and
pressure-temperature limits are discussed in subsections 5.3.2 and 5.3.3.

B-5 Ductility of Two-Way Slabs and Shells and Buckling Behavior of Steel Containments

Discussion:

Part I - Ductility of Two-Way Slabs and Shells

Generic Issue B-5 involved a concern over the lack of information on the behavior of two-way
reinforced concrete slabs loaded dynamically in biaxial membrane tension, flexure, and shear. The

Tier 2 Material 1.9-43 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

NRC Staff concluded that there is sufficient information pertaining to the design of two-way slabs
subjected to dynamic loads and biaxial tension to enable a reasonably accurate analysis.

Part II - Buckling Behavior of Steel Containments

Generic Issue B-5 involves a concern over the lack of a uniform, well defined approach for design
evaluation of steel containments. Of particular interest was potential instability of the shell during
dynamic loadings. Based on the conclusion of the NRC Staff that existing steel containments had
adequate margins against buckling and that the issue of steel containment buckling had very little
safety impact, this item was classified as resolved with no new requirements.

AP1000 Response:

The design requirements and analysis methods used for two-way reinforced concrete slabs and for
the steel containment are outlined in DCD Section 3.8.

B-17 Criteria for Safety-Related Operator Actions

Discussion:

Generic Issue B-17 addresses the development of a time criterion for safety-related operator
actions including a determination of whether or not automatic actuation is required. The
evaluation of this issue includes Issue 27, Manual versus Automated Actions.

AP1000 Response:

The AP1000 automatically initiates the safety-related actions required to protect the plant during
design basis events. The plant systems are designed to provide the required information to the
operator to monitor plant conditions and to evaluate the performance of the safety-related passive
systems, as well as the nonsafety-related active systems. The active systems are designed to
automatically actuate and provide defense-in-depth for various plant events, to preclude
unnecessary actuation of the safety-related passive systems. The plant design also provides the
capability for a backup manual initiation of both the safety-related systems and the
nonsafety-related defense-in-depth systems.

As described in Chapter 15, the AP1000 safety systems maintain the plant in a safe condition
following design basis events. For the design basis events described in Chapter 15, this is
accomplished without the need for operator action for up to 72 hours. Operator action is planned
and expected during plant events to achieve the most effective plant response consistent with
event conditions and equipment availability. For events where operator action is taken, the plant
design maximizes the time available to complete actions for events. For example, during a steam
generator tube rupture, no operator action is required to establish safe shutdown conditions or
prevent steam generator overfill. It is expected that the main control room operators take actions
similar to those taken in current plants to identify and isolate the faulted steam generator and to
stabilize plant conditions.

Tier 2 Material 1.9-44 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

For events where operator actions are taken, the AP1000 design is based on previous experience
and the guidance of ANSI 58.8-1984 (Reference 21). At least 30 minutes is available following
design basis events for the operator to initiate planned actions.

B-22 LWR Fuel

Discussion:

Generic Issue B-22 addresses the reliability of fuel behavior predictions during normal operation
and postulated accidents. Standard Review Plan, Section 4.2 provides detailed NRC criteria for
the design of fuel and core components.

AP1000 Response:

The AP1000 reactor core design complies with the Standard Review Plan, Section 4.2. See
Section 4.2 for a discussion of the fuel system design.

B-29 Effectiveness of Ultimate Heat Sinks

Discussion:

Generic Issue B-29 addresses NRC confirmation of currently used mathematical models for
prediction of ultimate heat sink performance by comparing model performance with field data and
development of better guidance regarding the criteria for weather record selection to define
ultimate heat sink design basis meteorology.

The NRC considers this issue to be technically resolved with the publication of three reports:
NUREG-0693, NUREG-0733, and NUREG-0858 (References 23, 24 and 25).

AP1000 Response:

The AP1000 passive containment cooling system complies with Standard Review Plan,
Section 9.2.5 by providing passive decay heat removal that transfers heat to the atmosphere, which
is the ultimate heat sink for accident conditions. The passive containment cooling system is
described in subsection 6.2.2.

B-32 Ice Effects on Safety-Related Water Supplies

Discussion:

Generic Issue B-32 addresses the potential effects of extreme cold weather and ice buildup on the
reliability of various plant water supplies. Current NRC criteria are provided in Standard Review
Plan, Section 2.4.7, "Ice Effects."

AP1000 Response:

Subsection 6.2.2 describes the ultimate heat sink design and discusses the features that prevent
freezing in the passive containment cooling system.

Tier 2 Material 1.9-45 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

B-36 Develop Design, Testing, and Maintenance Criteria for Atmosphere Cleanup System Air
Filtration and Adsorption Units for Engineered Safety Features Systems and for Normal
Ventilation Systems

Discussion:

Generic Issue B-36 addresses the development of revisions to current guidance and technical
positions regarding engineered safety features and normal ventilation system air filtration and
adsorption units. The NRC considers this issue technically resolved with the issuance of
Revision 2 to Regulatory Guide 1.52 and Revision 1 to Regulatory Guide 1.140.

AP1000 Response:

The AP1000 main control room emergency habitability system (VES) includes a passive filtration
system that is contained entirely within the main control room envelope. Regulatory Guide 1.52
was written for active safety-related filtration systems. To the extent applicable, system design
criteria are established in accordance with Regulatory Guide 1.52 Revision 3. The passive
filtration portion of the AP1000 VES contains no active equipment.

B-53 Load Break Switch

Discussion:

Generic Issue B-53 addresses the use of the generator load break switch for isolating the generator
from the step-up transformer following turbine trip. Plant designs that utilize generator load circuit
breakers to satisfy the requirement for an immediate access circuit stated in General Design
Criterion 17, "Electric Power Systems," must prototype-test the generator load circuit breaker to
demonstrate functional capability.

AP1000 Response:

The AP1000 design incorporates a generator load circuit breaker to provide a reliable source of ac
power to the electrical systems. Exceptions to General Design Criteria 17, as discussed in
Section 3.1, are due to the AP1000 design not requiring ac power sources for a design basis
accident. Subsection [Link] provides further discussion.

B-56 Diesel Reliability

Discussion:

Generic Safety Issue B-56 addresses the reliability of emergency onsite diesel-generators. Diesel
reliability is a factor in the criteria associated with the resolution of Unresolved Safety Issue A-44.
The resolution of issue B-56 is the development of guidelines for an acceptable emergency diesel-
generator reliability program to ensure conformance with the emergency diesel-generator target
reliability (0.95 to 0.975) identified in the proposed resolution of Unresolved Safety Issue A-44.

Tier 2 Material 1.9-46 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response:

The AP1000 diesel-generators are not safety related. The AP1000 diesel-generator reliability is
based on diesel-generator industry standards and practices. The diesel generator is discussed in
subsection 8.3.1. The diesel generator reliability is modeled in the PRA. The reliability assurance
program is discussed in Section 16.2.

B-61 Allowable ECCS Equipment Outage Periods

Discussion:

Generic Safety Issue B-61 addresses surveillance test intervals and allowable equipment outage
periods in the technical specifications for safety-related systems. This task involves the NRC
development of analytically based criteria for use in confirming or modifying these surveillance
intervals and allowable equipment outage periods.

AP1000 Response:

The AP1000 surveillance test intervals and allowable outage times help to meet plant safety goals
while maximizing plant availability and operability. In determining these limits for the AP1000
technical specifications, a combination of NUREG-1431 precedent, system design, and safety-
related function is considered.

B-63 Isolation of Low-Pressure Systems Connected to the Reactor Coolant Pressure Boundary

Discussion:

Generic Issue B-63 addresses the adequacy of the isolation of low-pressure systems that are
connected to the reactor coolant pressure boundary. The NRC staff requires that valves forming
the interface between high- and low-pressure systems associated with the reactor coolant boundary
have sufficient redundancy to prevent the low-pressure systems from being subjected to pressures
that exceed their design limits.

AP1000 Response:

The AP1000 includes interconnections between high- and low-pressure systems. Each of these
systems interfaces contains appropriate isolation provisions. Valves at the interface between high-
and low-pressure systems have redundancy to prevent low-pressure systems from being subjected
to pressures that exceed their design limits. The AP1000 design meets the provisions of the
Standard Review Plan, Section 3.9.6.

The normal residual heat removal system interface is addressed in subsection 5.4.7. WCAP-15993
(Reference 56) provides an evaluation of the AP1000 conformance to intersystem loss-of-coolant
accident regulatory criteria.

Tier 2 Material 1.9-47 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

B-66 Control Room Infiltration Measurements

Discussion:

Generic Safety Issue B-66 addresses the adequacy of control room area ventilation systems and
control building layout to ensure that plant operators are adequately protected against the effects
of accidental releases of toxic and radioactive gases. The NRC considers this issue as being
technically resolved, and criteria have been incorporated in Standard Review Plan, Section 6.4.

AP1000 Response:

The AP1000 main control room is essentially leak-tight. A description of the control room
habitability systems is contained in Section 6.4.

Verification of design infiltration rates is as specified in Standard Review Plan, Section 6.4. The
AP1000 minimizes unfiltered in-leakage by maintaining the main control room at a slightly
positive pressure.

C-1 Assurance of Continuous Long-Term Capability of Hermetic Seals on Instrumentation and

Electrical Equipment

Discussion:

Generic Issue C-1 addresses the long-term capability of hermetically sealed instruments and
equipment that must function in post-accident environments. The NRC considers this issue as
being technically resolved with the issuance of current criteria for qualification of safety-related
electrical equipment.

AP1000 Response:

The AP1000 environmental qualification program described in response to Unresolved Safety

Issue A-24 addresses qualification of safety-related instrumentation and electrical equipment that
must function under accident conditions. This program confirms the integrity of seals employed in
the design of Class 1E equipment. See item A-24 of this subsection and Section 3.11 for AP1000
qualification methodology.

C-4 Statistical Methods for ECCS Analysis

Discussion:

Generic Issue C-4 addresses NRC development of a statistical assessment of the certainty level of
the peak clad temperature limit. Appendix K, "ECCS Evaluation Models," to 10 CFR 50 specifies
the requirements for ECCS analysis. These requirements call for conservatisms to be applied to
certain models and assumptions used in the analysis to account for data uncertainties at the time
Appendix K was written. The resulting conservatism in the calculated peak clad temperature
(PCT) has not been thoroughly compared against the uncertainty in peak clad temperature
obtained from a realistically calculated (best-estimate) LOCA. The staff allows voluntary use of

Tier 2 Material 1.9-48 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

statistical uncertainty analysis to justify relaxation of all but the required conservatisms contained
in current ECCS evaluation models.

AP1000 Response:

Chapter 15 discusses the LOCA analysis for the AP1000.

C-5 Decay Heat Update

Discussion:

Generic Issue C-5 involves following the work of research groups in determining best-estimate
decay heat data and associated uncertainties for use in LOCA calculations.

The staff has determined that the 1979 ANSI 5.1 is technically acceptable and has allowed the use
of this data to justify relaxation of non-required conservatisms in current ECCS evaluation
models. The ECCS rule change allows the use of this new data. This issue was determined to be
resolved.

AP1000 Response:

The large-break LOCA analyses for the AP1000, which employ the best-estimate
W COBRA/TRAC analysis methodology (subsection 15.6.5), use the decay heat model identified
in the 1979 ANSI 5.1 (Reference 26).

C-6 LOCA Heat Sources

Discussion:

Generic Issue C-6 addresses the impact on LOCA calculations of LOCA heat sources, their
associated uncertainties, and the manner in which they are combined. An evaluation was made of
the combined effect of power density, decay heat, stored energy, fission power decay, and their
associated uncertainties with regard to calculations of LOCA heat sources.

AP1000 Response:

See subsection 15.6.5 for a discussion of LOCA heat sources.

C-10 Effective Operation of Containment Sprays in a LOCA

Discussion:

Generic Issue C-10 addresses the effectiveness of containment sprays to remove airborne
radioactive materials that could be present within the containment following a LOCA. The NRC
considers this issue as being technically resolved with the issuance of ANSI 56.5-1979
(Reference 28), which is referenced in Standard Review Plan, Section 6.5.2.

Tier 2 Material 1.9-49 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response:

The AP1000 design does not employ a safety-related containment spray system for removal of
airborne radioactive materials in containment. Subsection [Link] provides details of source term
and mitigation techniques.

C-17 Interim Acceptance Criteria for Solidification Agents for Radioactive Solid Wastes

Discussion:

Generic Issue C-17 addresses the development of criteria for acceptability of radwaste
solidification agents. The NRC considers this issue as technically resolved with the issuance of
10 CFR 61.56.

AP1000 Response:

The AP1000 solid radwaste system transfers, stores, and prepares spent ion exchange resins for
disposal. It also provides for disposal of filter elements; sorting, shredding, and compaction of
compressible dry active wastes. The solid radwaste system does not provide for liquid waste
concentration or solidification. These functions, if used, are provided using mobile systems.
Solidification of wastes is not performed by permanently installed systems.

[Link].3 New Generic Issues

These items were identified in NUREG-0933 as New Generic Issues and surfaced after the
publication of the NUREGs that included the Task Action Plan items other unresolved safety
issues.

Issue 14 PWR Pipe Cracks

Discussion:

This issue addresses the occurrences of main feedwater line cracking found in operating plants.
This issue was classified as resolved with no new requirements.

AP1000 Response:

The design and inspection requirements for the feedwater lines are discussed in subsection 10.4.7.

Issue 15 Radiation Effects on Reactor Vessel Supports

Discussion:

Generic Safety Issue 15 addresses the potential problem of radiation embrittlement of reactor
vessel support structures. There is a potential for radiation embrittlement of the reactor vessel
support structure from long-term exposure to neutrons with an energy of 1 MeV or greater.
Embrittlement due to neutron damage may increase the potential for propagation of existing flaws.

Tier 2 Material 1.9-50 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response:

The supports for the AP1000 reactor pressure vessel are designed for loading conditions and
environmental factors including consideration of neutron fluence levels. The material
requirements include fracture toughness requirements and impact testing requirements in
compliance with ASME Code, Section III, Subsection NF requirements. The reactor pressure
vessel supports are not in the region of high neutron fluence where neutron embrittlement of the
supports would be a significant concern.

Issue 22 Inadvertent Boron Dilution Event

Discussion:

Some operating plants do not have provisions to detect boron dilution during cold shutdown. This
could result in inadvertent criticality. The NRC staff concluded that existing review criteria are
adequate. This issue was classified as resolved with no new requirements.

AP1000 Response:

The provisions in the design to preclude inadvertent boron dilution events are outlined in DCD
subsection 9.3.6.

Issue 23 Reactor Coolant Pump Seal Failures

Discussion:

Generic Safety Issue 23 addresses reactor coolant pump seal failures that challenge the makeup
capacity in PWRs. Such seal failures represent small-break loss-of-coolant accidents.

AP1000 Response:

The AP1000 reactor coolant pumps are sealless pumps. A sealless pump contains the motor and
all rotating components inside a pressure vessel designed for full reactor coolant system pressure.
The shaft for the impeller and rotor is contained within the pressure boundary; therefore, seals are
not required in order to restrict leakage out of the pump into containment. Subsection 5.4.1
provides additional information on the sealless pump design for the AP1000 reactor coolant
pumps. Since the reactor coolant pumps do not rely on seals as a reactor coolant pressure
boundary, this issue is not applicable to the AP1000.

Issue 24 Automatic ECCS Switchover to Recirculation

Discussion:

This issue addresses the issue of switchover from safety injection to recirculation using manual
valve alignment or automatic valve alignment.

Tier 2 Material 1.9-51 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response:

The AP1000 does not switch from injection to recirculation in the sense that injection is not
isolated when recirculation is opened. The AP1000 does provide for automatic opening of the
recirculation line on a low level signal from the in-containment refueling water storage tank. See
Section 6.3 for additional details.

Issue 29 Bolting Degradation or Failure in Nuclear Power Plants

Discussion:

Generic Safety Issue 29 addresses a concern about pressure boundary integrity and component
support reliability associated with bolt failures.

As documented in Generic Letter 91-17, the NRC has provided resolution of this issue. The
resolution is documented in NUREG-1339, "Resolution of Generic Safety Issue 29: Bolting
Degradation or Failure in Nuclear Power Plants," and NUREG-1445, "Regulatory Analysis for the
Resolution of Generic Safety Issue 29: Bolting Degradation or Failure in Nuclear Power Plants."
The resolution was based on a number of industry initiatives and NRC staff actions. NRC staff
actions include issuing a number of bolting-related bulletins, generic letters and information
notices. Industry initiatives include the publishing of EPRI Reports NP-5769, "Degradation and
Failure of Bolting in Nuclear Power Plants," and NP-5067, "Good Bolting Practices, A Reference
Manual for Nuclear Power Plant Maintenance Personnel."

EPRI Report NP-5769 establishes the characteristic that bolted connections exhibit leakage prior
to failure resulting from bolt degradation. The NRC has endorsed the recommendation in
NP-5769 that plant-specific bolting integrity programs be established that encompass
safety-related bolting. NUREG-1339 includes recommendations and guidelines for the content of
a comprehensive bolting integrity program.

AP1000 Response:

The elements of resolution pertain to the design, material selection, fabrication, and in-service
inspection of the bolted connections found in the AP1000. To address this, resolutions found in
NUREG-1339 are incorporated into the design, material selection, fabrication, and maintenance of
the bolted connections. The maintenance practices are addressed by the maintenance program of
the combined license holder. Conformance to ASME Code, Section III requirements for pressure
boundary components and related supports provides safe operation in the event of bolting
degradation. Because of the emphasis in the AP1000 design on access for maintenance and
inspection, the recommended maintenance practices can be implemented.

Issue 43 Reliability of Air Systems

Discussion:

This issue addresses the concern that compressed air system degradation or malfunction may
cause malfunction of safety-related systems and components. Of particular interest are air operated
valves because of problems with the quality of the air supply or the manner in which the

Tier 2 Material 1.9-52 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

compressed air system fails. Generic Letter 88-14 and NUREG-1275 were issued in response to
this issue.

AP1000 Response:

The compressed air systems are described in subsection 9.3.1. Provisions are included to maintain
the quality of the air supply. The AP1000 safety-related, air-operated valves do not rely on the air
supply to perform their safety-related function.

Issue 45 Inoperability of Instrumentation Due to Extreme Cold Weather

Discussion:

Generic Safety Issue 45 addresses the inoperability of instrumentation due to extreme cold
weather. This issue was resolved with the issuance of changes to Standard Review Plan,
Section 7.1, Appendix A to Section 7.1, Section 7.5, and Section 7.7.

AP1000 Response:

The AP1000 complies with Standard Review Plan Section 7.1, Appendix A to Section 7.1,
Section 7.5, and Section 7.7.

Issue 51 Proposed Requirements for Improving the Reliability of Open Cycle Service Water Systems

Discussion:

Generic Safety Issue 51 addresses the susceptibility of open cycle service water systems to fouling
including the buildup of aquatic bivalves and corrosion products that can significantly degrade the
performance of the system. In operating plants, the service water system is typically used to cool
safety-related equipment and to transfer decay heat to the ultimate heat sink.

AP1000 Response:

The service water system in the AP1000 provides cooling water to the component cooling water
system and has no safety-related functions. None of the safety-related equipment requires cooling
water to effect a safe shutdown or mitigate the effects of design basis events. Heat transfer to the
ultimate heat sink is accomplished by heat transfer through the containment shell to air and water
flowing on the outside of the shell.

The design of the service water system and the provisions for minimizing long-tern corrosion and
organic fouling are described in subsection 9.2.1.

Issue 57 Effects of Fire Protection System Actuation

Discussion:

Generic Safety Issue 57 addresses the potential for adverse interactions from actuation of the fire
protection system with safety-related equipment. Operating experience has shown that

Tier 2 Material 1.9-53 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

safety-related equipment subject to fire protection system water spray and other suppressant
chemicals can be rendered inoperable.

AP1000 Response:

The fire protection system and fire protection program in the AP1000 minimize the potential for
adverse interactions of safety-related equipment with the fire protection system. The means used
to achieve this result include: isolating combustible material and limiting the spread of fire by
subdividing the plant into fire areas separated by fire barriers, providing separate and redundant
safe shut down components and associated electrical divisions to preserve the ability to safely
shutdown the plant following a fire, and providing floor drains sized to remove expected
firefighting water without flooding safety-related equipment. The design of the fire protection
system is described in subsection 9.5.1.

Issue 67.3.3 Improved Accident Monitoring

Discussion:

This issue addresses weaknesses in accident monitoring. The recommended solution is to

implement Regulatory Guide 1.97.

AP1000 Response:

The guidance of Regulatory Guide 1.97 is followed to determine the appropriate parameters to
monitor in the AP1000.

Issue 73 Detached Thermal Sleeves

Discussion:

This issue addresses problems with "generation 3" thermal sleeves.

AP1000 Response:

The AP1000 does not use generation 3 thermal sleeves and includes design provisions to preclude
failures of thermal sleeves.

Issue 75 Generic Implications of ATWS Events at the Salem Nuclear Plant

Discussion:

This issue considers the failure of reactor trip breakers to open and issues related to design and
testing of the reactor protection system. Issues to be considered include the capability to record
and display reactor trip system parameters, equipment classification information,
post-maintenance testing, and reliability improvements in operating plants. Generic letter 83-28
and IE Bulletins 83-01 and 83-04 were issued by the staff with specific requirements.

Tier 2 Material 1.9-54 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response

The design of the reactor trip breakers and the reactor protection system is outlined in Section 7.1.
Information on the functional requirements for reactor trip and conformance with industry and
regulatory guidance is outlined in Section 7.2.

The provisions provided to display and record parameters used by the reactor trip system are
outlined in subsections [Link] and [Link]. Section 7.5 also provides information on
requirements for safety-related display information.

Subsection 7.1.1 identifies the safety-related functions provided by the protection and safety
monitoring system and the items that are included in the system including the reactor trip
switchgear. Conformance of safety-related systems and components to industry and regulatory
criteria is identified in subsection 7.1.4.

The reliability and fault tolerance of the protection and safety monitoring system for test
maintenance and bypass conditions are outlined in subsection [Link].

The changes in the design of the reactor trip breakers and associated logic to enhance reliability in
operating nuclear power plants have been incorporated in the AP1000 design as appropriate. The
reactor trip system includes built-in test capability.

WCAP-15800 addresses conformance with generic letters and bulletins.

Issue 79 Unanalyzed Reactor Vessel Thermal Stress During Natural Convection Cooldown

Discussion:

Generic Safety Issue 79 addresses the thermal stresses that occur in the reactor vessel head flange
during a natural circulation cooldown. High stresses in the flange or studs during a natural
circulation cooldown in PWRs could violate ASME code allowables. Cycling of the stresses could
reduce the fatigue margin. Generic Letter 92-02 repeated the reporting requirements of
10CFR 50.73 (a)(2)(ii)(B), "Licensee event report system."

AP1000 Response:

The natural circulation cooldown transient is evaluated as part of ASME Code vessel evaluations
and is discussed in Subsection [Link].2.11. The reporting requirements to address the
requirements of 10CFR 50.73 (a)(2)(ii)(B) referenced in Generic Letter 92-02 are the
responsibility of the Combined License holder.

Issue 82 Beyond Design Basis Accidents in Spent Fuel Pools

Discussion:

This issue addresses the concern of a beyond design basis accident in which the spent fuel pool is
drained and spent fuel stored there subsequently catches on fire releasing very large amounts of
radioactive contamination. This issue is classified as resolved with no new requirements.

Tier 2 Material 1.9-55 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response:

The AP1000 includes design provisions that preclude draining of the spent fuel pool. Also,
provisions are available to supply water to the pool in the event the water covering the spent fuel
begins to boil off.

Issue 83 Control Room Habitability

Discussion:

Loss of control room habitability following an accidental release of external toxic or radioactive
material or smoke can impair or cause loss of the control room operators' capability to safely
control the reactor. Use of the remote shutdown workstation outside the control room following
such events is unreliable since this station has no emergency habitability or radiation protection
provisions.

AP1000 Response:

Habitability of the main control room is provided by the main control room/control support area
HVAC subsystem of the nonsafety-related nuclear island nonradioactive ventilation system
(VBS). If ac power is unavailable for more than 10 minutes or if "high-high" particulate or iodine
radioactivity is detected in the main control room supply air duct, which would lead to exceeding
General Design Criteria 19 operator dose limits, the protection and safety monitoring system
automatically isolates the main control room and operator habitability requirements are then met
by the main control room emergency habitability system (VES). The safety-related main control
room emergency habitability system supplies breathable quality air for the main control room
operators while the main control room is isolated.

In the event of external smoke or radiation release, the nonsafety-related nuclear island
nonradioactive ventilation system provides for a supplemental filtration mode of operation, as
discussed in Section 9.4. In the unlikely event of a toxic chemical release, the safety-related main
control room emergency habitability system has the capability to be manually actuated by the
operators. Further, a 6-hour supply of self-contained portable breathing equipment is stored inside
the main control room pressure boundary.

Issue 87 Failure of HPCI Steam Line Without Isolation

Discussion:

Generic Safety Issue 87 addresses the uncertainty regarding the operability of the motor-operated
isolation valves for the steam supply lines of the high-pressure coolant injection (HPCI) system in
boiling water reactors following a postulated break in the supply line. A break in the line could
lead to high flow or high differential pressure that may inhibit closure of the isolation valve. These
valves typically cannot be tested in-situ for the design flow rates and pressures. Although the
AP1000 does not have a high-pressure coolant injection system, it does have isolation valves
designed to close against high flow or high pressure differential in the event of a postulated pipe
break.

Tier 2 Material 1.9-56 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

The issue of the operability of motor-operated valves has received considerable attention since
Generic Safety Issue 87 was initiated. The NRC provided guidance for inservice testing of
motor-operated, safety-related valves in Generic Letter 89-10. SECY-93-087 identifies the
proposed position on inservice testing of safety-related valves for advance light water reactors.
The guidance in these documents recommends that safety-related valves be tested under full flow
under actual plant conditions where practical. EPRI has a program to demonstrate operation of
motor-operated valves.

AP1000 Response:

Safety-related valves must meet the requirements of ASME Code, Section III to provide pressure
boundary integrity. Valves and valve operators are sized to provide operation under a full range of
design basis flow and pressure drop conditions. For the AP1000, safety-related motor-operated
valve designs are subject to qualification testing to demonstrate the capability of the valve to open,
close, and seat against maximum pressure differential and flow. The requirements for this testing
are based on ASME QME-1-2007, “Qualification of Active Mechanical Equipment Used in
Nuclear Power Plants.” See subsection 5.4.8 for an outline of AP1000 valve requirements.

The in-service testing program for safety-related valves is discussed in subsection 3.9.6. Motor-
operated valves are to be operability tested as outlined in subsection [Link].2.
Subsection [Link].2 includes a discussion of the factors to be considered to determine which
valves and test conditions are to be used for operability testing of power-operated valves.
Sufficient flow is provided to fully open check valves during testing unless the maximum accident
flows are not sufficient to fully open the check valve. The valves built to ASME Code, Section III
are tested in compliance with the requirements found in the ASME code, "Code for Operation and
Maintenance of Nuclear Power Plants." For additional information on inservice testing of safety-
related valves, see subsection 3.9.6.

Issue 93 Steam Binding of Auxiliary Feedwater Pumps

Discussion:

Generic Safety Issue 93 addresses the potential for a common mode failure of the pumps in an
auxiliary or emergency feedwater system. Hot water leaking through one or more isolation valves
can flash to steam at the auxiliary feedwater pump potentially resulting in the failure of the pump
to operate if required because of steam binding. The NRC addressed this issue in Bulletin 85-01,
and reinforced it in Generic Letter 88-03, by requesting that the fluid conditions in the auxiliary
feedwater system be monitored and procedures be developed to recognize steam binding and
restore the auxiliary feedwater system to operable status if steam binding should occur.

AP1000 Response:

The AP1000 does not have a safety-related auxiliary feedwater system. The passive core cooling
system provides the safety-related function of cooling the reactor coolant system in the event of
loss of feedwater. The startup feedwater system provides the steam generators with feedwater
during plant conditions of startup, hot standby, and cooldown and when the main feedwater
pumps are unavailable. The startup feedwater system has no safety-related function.

Tier 2 Material 1.9-57 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

The startup feedwater system includes temperature instrumentation in the pump discharge for
monitoring of the temperature of the startup feedwater system. The system also includes a
normally closed isolation valve and a normally closed check valve for each pump limiting
potential back leakage.

Issue 94 Additional Low-Temperature Overpressure Protection for Light Water Reactors

Discussion:

Generic Safety Issue 94 addresses the establishment of additional guidance for reactor coolant
system low-temperature overpressure protection to ensure reactor vessel and reactor coolant
system integrity beyond that identified in the resolution to Generic Safety Issue (GSI) A-26.
Low-pressure overpressurization events that occurred subsequent to the implementation of the
guidelines for resolution of GSI A-26 indicated a need for additional low-temperature
overpressure protection. To resolve this issue, the NRC issued Generic Letter 90-06 which
required a revision to plant technical specifications for operability of the low-temperature
overpressure protection system. Other possible solutions identified in GL 90-06 included
hardware modifications including use of residual heat removal system relief valves and requiring
the low temperature overpressure protection system to be fully safety related.

AP1000 Response:

The reactor vessel for the AP1000 is designed to be less susceptible to brittle fracture during low
temperature overpressure events. The material requirements and welding processes are developed
to enhance resistance to embrittlement. See subsection 5.3.2 for additional information on the
requirements to address fracture toughness of the reactor vessel.

The normal residual heat removal system is designed to provide the safety-related function of low
temperature overpressure protection for the reactor coolant system during refueling, startup, and
shutdown operations. The system is designed to limit the reactor coolant system pressure within
the limits specified in 10 CFR 50, Appendix G. The relief valve in the normal residual heat
removal system is used to provide the overpressure protection. See subsection 5.4.7 for additional
information on the design of the normal residual heat removal system and the overpressure
protection function.

Issue 103 Design for Probable Maximum Precipitation

Discussion:

Generic Safety Issue 103 addresses the methodology used for determining the design flood level
for a particular reactor site. This issue was resolved by incorporating the methodology into the
Standard Review Plan.

AP1000 Response:

This is a site-related parameter. The AP1000 is designed for air temperatures, humidity,
precipitation, snow, wind, and tornado conditions as specified in Table 2-1. The site is acceptable

Tier 2 Material 1.9-58 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

if the site characteristics fall within the AP1000 plant site design parameters in Table 2-1. For
cases where a site characteristic exceeds the envelope parameter, see Chapter 2.

Issue 105 Interfacing System LOCA at BWRs

Discussion:

Generic Safety Issue 105 addresses concerns over the adequacy of isolation valves between the
reactor coolant system and low-pressure interfacing systems in BWRs. This issue, which is limited
to pressure isolation valves in BWRs, is related to Generic Safety Issue 96, which considers the
failure of the pressure isolation valves between the reactor coolant system and the RHR system in
PWRs. Overpressurization of low-pressure piping systems due to reactor coolant system boundary
isolation failure could result in rupture of the low-pressure piping outside containment. This may
result in a core melt accident with an energetic release outside the containment building that could
cause a significant offsite radiation release. Designing interfacing systems to withstand full reactor
pressure is an acceptable means of resolving this issue.

AP1000 Response:

For information on this issue, see subsection [Link], SECY-90-016 Issues. See subsection 5.4.7
for additional information on the normal residual heat removal system design.

Issue 106 Piping and Use of Highly Combustible Gases in Vital Areas

Discussion:

Generic Safety Issue 106 addresses the normal process system use of relatively small amounts of
combustible gases on site and also addresses leaks or breaks in the hydrogen piping and supply
system that could result in the accumulation of a combustible or an explosive mixture of air and
hydrogen within the auxiliary systems building. The accumulation of combustible or explosive
mixtures of gas in the auxiliary systems building could represent a threat to safety-related
equipment if the combustible gases are inadvertently ignited.

AP1000 Response:

The AP1000 uses small amounts of combustible gases for normal plant operation. Most of these
gases are used in limited quantities and are associated with plant functions or activities that do not
jeopardize any safety-related equipment. These gases are found in areas of the plant that are
removed from the Nuclear Island (see subsection 9.3.2 for a description of the plant gas system).
The exception to this is the hydrogen supply line to the chemical and volume control system
(CVS).

The chemical and volume control system is the only system on the nuclear island that uses
hydrogen gas. Hydrogen is supplied to the AP1000 CVS inside containment from a single
hydrogen bottle. The release of the contents of an entire bottle of hydrogen in the most limiting
building volumes (both inside containment and in the auxiliary building) would not result in a
volume percent of hydrogen large enough to reach a detonable level.

Tier 2 Material 1.9-59 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

The chemical and volume control system hydrogen supply piping is routed through the turbine
building and into the auxiliary building and then into containment. The H2 supply line is routed
through the piping/valve room on elevation 100′ -0″ of the auxiliary building. The piping/valve
penetration room in the auxiliary building on elevation 100 -′ 0″ is designed as a 3-hour fire zone.
A fire in this area would not inhibit the safe shutdown of the plant. More information is contained
in Appendix 9A.

The turbine building does not house any safety-related systems or equipment. The release of
hydrogen into an area of the turbine building does not represent a threat to the safety of the plant.

The AP1000 containment has hydrogen sensors that would detect hydrogen leaks. The
containment hydrogen concentration monitoring subsystem is described in Subsection [Link].

Issue 113 Dynamic Qualification Testing of Large-Bore Hydraulic Snubbers

Discussion:

Generic Safety Issue 113 addresses the requirements for qualification and periodic operability
testing of large bore hydraulic snubber for operating plants. Large-bore hydraulic snubbers are
used to a limited extent on the AP1000 to provide support, particularly for seismic events, of
piping systems and components while allowing for movement due to thermal expansion. The
NRC, in a draft regulatory guide (SC-708-4, "Qualification and Acceptance Test for Snubbers
Used in Systems Important to Safety"), has established recommendations for testing of hydraulic
snubbers on a forward-fit basis; that is, units without a license at the time the recommendations
were established.

AP1000 Response:

The AP1000 plant uses significantly fewer hydraulic snubbers than do currently operating plants.
In addition to the recommendations in the draft regulatory guide, testing requirements have been
established in ASME OM Code – 1995 Edition up to and including the 1996 Addenda, "Code for
Operation and Maintenance of Nuclear Power Plants." Subsection [Link].3 discusses
requirements for production and qualification testing. The design of the hydraulic snubbers
permits required preoperational and inservice testing.

Subsection [Link] defines the responsibility to provide information on snubber operability testing.

Issue 120 On-Line Testability of Protection System

Discussion:

This issue is related to the protection system of some older plants that do not provide for as
complete a degree of on-line protection system testing surveillance capability as is now required.
Testing requirements and guidance are found in GDC 21, Regulatory Guides 1.22 and 1.118 and
IEEE Standard 338. This item is classified as resolved with no additional requirements.

Tier 2 Material 1.9-60 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response:

This item does not apply to the AP1000. The provision for testing of the protection system in
conformance with the regulatory guidance is found in Section 7.1.

Issue 121 Hydrogen Control for Large, Dry PWR Containments

Discussion:

Generic Safety Issue 121 concerns ongoing NRC experimental and analytical programs addressing
the likelihood of safe shutdown equipment surviving a hydrogen burn. The staff also intends to
explore the possibility and probable consequences of the formation of local detonable
concentrations in large, dry PWRs. The concerns are prediction of conditions in realistic
configurations, and containment and equipment survivability.

AP1000 Response:

The AP1000 includes provisions for hydrogen control for the unlikely severe accident cases in
which large amounts of hydrogen could be generated because of degraded core events. Analyses
were performed to examine the consequences of hydrogen burn and to evaluate the likelihood of
deflagration to detonable transitions.

For severe accident cases, the containment hydrogen control system prevents hydrogen burn
initiation at high hydrogen concentration levels. Hydrogen igniters promote burning when the
lower flammability limit is reached and limits the containment hydrogen concentration to less than
10 volume percent during and following a degraded core or core melt.

Thus, for severe accident cases, the AP1000 is designed to prevent the occurrence of hydrogen
detonation, thereby preventing the possibility of the resultant large pressure spikes in containment,
which is the source of concern for containment integrity and equipment survival. Details of the
hydrogen ignition subsystem are provided in subsection [Link].3. Placement of the hydrogen
igniters is discussed in subsection 6.2.4.

A hydrogen burn analysis shows that the AP1000 hydrogen igniter system is effective in
maintaining the hydrogen concentration throughout the containment close to the lower
flammability limit, and that the peak pressure in the containment during and following hydrogen
burn remains well below ASME service level C stress intensity limits. The hydrogen
concentration is similar in all compartments analyzed, indicating that the hydrogen released mixes
well in the AP1000 containment. The analyses predict conditions in realistic configurations. Peak
gas temperatures and pressures in each compartment for each case analyzed are provided, thus
providing the hydrogen burn thermal environment that containment equipment will experience.
Details are provided in Chapter 14 of the PRA report.

The challenge to the AP1000 containment integrity from hydrogen deflagrations and detonations
during core damage events is examined in the hydrogen deflagration and detonation analyses. This
bounding evaluation assumes that an amount of hydrogen equivalent to 100-percent active
cladding oxidation burns all at once in the AP1000 containment, with no credit taken for the
hydrogen igniters. The evaluation concludes that a hydrogen deflagration is unlikely to cause

Tier 2 Material 1.9-61 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

containment failure. Other analyses show that a deflagration to detonation transition in any part of
the AP1000 containment is unlikely. Containment failure from a detonation is not considered a
credible event for the AP1000 because of the lack of conditions supporting a deflagration to
detonation transition, the provision and placement of hydrogen igniters, and the containment
design features resulting in a well-mixed atmosphere. Details are provided in subsection 10.2.5 of
the PRA evaluation report.

The hydrogen igniters and the containment electrical and mechanical penetrations are designed to
operate in the most limiting severe accident environment, including a hydrogen burn. (See
subsection 10.2.5 of the PRA evaluation report.) The approach of using controlled burning to
prevent accidental hydrogen burn initiation provides confidence that safety-related equipment will
continue to operate during and after hydrogen burns. (See subsection 6.2.4.)

Issue 124 Auxiliary Feedwater System Reliability

Discussion:

Generic Safety Issue 124 addresses the use of probabilistic risk assessment to evaluate the
reliability of the auxiliary feedwater system. The issue was resolved by the NRC's issuing plant-
specific requirements for a few plants that did not initially have a reliability higher than a
minimum criteria.

AP1000 Response:

This issue is not applicable to the AP1000. The AP1000 does not have a safety-related auxiliary
feedwater system. The passive core cooling system provides the safety-related function of cooling
of the reactor coolant system in the event of loss of feedwater. The startup feedwater system
provides the steam generators with feedwater during plant conditions of startup, hot standby, and
cooldown and when the main feedwater pumps are unavailable. The startup feedwater system has
no safety-related function beyond containment isolation.

Issue 128 Electrical Power Reliability

Discussion:

Generic Safety Issue 128 addresses the reliability of onsite electrical systems and encompasses
GSI 48, GSI 49, and GSI A-30.

AP1000 Response:

The design basis and design criteria for the Class 1E dc and UPS system is provided in
subsections [Link].1 and [Link]. The class 1E dc and UPS system design is described in
subsection [Link].1. Specifically, this design addresses IEEE Standards 603 and 308. This
includes the following generic issues:

• Generic Safety Issue 48, LCO for Class 1E vital instrument buses in operating reactors.
Chapter 16 provides the AP1000 technical specifications. Subsections [Link].3 and
[Link].4 provide the limiting conditions for operation in the event of a loss of one or more

Tier 2 Material 1.9-62 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Class 1E 120-vac vital instrument buses and the associated inverters. The AP1000 Class 1E
buses have no tie breakers

• Generic Safety Issue 49, interlocks and LCOs for Class 1E tie breakers. Based on the
historical background, this issue is not applicable to the AP1000 design. There are no tie
breakers between the four class 1E divisions.

• Generic Safety Issue A-30, adequacy of safety-related dc power supplies. The AP1000
incorporates the following recommended enhancements:

– The Class 1E dc distribution system design is in accordance with the guidelines of

IEEE Standard 384 and Regulatory Guide 1.75.

– Four separate divisions of Class 1E dc power are provided.

The AP1000 design provides additional testing capability through the installed spare battery bank
with one installed battery charger. The spare battery bank permits frequent full-component testing
without compromising plant availability. Battery equalization can be performed off-line. The
battery and battery charger can be tested and maintained separately.

Issue 130 Essential Service Water Pump Failure at Multiple Plant Sites

Discussion:

Generic Safety Issue 130 addresses the use of shared or cross-connected essential service water
systems at sites with two or more reactor plants. During some situations the crosstied pumps may
not be available for accident mitigation operations.

AP1000 Response:

The AP1000 is a single, independent plant that does not share or cross-tie systems or components
with another plant. See Section 1.2 for a general description of the plant. This issue is not
applicable to the AP1000.

Issue 135 Integrated Steam Generator Issues

Discussion:

Generic Safety Issue 135 was initiated to provide an integrated work plan for the resolution of
steam generator issues including steam generator overfill consequences, water hammer, and eddy
current testing. The issue was divided into the following four tasks:

1. Assessing current capabilities of eddy current testing and developing recommendations.

2. Reviewing SGTR results and conclusions to develop regulatory analysis supporting Standard
Review Plan changes.

Tier 2 Material 1.9-63 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

3. Reassessing SGTR associated issues including radiological, design basis, tube integrity,
procedures, and RCS pressure control.

4. Reviewing the effects of water hammer, overfill and water carryover.

The results of the tasks will provide the staff with a basis to develop a position on offsite dose,
operator action, tube integrity, water hammer, and valve operability.

AP1000 Response:

The AP1000 design features are discussed below.

TASK 1: Appendix 1A identifies the level of conformance with Regulatory Guide 1.83,
"Inservice Inspection of Pressurized Water Reactor Steam Generator Tubes." As detailed in
Appendix 1A, the AP1000 conforms with the regulatory guidance except where state-of-the-art
advances have enhanced inservice inspection techniques. Further, as specified in
subsection [Link], the steam generators permit access to tubes for inspection and/or repair or
plugging, if necessary, per the guidelines described in Regulatory Guide 1.83. The AP1000 steam
generator includes features to enhance robotics inspection of steam generator tubes without
manned entry of the channel head.

TASK 2: Subsection [Link].4 discusses anticipated operator recovery actions and the effects of
those actions in the mitigation of a steam generator tube rupture (SGTR). As discussed in
subsection [Link], the AP1000 incorporates automatic steam generator overfill protection. The
details of the design are provided in subsection [Link], with the control logic provided in
Section 7.2.

TASK 3: The following sections of the DCD provide pertinent details on SGTR issues.

• Reassessment of radiological consequences: Subsection 15.6.3 provides details of the

scenario, analysis assumptions, and results.

• Re-evaluation of design basis SGTR: The design basis SGTR evaluated on the AP1000 is
discussed in subsection 15.6.3, providing details of the scenario, analysis assumptions and
results.

• Supplemental Tube Inspections: See subsection [Link], Appendix 1A, Regulatory

Guide 1.83.

• Denting criteria: Subsection [Link].3 provides a discussion of steam generator design and
tubing compatibility with secondary coolants.

• Improved accident monitoring and reactor vessel inventory measurement: Section 7.5
discusses the safety related display information.

• Reactor coolant pump trip: Subsection [Link].5 discusses reactor coolant pump trip.

Tier 2 Material 1.9-64 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

• Control room design: Sections 7.5 and 18.8 discuss the control room design and design
process.

• Emergency operating procedures: Subsection 18.9 addresses the development of emergency

operating procedures.

• Organizational responses: Chapter 13 identifies the requirements for organizational

responses.

• Reactor coolant pressure control: Subsection [Link] addresses primary system pressure
control.

TASK 4: Steam generator overfill, water carryover and water hammer are addressed as discussed
in subsection [Link], with the control logic provided in Section 7.2.

Issue 142 Leakage Through Electrical Isolators in Instrumentation Circuits

Discussion:

Generic Issue 142 addresses the susceptibility to leakage of isolation devices between safety- and
nonsafety-related electrical systems. The NRC requires that licensees identify isolation devices in
instrumentation circuits that are potentially susceptible to electrical leakage, define and perform an
inspection and test program, replace failed or unacceptable isolators, and implement an annual
program to inspect and test all electronic isolators between Class 1E and non-Class 1E systems.

AP1000 Response:

The use of isolation devices in the AP1000 Instrumentation and Control Architecture is described
in subsections [Link], "Isolation Devices," [Link], "Diverse Actuation System," and
WCAP-15776 (Reference 70), Section 3.9, “Conformance to the Requirements to Maintain
Independence Between Safety Systems and Other Interconnected Equipment (Paragraph [Link] of
IEEE 603-1991).” As stated in WCAP-15776, Section 3.9, the isolation devices are tested to
conform to requirements. This testing meets the requirement for an inspection and test program
and identifies those devices that are potentially susceptible to electrical leakage. Implementation
of an annual program to inspect and test all electronic isolators between Class 1E and
non-Class 1E systems is the responsibility of the Combined License holder. The use of fiber-optic
data links eliminates electrically conductive paths between receiving and transmitting terminals,
and eliminates the potential for electrically generated noise caused by leakage through an isolator.
These communication links also use extensive testing and error checking to minimize erroneous
transmissions. These data links are described in subsection [Link], "Communication Functions."
In addition, electromagnetic design, testing, and qualification is performed as described in
WCAP-15776, Section 2.6, "Design Basis: Range of Conditions for Safety System Performance
(Paragraph 4.7 of IEEE 603-1991.)"

Tier 2 Material 1.9-65 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Issue 143 Availability of Chilled Water System and Room Cooling

Discussion:

This issue relates to the need to maintain air cooling systems in some rooms containing
safety-related system components.

AP1000 Response:

This issue does not apply to the AP1000. The AP1000 does not rely on active safety systems to
provide safe shutdown of the plant. A total loss of HVAC systems will not prevent a safe
shutdown.

Issue 153 Loss of Essential Service Water in LWRs

Discussion:

This issue is related to the reliability of essential service water and the failure of such systems due
to fouling mechanisms, ice effects, design deficiencies, flooding, multiple equipment failures, and
personnel errors. This issue has been the subject of a number of generic communications from the
NRC staff.

AP1000 Response:

This issue is not applicable to the AP1000. The AP1000 does not rely on the service water and
component cooling water systems to provide safety-related safe shutdown.

Issue 163 Multiple Steam Generator Tube Leakage

Discussion:

This issue identifies a safety concern associated with potential multiple steam generator tube leaks
triggered by a main steam line break outside containment that cannot be isolated. This sequence of
events could lead to core damage due to the loss of all primary system coolant and safety injection
fluid in the refueling water storage tank.

AP1000 Response:

The AP1000 plant response to a main steam line break (MSLB) scrams the reactor automatically
and removes decay heat via the intact generator or the PRHR heat exchanger. If the MSLB is not
isolated, the RCS will continue to lose coolant after shutdown through leaking steam generator
tubes; the plant responds to the scenario as a small LOCA. The core makeup tanks drain and
produce a low level signal. The plant protection and monitoring system depressurizes the RCS via
the automatic depressurization system (ADS). The core remains covered throughout the scenario.
Once the RCS is depressurized, the much lower reactor coolant system pressure stops the water
loss through the leaking steam generator tubes. Therefore, no long-term core uncovery is
expected.

Tier 2 Material 1.9-66 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Issue 168 Environmental Qualification of Electrical Equipment

Discussion:

This issue is related to the effects of cable aging and whether the licensing basis for older plants
should be reassessed or enhanced in connection with license renewal, or whether they should be
reassessed for the current license term.

AP1000 Position:

This issue applies to operating plants and does not apply to the AP1000.

Issue 185 Control of Recriticality Following Small-Break LOCAs in PWRs

Discussion:

This issue is related to the potential for large reactivity transients, including prompt criticality, and
significant heat generation resulting from natural circulation flow of unborated water formed in
steam generators following small-break LOCAs.

AP1000 Position:

This scenario is not a safety concern for the AP1000 because of the passive safety systems
designed to mitigate the consequences of a LOCA. Specifically, the automatic depressurization
system operates to reduce primary system pressure and, thus, prevents significant heat transfer in
the steam generators. Consequently, the steam generators should not generate any significant
amount of boron-free condensate via reflux condensation over an extended period during a LOCA
event. In the AP1000 design, the steam generator functions as a "heat source" as the RCS
depressurizes, rather than a "heat sink" as it does in conventional PWR designs. Therefore, the
differential temperature across the primary and secondary side of the generators is such that steam
from the reactor will not condense on the tubes.

Another important design feature of the AP1000 that reduces the significance of this event is the
elimination of the loop seal in the inlet to the reactor coolant pump. By elimination of the
crossover leg piping, a large volume of boron-free condensate cannot collect in the loop piping.
Thus, restart of the reactor coolant pumps following a LOCA will not result in a large slug of
unborated water entering the core.

Post-LOCA, the PRHR heat exchanger can act as a heat sink and potentially could be a source of
unborated water post-LOCA. However, condensate from the PRHR heat exchanger outlet mixes
with the borated injection from the core makeup tanks and accumulators, and adequately mixes in
the reactor vessel downcomer to prevent post-LOCA boron dilution. Long-term boration of the
core is provided by the injection from the borated IRWST.

Tier 2 Material 1.9-67 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Issue 191 Assessment of Debris Accumulation on PWR Sump Performance

Discussion:

This issue addresses new contributors to debris and possible blockage of PWR sumps. Generic
Letter (GL) 2004-02 (Reference 2), issued in September 2004, identified actions that utilities must
take to address the sump blockage issue. The NRC position is that plants must be able to
demonstrate that debris transported to the sump screen after a LOCA will not lead to unacceptable
head loss for the recirculating flow. For the AP1000, this requirement is interpreted as
demonstrating that debris transported to recirculating screens will not significantly impede flow
through the PXS and will not adversely affect the long-term operation of the PXS.

AP1000 Position:

The AP1000 Nuclear Power Plant uses natural recirculation for cooling the core following a loss
of coolant accident (LOCA).

Screens are provided in strategic areas of the plant to remove debris that might migrate with the
water in containment and adversely affect core cooling. Accordingly, it must be assured that the
screens themselves are not susceptible to plugging.

Technical report APP-GW-GLR-079 (Reference 71) evaluates the potential for debris to plug the
AP1000 screens consistent with Regulatory Guide 1.82 Revision 3 and subsequently issued
Nuclear Regulatory Commission guidance. The evaluation considers the various potential
contributors to screen plugging. It considers debris that could be produced by a LOCA as well as
resident fibers and particles that could be present in containment prior to the LOCA. It considers
the AP1000 containment design, equipment locations, and containment cleanliness program. The
evaluation uses debris characteristics based on sample measurements from operating plants and
evaluates the generation of chemical precipitants considering materials used inside the AP1000
containment, the post-accident water chemistry, and applicable research and testing. The AP1000
screen designs are acceptable.

[Link].4 Human Factors Issues

These issues were outlined in the Human Factors Program Plan and are documented in
NUREG-0985, Revision 1. The Human Factors Program Plan includes the human factors tasks
required to address NUREG-0660.

HF4.4 Guidelines for Upgrading Other Procedures

Discussion:

The need was evaluated to develop technical guidance for use in upgrading normal operating
procedures and abnormal operating procedures, similar to what the NRC staff completed for
emergency operating procedures. NUREG-0933 classified this item as resolved with no new
requirements.

Tier 2 Material 1.9-68 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response:

The process to manage the development, review and approval of AP1000 Normal Operating,
Abnormal Operating, Emergency Operating, Refueling and outage planning, Alarm response,
Administrative, Maintenance, Inspection, Test and Surveillance Procedures as well as the
procedures which address the operation of post-72 hour equipment is delineated in
APP-GW-GLR-040 (Reference 72).

Writer’s Guidelines have been developed which control the preparation of Normal Operating
Procedures and Two-Column Format Procedures. The Writer’s Guidelines establish programmatic
guidelines. The criteria and methodology for procedure development is described in this technical
report and in Westinghouse Writer’s Guidelines, and Human Factors-related procedures have
been developed in accordance with these criteria/guidelines.

HF5.1 Local Control Stations

Discussion:

Human Factors Issue 5.1 addresses the need to develop additional guidance for the design of local
control stations.

AP1000 Response:

The AP1000 local control stations are designed using the same human factors engineering (HFE)
design process as is used for the main control room (MCR). The human factors engineering design
process is described in Chapter 18 of the DCD. Subsection 18.8 provides a description of the
human system interface (HSI) design element of the overall design process. As part of the human
system interface design process, design guidelines for each interface, such as workstation displays,
are generated. These guidelines are used when designing the respective interface and control
stations. This provides consistency of human system interface design, including local control
stations, with the main control room.

HF5.2 Review Criteria for Human Factors Aspects of Advanced Controls and Instrumentation

Discussion:

Human Factors Issue 5.2 addresses review criteria for human factors aspects of advanced controls
and instrumentation.

AP1000 Response:

Chapter 18 of the DCD describes the human factors engineering (HFE) program for the AP1000.
Section 18.4 includes a description of the Functional Requirements Analysis and Allocation
(element 3) for the AP1000. The objective of this allocation process is to define the AP1000
safety function requirements and allocate functions between the human and the machine
appropriately. Section 18.8 also presents the implementation plan for the human system interface
(HSI) design. This description of the human system interface design process includes the

Tier 2 Material 1.9-69 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

development of design guidelines, the execution of man-in-the-loop concept testing, review of

human system interface design, and the use of a full-scale mockup.

The AP1000 human system interface (HSI)/man-machine interface (MMI) includes the following
resources:

• Alarm system
• Computerized Procedure System
• Plant Information System
• Qualified Data Process System (QDPS)
• Controls (dedicated and soft)
• Wall Panel Information System (WPIS)

The implementation plan for the design of each of these human system interfaces (HSI design) is
described in section 18.8. The mission statements and high-level information for each of these
resources is also provided in Section 18.8. The plant information system provides display at the
operators workstation. The qualified data process system provides qualified (Class 1E) displays to
operator, located at the dedicated safety panel. The alarm system provides alarm overviews which
are integrated into the wall panel information system and it provides alarm support displays at the
operator’s workstation. Alarms are integrated into the workstation displays. There will be a
navigational link from an alarm support display for a specific alarm to its associated alarm
response procedure as presented to the operator by the computerized procedure system. Design
guidelines for each human system interface is developed as part of the human system interface
design (as described in subsection 18.8). These design guidelines are developed from existing
industry guidelines and considerations specific to the technology planned for the human system
interface. Human factors engineering specialists are part of the human factors engineering/
man-machine interphase design team (DCD Section 18.2) and will be involved in the
development of the design guidelines.

1.9.5 Advanced Light Water Reactor Certification Issues

This subsection addresses the advanced light water reactor issues identified by the NRC in
SECY-90-016 (Reference 29), in the February 27, 1992 NRC letter from D. M. Crutchfield to
E. E. Kintner (Reference 30).

[Link] SECY-90-016 Issues

The following issues were outlined in SECY-90-016 (Reference 29).

[Link].1 Advanced Light Water Reactor Public Safety Goal

NRC Position:

Based on current regulatory guidance, including the NRC Severe Accident Policy Statement,
Standardization Policy Statement, and Safety Goal Policy Statement, it is expected that any new
standard plant design will result in a higher level of severe accident safety than current plant

Tier 2 Material 1.9-70 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

designs. This is achieved by improving safety and by striking a balance between accident
prevention and mitigation.

The overall objective of the public safety goal is to significantly reduce or eliminate the likelihood
of known major safety issues.

The safety goals approved by the NRC in the Staff Requirements Memorandum to SECY-90-016
(Reference 31) are as follows:

• The mean core damage frequency target for each design should be less than 1.0x10-4 per
reactor year.

• The overall mean frequency of a large release of radioactive materials to the environment
from a reactor accident should be less than 1 in 1,000,000 per year of reactor operation,
where a large release is defined as one that has a potential for causing an early offsite fatality.

AP1000 Response:

The AP1000 level 1, 2, and 3 PRA evaluations for both internal and external events (excluding
seismic events) demonstrate conformance with the NRC safety goals. The AP1000 PRA evaluates
shutdown events and provides additional information and specific results.

[Link].2 Use of Physically-Based Source Term

NRC Position:

As noted in SECY-95-172 (Reference 57), the NRC plans to use the accident source term model
from NUREG-1465 (Reference 58). This source term model provides a physically based approach
to modelling of activity releases from the reactor core to the containment in the event of a core
degradation accident. As discussed in SECY-94-302 (Reference 59), for the design basis accident,
release of activity from the core will not be assumed to extend beyond the in-vessel release phase.

In calculating the radiological consequences of accidents, as stated in Reference 57, the NRC
intends to use the model presented in SECY-94-194 (Reference 60) which identifies the proposed
changes to 10 CFR Parts 50 and 100. The pertinent features that will be applied to the
determination of accident radiological consequences are:

• In place of thyroid and whole body dose limits, dose limits are specified as total effective
dose equivalent (TEDE). The offsite dose limits of 25 rem whole body and 300 rem thyroid
are replaced by a limit of 25 rem TEDE. The dose limit for the control room operators
(currently identified in SRP Section 6.4 as 5 rem whole body, 30 rem thyroid, and 30 rem
beta skin) is replaced by 5 rem TEDE which is consistent with GDC 19.

• Instead of calculating the site boundary dose over the first two hours of the accident, the dose
is to be calculated for the two hour interval over which the highest dose would be calculated.

Tier 2 Material 1.9-71 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response:

The AP1000 radiological consequence analysis utilizes the accident source term provided in
Regulatory Guide 1.183.

[Link].3 Anticipated Transients Without Scram (ATWS)

NRC Position:

This former unresolved safety issue was resolved with the issuance of Rule 10 CFR 50.62.
Requirements for currently operating pressurized water reactors include diverse reactor trip
(except for Westinghouse plants) and diverse actuation of auxiliary feedwater and turbine trips.

The Staff Requirements Memorandum to SECY-90-016 (Reference 31) approved the requirement
for diverse reactor trip systems for evolutionary advanced light water reactors. However, it added
that if the applicant can demonstrate that the consequences of an anticipated transient without
reactor trip are acceptable, the NRC should accept the demonstration as an alternative to the
diverse reactor trip system.

AP1000 Response:

The AP1000 complies with the current rules on an anticipated transient without reactor trip as
specified in 10 CFR 50.62.

The AP1000 design includes the following design features aimed at minimizing the probability of
occurrence of an anticipated transient without reactor trip and at mitigating the consequences if it
occurs.

• The design of the protection and safety monitoring system is highly reliable, using a two out
of four coincidence logic and featuring continuous diagnostic testing. The system
incorporates fail-safe features to the extent practical. It is designed to generate a reactor trip
signal and to generate an actuation signal for most engineered safety features components
when protection system failures occur.

• For a reactor trip, the switchgear consists of eight circuit breakers arranged in a two out of
four matrix located in two separate cabinets. The trip is implemented by undervoltage trip
attachments and diverse shunt trip devices on the circuit breakers. To initiate a reactor trip,
power is interrupted to the undervoltage trip attachment, while the shunt trip attachment is
energized. Either device trips the breaker. The eight-breaker configuration permits testing of
the reactor trip breakers without the use of auxiliary bypass breakers.

• The reactor trip switchgear can be actuated manually from the main control room by reactor
trip switches hard-wired to the shunt trip attachment and undervoltage coils for each reactor
trip breaker. In addition, it is possible to manually initiate a reactor trip from the main control
room by turning off the motor-generators that provide power for control rod operation.

Tier 2 Material 1.9-72 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

• A nonsafety-related diverse actuation system is included in the AP1000 design. The diverse
actuation system inserts control rods by de-energizing the field windings of the control rod
motor-generators.

• The diverse actuation system trips the turbine and diversely actuates selected other
engineered safeguards functions. Additional details of the diverse actuation system are
included in Section 7.7.

Section 15.8 describes the evaluation of an anticipated transient without reactor trip.

[Link].4 Midloop Operation

NRC Position:

Loss of decay heat removal function has occurred on a number of occasions in operating plants. In
response to these events, the NRC issued Generic Letter 87-12 requesting that operating plants
provide information regarding mid-loop operation. Generic Letter 88-17 requested additional
information and provided guidance to operating utilities. Subsequent NRC evaluations have
indicated that loss of decay heat removal during midloop operation may contribute significantly to
public risk.

It is the NRC position that for future plants, conformance with Generic Letter 88-17 is
insufficient, and additional hardware features should be incorporated into the design.

The Staff Requirements Memorandum to SECY-90-016 (Reference 31) approved the proposed
NRC position, with the following four additional recommendations made by the ACRS:

• Design provisions to help ensure continuity of flow through the core and residual heat
removal system with low liquid levels at the junction of the decay heat removal system
suction lines and the reactor coolant system

• Provisions to ensure availability of reliable systems for decay heat removal

• Instrumentation for reliable measurements of liquid levels in the reactor vessel and at the
junction of the decay heat removal system suction lines and the reactor coolant system

• Provisions for maintaining containment closure or for rapid closure of containment openings.

AP1000 Response:

The following features are incorporated into the design of the reactor coolant system and the
normal residual heat removal system for continued performance of the residual heat removal
function during midloop operation:

• The layout of the reactor coolant system hot leg piping and the steam generator channel head
is such that installation of the nozzle dams can be performed with an 80 percent level in the
hot leg piping. This is about 9 inches above the actual hot leg piping midplane elevation.
(The hot leg piping has a 31-inch inside diameter.)

Tier 2 Material 1.9-73 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

• A specially designed vortex breaker is used for the normal residual heat removal system
suction nozzle. This vortex breaker connects vertically to the bottom of the hot leg piping.
The normal residual heat removal system suction piping is connected to the bottom of this
vortex breaker. With the vortex breaker, the amount of air entrainment remains below
10 percent unless the hot leg is essentially drained. Therefore, the potential for a loss of
normal residual heat removal system flow and damage to the normal residual heat removal
pump is substantially reduced.

• The normal residual heat removal pump suction piping is designed to be self-venting by
sloping the lines continuously upward from the pump to the hot leg connection at the vortex
breaker. If the pump should stop during midloop operation, any air bubbles present in the
pump or suction piping are vented back up through the suction line to the water surface in
the hot leg. This feature allows the operator to rapidly restart the pump with an air-free
suction line.

• The normal residual heat removal pumps are designed to minimize cavitation and other
adverse conditions when operating with minimal subcooling of the reactor coolant.
Specifically, the plant piping layout configuration (such as piping elevations and routing) and
the available and required pump net positive suction head characteristics allow the normal
residual heat removal pumps to be started and operated at their full design flow rates, with
saturation conditions in the reactor coolant system (associated with boiling in the reactor
vessel). Therefore, the normal residual heat removal system is readily restored after a
temporary loss of decay heat removal.

• The core makeup tanks, accumulators, and the in-containment refueling water storage tank
are isolated, but can be manually actuated during midloop operations. In addition, the
in-containment refueling water storage tank is automatically actuated on a sustained loss of
shutdown decay heat removal. This arrangement provides a reliable water source for
maintaining the reactor coolant system inventory that is either automatically or manually
actuated.

• Redundant narrow-range level instrumentation indicates the reactor coolant system water
level between the bottom of the hot leg and the top of the steam generator inlet elbow.
Indication and low level alarms are provided in the main control room. In addition, this
instrumentation actuates the in-containment refueling water storage tank makeup.

• Wide-range pressurizer level instrumentation used during cold plant operations is expanded
to the bottom of the hot legs. This provides a continuous level indication in the main control
room, from the normal level in the pressurizer to the range of the two narrow-range hot leg
level instrumentation.

• Normal residual heat removal system heat exchanger discharge flow instrumentation
provides main control room indication of return flow to the reactor vessel. A low-flow alarm
alerts the operator to a decrease in normal residual heat removal system return flow from
either heat exchanger.

Tier 2 Material 1.9-74 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

• The drain-down of the reactor coolant system to the midloop operating level and the
subsequent reactor coolant system inventory control during midloop operation are performed
by the operator from the main control room.

The plant design precludes the need to locally coordinate actions in the containment with the main
control room operators to control the reactor coolant system drain-down rate and level.

• Reactor coolant system hot leg wide range temperature instruments are provided in each hot
leg. The orientation of the wide range thermowell-mounted resistance temperature detectors
enable measurement of the reactor coolant fluid in the hot leg when in reduced inventory
conditions. In addition, at least two incore thermocouple channels are available to directly
measure the core exit temperature during midloop residual heat removal operation. These
two thermocouple channels are associated with separate electrical divisions.

• The automatic depressurization system first-, second-, and third-stage valves, connected to
the top of the pressurizer, are open whenever the core makeup tanks are blocked during
shutdown conditions while the reactor vessel upper internals are in place. This provides a
vent flow path to preclude pressurization of the reactor coolant system during shutdown
conditions when decay heat removal is lost. This also allows the in-containment refueling
water storage tank to automatically provide injection flow if it is actuated on a sustained loss
of decay heat removal.

Administrative controls require containment closure capability in modes 5 and 6, during reduced
inventory operations, and when the upper internals are in place. Containment closure capability is
defined as the capability to close the containment prior to core uncovery following a loss of the
normal decay heat removal system (that is, normal residual heat removal system). The
containment design also includes penetrations for temporary cables and hoses needed for
shutdown operations. These penetrations are isolated in an emergency.

In addition to these design features, appropriate procedures are defined to guide and direct the
operator in the proper conduct of midloop operation and to aid in identifying and correcting
abnormal conditions that might occur during shutdown operations.

[Link].5 Station Blackout

NRC Position:

The NRC has issued NUREG-0649 (Reference 34), NUREG-1032 (Reference 35), and
NUREG-1109 (Reference 36) to address the unresolved safety issue of station blackout (USI-44).
See subsection 1.9.4 for a discussion of USI-44.

To resolve this issue, the NRC published 10 CFR 50.63 and Regulatory Guide 1.155, which
establish new requirements so that an operating plant can safely shut down following a loss of all
ac power. SECY-94-084 (Reference 67), discusses station blackout for passive plants.

Tier 2 Material 1.9-75 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response:

The AP1000 is in conformance with the NRC guidelines for station blackout.

The AP1000 design minimizes the potential risk contribution of station blackout by not requiring
ac power sources for design basis events. Safety-related systems do not need nonsafety-related ac
power sources to perform safety-related functions.

The AP1000 safety-related passive systems automatically establish and maintain safe shutdown
conditions for the plant following design basis events, including an extended loss of ac power
sources. The passive systems can maintain these safe shutdown conditions after design basis
events, without operator action, following a loss of both onsite and offsite ac power sources.
Subsection [Link] provides additional information on long-term actions following an extended
station blackout beyond 72 hours.

The AP1000 also includes redundant nonsafety-related onsite ac power sources (diesel-generators)
to provide electrical power for the nonsafety-related active systems which provide defense in
depth.

AP1000 design features that mitigate the consequences of a station blackout are as follows:

• A full-load rejection capability to reduce the probability of loss of onsite power

• Safety-related passive residual heat removal heat exchanger

• Safety-related passive containment cooling

• Bleed and feed capability, using the safety-related automatic depressurization system in
conjunction with the water available from the core makeup tanks, the accumulators, and the
in-containment refueling water storage tank

• Class 1E batteries sized for 72 hours of operation under station blackout conditions

• Nonsafety-related reserve auxiliary transformers to provide power to selected ac power

systems

• A nonsafety-related ac power system that includes two diesel-generators that automatically

start on loss of offsite power

• An automatic nonsafety-related load-sequencing circuit that starts the following redundant

nonsafety-related equipment after a loss of offsite power, once the associated diesel-generator
is started:

– Startup feedwater pump

– Component cooling water pump
– Service water pump

• Reactor coolant pumps without shaft seals

Tier 2 Material 1.9-76 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

• Passive cooling for the rooms containing equipment assumed to operate during station
blackout conditions (the protection and safety monitoring system cabinet rooms and the main
control room) so that this equipment continues to operate. (Section 6.4 provides additional
information.)

[Link].6 Fire Protection

NRC Position:

Current fire protection criteria are contained in GDC 3 and 10 CFR 50.48, guidelines for
compliance with these criteria are provided in the Standard Review Plan, Section 9.5.1, including
Branch Technical Position CMEB 9.5-1. Reference 9 identifies the following enhancements:

• Alternative, dedicated shutdown capability for main control room fires.

• Safe shutdown capability required for a fire in any other fire area, without reliance on any
equipment in that area or re-entry into that area for repairs or for performance of operator
actions.

• Fire protection for redundant shutdown systems in the reactor containment building must be
provided to ensure, to the extent practicable, that on shutdown the division will be free of fire
damage.

• Migration of smoke, hot gases, or fire-suppressant chemicals into other applicable fire areas
must be minimized by design to prevent any adverse impact on safe shutdown capability,
including operator actions.

SECY-98-161 (Reference 66) presents the results of the NRC review of the AP1000 Fire
Protection System.

AP1000 Response:

Enhanced fire protection has been one of the goals of the AP1000 design. The following physical
separation philosophy is used:

Outside Containment:

• Within the nuclear island, redundant divisions of safety-related equipment outside

containment are located in safety-related areas separated from each other and from other
areas in the plant by fire barriers with a minimum fire resistance rating of 3-hours to provide
that safe shutdown can be achieved. Since most safety-related mechanical equipment is
located inside containment, this applies primarily to the protection and safety monitoring
system and the Class 1E dc and UPS system.

Tier 2 Material 1.9-77 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

• Each safety-related area is provided with ventilation isolation provisions at the fire barrier
boundaries to minimize the migration of smoke, hot gasses, or fire suppressant chemicals
into other safety-related areas. Fiber-optic cables are used to provide communication between
redundant protection and safety monitoring divisions.

• Exceptions to the use of three-hour fire barriers outside containment are made only in cases
where physical separation conflicts with other requirements or where the equipment is not
clearly division oriented, such as the main control room, the remote shutdown room, the
main steam tunnel, and the passive containment cooling system valve room.

Inside Containment:

• The containment is a single fire area. Separation by three-hour fire barriers inside
containment is not practical due to issues of hydrogen venting, compartment pressure
equalization, and during high-energy line breaks and for system functionality. To the extent
practical, separation is provided between redundant safety-related equipment.

• Separation between redundant safety-related equipment is accomplished by using existing

structural walls. Where this is not possible, other methods are used, such as physical
separation with no intervening combustibles.

• To the extent practical, the containment is split into two different fire zones for the purpose
of routing of protection and safety monitoring system cabling and electrical power cabling.
Divisions A and C cabling is routed below the operating deck, while Divisions B and D
cabling is routed above the operating deck. Additional separation is provided by existing
floors and walls and by the physical separation of cabling runs. Protection for the primary
input sensors and the final actuation devices is accomplished by the physical separation of
the various sensors and components using existing containment walls as barriers.

• The in-containment fire area contains reduced combustible material due to the use of sealless
reactor coolant pump motors that do not use oil lubrication and due to strict combustible
material limitations.

Main Control Room:

• Functionality requirements dictate that the main control room be a single fire zone. Features
are included in the main control room to:

– Reduce the probability of fire initiation

– Reduce the likelihood of fire spreading
– Increase the probability of fire detection
– Effectively mitigate the effects of a fire

• In the event of main control room evacuation, safe shutdown conditions are established and
maintained using the remote shutdown workstation.

Tier 2 Material 1.9-78 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

See Appendix 9A.3 for information on the main steam tunnel and the passive containment cooling
system valve room. See subsection 9.5.1 and Appendix 9A for additional information.

[Link].7 Intersystem LOCA

NRC Position:

Overpressurization of low-pressure piping systems due to reactor coolant system boundary

isolation failure could result in rupture of the low-pressure piping outside containment. This may
result in a core melt accident with an energetic release outside the containment building that could
cause a significant offsite radiation release.

It is the NRC position that designing interfacing systems to withstand full reactor pressure is an
acceptable means of resolving this issue. The Staff Requirements Memorandum to SECY-90-016
(Reference 31) added that consideration should be given to all elements of the low-pressure
system (such as instrument lines, pump seals, heat exchanger tubes, and valve bonnets). For
interfacing systems not designed to withstand full reactor coolant system pressure, it is necessary
to provide leak testing capability for the pressure isolation valves, main control room position
indication for de-energized reactor coolant system isolation valves, and high pressure alarms to
alert control room operators when increasing reactor coolant system pressure approaches the
design pressure of attached low-pressure systems and both isolation valves are not closed.

AP1000 Response:

The AP1000 has incorporated various design features to address intersystem loss-of-coolant
accident challenges. These design features result in very low AP1000 core damage frequency for
intersystem loss-of-coolant accidents compared with operating nuclear power plants. The design
features are primarily associated with the normal residual heat removal system and are discussed
in Section 3 of WCAP-15993 (Reference 56) as well as DCD subsection 5.4.7. WCAP-15993 was
prepared to document the evaluation of the AP1000 for conformance to the intersystem
loss-of-coolant accident regulatory criteria identified in various NRC documents. See that
document for additional information on conformance to intersystem loss-of-coolant accident
regulatory criteria.

[Link].8 Hydrogen Generation and Control

NRC Position:

It is the NRC position that the likelihood of early containment failure from hydrogen combustion
should be reduced. Because of the uncertainties in the phenomenological knowledge of hydrogen
generation and combustion, advanced light water reactors should be designed to:

• Accommodate hydrogen equivalent to 100 percent metal-water reaction of the fuel cladding
• Limit containment hydrogen concentration to no greater than 10 percent

Further, because hydrogen control is necessary to preclude local concentrations of hydrogen below
detonable limits, and given uncertainties in present analytical capabilities, advanced light water
reactors should provide containment-wide hydrogen control (such as igniters or inerting) for

Tier 2 Material 1.9-79 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

severe accidents. Additional advantages of providing hydrogen control mitigation features (rather
than reliance on random ignition of richer mixtures) includes the lessening of pressure and
temperature loadings on the containment and essential equipment.

AP1000 Response:

The AP1000 design includes mechanisms for monitoring and controlling hydrogen inside the
containment. The containment hydrogen control system maintains hydrogen concentrations below
10 percent following the reaction of 100 percent of the zircaloy cladding.

Passive autocatalytic hydrogen recombiners control hydrogen concentration following design basis
events. Nonsafety-related hydrogen igniters control rapid releases of hydrogen during and after
postulated events with degraded core conditions or with core melt.

Sufficient vent area is provided for each subcompartment in the containment to prevent high local
concentrations of hydrogen.

The containment air filtration system provides a capability to purge the containment atmosphere.

See subsection 6.2.4 for additional information.

[Link].9 Core-Concrete Interaction - Ability to Cool Core Debris

NRC Position:

Containment integrity could be breached in the event of a severe accident in which the core melts
through the reactor vessel, resulting in interaction between core debris and concrete, which can
generate large quantities of hydrogen and other gases. It is the NRC position that sufficient reactor
cavity floor space be provided to enhance debris spreading, and that a method for quenching
debris in the reactor cavity be incorporated. The NRC staff has not formulated specific criteria for
debris bed coolability and reviews each vendor's design to determine how they address the general
criteria for debris spreading and quenching.

AP1000 Response:

The AP1000 design provides superior protection against core-concrete interaction by reliably
depressurizing the reactor vessel and flooding the reactor cavity to cool the vessel and prevent
debris from relocating from the vessel into the containment. Based on the DOE/ARSAP analysis
of the thermal-hydraulics of in-vessel debris retention (see Section 19.39 and Appendix 19B as
supported by Theofanous, T. G., et al., Reference 62) performed using the Risk Oriented Accident
Analysis Methodology, the AP1000 has a large margin to reactor vessel failure in the
depressurized, flooded cavity condition. This strategy eliminates the large uncertainties associated
with ex-vessel debris relocation that could result in containment failure even while meeting the
NRC criteria for debris coolability in the cavity.

In the event that cavity flooding fails, the floor area under the vessel provides debris spreading
area to enhance the coolability of the debris. The AP1000 containment design drains the water
from the reactor coolant system, core makeup tanks and accumulators to the reactor cavity to

Tier 2 Material 1.9-80 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

provide enough water to quench ex-vessel debris. The heat is ultimately removed from the
containment via the passive containment cooling system, and the condensate is returned to the
cavity to continue to provide cooling water to the debris bed.

[Link].10 High Pressure Core Melt Ejection

NRC Position:

Direct containment heating associated with the ejection of molten core debris, under high
pressure, from the reactor vessel can result in a rapid addition of energy to the containment
atmosphere. It is the NRC position that, pending completion of ongoing research, it is prudent to
provide protection against this potential failure mode. This protection should include the
following two aspects:

• Providing a rate of reactor coolant system depressurization to preclude molten core ejection
and creep rupture of steam generator tubes

• Arranging the reactor cavity so that high-pressure core debris ejection resulting from reactor
vessel failure does not impinge on the containment boundary

AP1000 Response:

The AP1000 design includes an automatic depressurization system that is redundant, diverse,
independent of ac power sources, and automatically actuated. The automatic depressurization
system can also be manually actuated. Any of the automatic depressurization system lines can
sufficiently reduce the reactor coolant system pressure to help preclude direct containment
heating. Subsection 5.4.6 and Section 6.3 provide additional information on the automatic
depressurization system.

In addition, the reactor cavity region and lower containment of the AP1000 are designed to
preclude transport of significant core debris to the upper containment in the unlikely event of a
high pressure melt ejection scenario from the reactor vessel. This is a passive feature involving the
geometric configuration of the reactor cavity lower containment. There is no direct pathway from
the cavity to the upper compartment.

[Link].11 Containment Performance

NRC Position:

The NRC opinion is that because there are substantial uncertainties in core damage predictions,
and because it is very important to maintain defense in depth, it is necessary that the containment
boundary serve as a reliable barrier against fission product release for credible severe accident
challenges. Hence, a containment performance criterion has been proposed by the NRC.

Tier 2 Material 1.9-81 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

The objective of the containment performance criterion is to provide a leaktight barrier against
radioactive releases for two distinct categories of severe accident challenges:

• Rapid energy release, hydrogen combustion, and initial release of stored reactor coolant
system energy

• Slow energy release, including decay heat and noncondensible gas generation, due to
core-concrete interaction

The NRC position is that the reactor containment boundary should serve as a reliable barrier
against fission product release for credible severe accident challenges. A conditional containment
failure probability of 0.1 should be used unless a deterministic containment performance goal can
offer comparable protection.

An alternate deterministic criterion proposed in SECY-90-016 (Reference 29) states that "...The
containment should maintain its role as a reliable leak tight barrier by ensuring that containment
stresses do not exceed ASME service level C limits for a minimum period of 24 hours following
the onset of core damage..."

This capability should, to the extent practical, be provided by the passive capability of the
containment and any related passive design features. The NRC further believes that following this
24-hour period, the containment should continue to provide a barrier against the uncontrolled
release of fission products.

AP1000 Response:

The AP1000 design includes several features to minimize the potential for large fission product
releases in the event of a severe accident. These features are aimed at both the prevention and the
mitigation of severe accident phenomena that can threaten containment integrity. An adequate
margin to containment performance is maintained.

The AP1000 containment is continuously cooled by natural air circulation outside the steel shell.
During accident conditions, water drains on the outside of the containment vessel to increase heat
transfer. The containment design best-estimate performance analysis alone shows that the
maximum containment pressure reached maintains the containment shell stresses below the
ASME Code Service Level C stress intensity limits, using a factor of safety of 1.5 for buckling of
the top head.

Additionally, the probability of containment bypass scenarios is reduced by improved containment

isolation, by designing to protect against interfacing system LOCAs, thereby reducing the
associated core melt frequency, and by reducing the steam generator tube rupture core melt
frequency.

The interfacing system LOCA core melt frequency is reduced by the use of several features,
including effective leak testing of the normal residual heat removal system motor-operated
isolation valves. A third valve is provided to the normal residual heat removal system suction line.
It is a motor-operated valve located outside containment. This prevents inadvertently aligning the
reactor coolant system to the normal residual heat removal system. The normal residual heat

Tier 2 Material 1.9-82 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

removal system design pressure is 900 psig. Therefore the ultimate rupture strength of the system
prevents it from failing when exposed to the normal reactor coolant system operating pressure
(2250 psia). See the position on intersystem LOCA for additional information on the normal
residual heat removal system design against overpressurization.

Steam generator tube rupture core melt frequency is reduced by incorporating multiple levels of
defense that are both redundant and diverse. The first level of defense relies on the use of
nonsafety-related active systems and operator action. The second level of defense uses safety-
related passive systems and equipment, such as the core makeup tanks and passive residual heat
removal heat exchangers, without the safety-related automatic depressurization of the reactor
coolant system. The third level of defense uses the redundant and diverse safety-related automatic
depressurization system valves to depressurize the reactor coolant system and initiate low-pressure
passive injection. Any of these levels of defense can prevent core damage during a steam
generator tube rupture event.

Finally, containment isolation capabilities are substantially improved by reducing the number of
penetrations and the number of open paths. Most of the open containment penetration lines use
fail-closed valves for automatic isolation.

[Link].12 ABWR Containment Vent Design

This issue is specific to BWRs and PWRs with ice condenser containments. Therefore this issue
does not apply to the AP1000 design.

[Link].13 Equipment Survivability

NRC Position:

Safety-related equipment used to mitigate design basis events is subject to a comprehensive set of
criteria such as redundancy, diversity, environmental qualification, and quality assurance to
provide reasonable assurance that they perform their intended functions, if needed. However,
equipment used to mitigate the effects of severe accidents should not be treated in the same
manner because of large differences in the likelihood of occurrence. There should be reasonable
assurance that the equipment will operate in the severe accident environment for which they are
intended and over the time span for which they are needed. However, equipment provided only
for severe accident protection need not be subject to the 10 CFR 50.49, environmental
qualification requirements, 10 CFR 50, Appendix B quality assurance requirements, and
10 CFR 50 Appendix A, redundancy and diversity requirements.

AP1000 Response:

The equipment used to mitigate severe accidents is identified in the AP1000 PRA evaluation
report. Because of the nature of the passive safety features of the AP1000, there is very little
equipment in this category. Equipment used to mitigate severe accidents is designed to survive the
environmental conditions identified in the AP1000 PRA evaluation.

Tier 2 Material 1.9-83 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

[Link].14 Operating Basis Earthquake (OBE)/Safe Shutdown Earthquake (SSE)

NRC Position:

Currently, 10 CFR 100 requires that the magnitude of the operating basis earthquake be at least
one-half that of the safe shutdown earthquake. This forces the safety-related system design at
some plants to be controlled by the operating basis earthquake, but the NRC agrees that the
operating basis earthquake should not control the safety-related system design. Therefore, the
NRC recommends eliminating the operating basis earthquake from the design of systems,
structures, and components. Until final rulemaking is approved for 10 CFR 100, Appendix A, the
elimination of the operating basis earthquake from the design of passive plants will require an
exemption from current regulations, with acceptable supporting justification from the designer.
The details of this process will be resolved with the NRC through the appropriate code-related
activities or supplemental regulatory guidance.

AP1000 Response:

The operating basis earthquake is not used as a design basis for AP1000 safety-related structures,
systems, and components. For safety-related equipment, the safe shutdown earthquake is used as
the design basis. In specifying design criteria for this earthquake, consideration is given to lower
magnitude earthquakes having a greater probability of occurrence, as well as to larger magnitude
earthquakes having a lower probability.

Cyclic stresses due to earthquakes are included in the design of those components sensitive to
fatigue. Analysis methods and allowable stresses provide margin for the design requirements for
the safe shutdown earthquake. Sections 3.7 and 3.10 provide additional information.

[Link].15 In-Service Testing of Pumps and Valves

NRC Position:

Periodic testing according to ASME Code, Section XI is required to confirm operability of

safety-related pumps and valves. The NRC believes that these testing requirements do not
necessarily verify the capability of the components to perform their intended safety function. To
address this concern, the NRC has issued Generic Letters 89-04 (Reference 38) and 89-10
(Reference 39), and has proposed rulemaking to extend in-service testing beyond code
components and to demonstrate capability to perform safety functions. Reference 29 includes the
following provisions to be applied to safety-related pumps and valves (not limited to only ASME
Code Class 1, 2, or 3):

• Piping design should incorporate provisions for full-flow testing (maximum design flow) of
pumps and check valves.

• Designs should incorporate provisions to test motor-operated valves under design basis
differential pressure.

• Check valve testing should incorporate the use of advanced, nonintrusive techniques to
address degradation and performance characteristics.

Tier 2 Material 1.9-84 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

• A program should be established to determine the frequency necessary for disassembly and
inspection of pumps and valves to detect unacceptable degradation that cannot be detected
through the use of advanced, nonintrusive techniques.

In June 1990, the NRC position was approved, additionally noting that due consideration should
be given to the practicality of designing testing capability, particularly for large pumps and valves.

The NRC concluded that this was an issue for passive plant designs in SECY-94-084
(Reference 67), because the safety-related passive systems rely on the proper operation of
equipment such as check valves and depressurization valves to mitigate the effects of transients.

AP1000 Response:

The AP1000 safety-related passive systems include the following design features:

• The AP1000 does not include any safety-related pumps.

• The motor-operated valve design is simplified by extending opening and closing times and
by using simplified, conservative valve designs.

• Safety-related motor-operated valves are designed to be cycled with the plant at power.

• Features are included in the design to provide proper operational testing of the appropriate
check valves, motor-operated valves, and air-operated valves, including flow and differential
pressure testing during shutdown conditions.

Subsection [Link] defines the responsibility for the in-service testing program for ASME Code
Class 1, 2, and 3 valves.

Subsection 3.9.6 summarizes the requirements for the in-service testing program, including
industry standards and NRC recommendations. The AP1000 system and valve designs generally
allow implementation of the NRC recommendations in Generic Letters 89-04 and 89-10.
Requirements for nonsafety-related pumps and valves that support the operation of systems that
preclude unnecessary operation of the safety-related passive systems are outlined in
subsection 3.9.6.

The AP1000 in-service testing program provides for periodic testing of the safety-related passive
system components. The safety-related passive system components and systems are designed to
meet the intent of the ASME Code, Section XI, for in-service inspection.

The AP1000 is designed for the following basic types of in-service testing of safety-related
components:

• Periodic functional testing of active components during power operation (such as cycling of
specific valves)

• Periodic flow/differential pressure operability testing of active components

Tier 2 Material 1.9-85 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

• Periodic leak testing of the containment isolation valves.

• Periodic system flow or heat transfer rate testing of passive safety-related injection or cooling
features during plant shutdown

The passive system design includes specific features to support in-service test performance:

• Remotely operated valves can be exercised during plant operation.

• Level, pressure, flow, and valve position instrumentation is provided for monitoring passive
system equipment during plant operation and testing.

• Permanently installed test lines and connections are provided for performance of the
containment isolation valve leakage testing.

[Link] Other Evolutionary and Passive Design Issues

Other evolutionary and passive design issues were identified in Reference 30.

[Link].1 Industry Codes and Standards

NRC Position:

SECY-91-273 (Reference 40) discusses NRC concerns with the use of recently developed or
modified design codes and industry standards that the ALWR vendors are using in applications,
but that have not yet been reviewed by the NRC for acceptability. The NRC recommends using
the newest codes and standards endorsed by the NRC in the review of passive design applications.
Unapproved revisions to codes and standards will be reviewed on a case-by-case basis.

AP1000 Response:

When the AP1000 design is based on revisions of industry codes and standards later than those
required by NRC regulation, such use is explicitly discussed in the appropriate DCD section. Use
of codes and standards later than those recommended in NRC guidance documents is also
discussed in the appropriate DCD section.

Appendix 1A discusses regulatory guide conformance. For those standards endorsed by regulatory
guides and subsequently superseded by a more recent revision, when the later revision is used its
use is discussed or indicated in Appendix 1A.

[Link].2 Electrical Distribution

NRC Position:

The Commission approved the recommendations in SECY-91-078 (Reference 41) for

evolutionary plant designs to include the following:

1. An alternate power source for nonsafety-related loads unless design margins for loss of
nonsafety-related loads are no more severe than turbine-trip-only events in current plants

Tier 2 Material 1.9-86 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

2. At least one offsite circuit to each redundant safety division supplied directly from offsite
power sources with no intervening nonsafety-related buses

The applicability of this issue to passive designs is discussed in SECY-94-084 (Reference 67).

AP1000 Response:

See the response to station blackout in subsection [Link].

[Link].3 Seismic Hazard Curves and Design Parameters

NRC Position:

To assess the seismic risk associated with an ALWR design, EPRI proposed the use of generic
bounding seismic hazard curves for sites in the central and eastern United States. EPRI proposes
that these curves be used in the seismic PRA. NRC regulations do not require performance of a
seismic PRA to determine site acceptability.

The NRC has compared the proposed EPRI ALWR seismic hazard bounding curve for rock sites
to hazard curves derived by Lawrence Livermore National Laboratories (LLNL) using historical
earthquake methodology in NUREG/CR-4885 and to hazard curves generated by EPRI for the
Seabrook site. The LLNL hazard curves are generally higher than the EPRI results for the same
sites.

The proposed EPRI bounding curve is exceeded for accelerations below 0.1g and the NRC
questions the adequacy of the proposed EPRI bounding curve at higher peak accelerations. The
NRC concludes that the EPRI bounding hazards curve is nonconservative and also that its use in a
seismic PRA assessment would underpredict the core damage frequency. Therefore, the EPRI
curves are not sufficiently conservative for ALWR designer use.

The Combined License applicant must demonstrate that site-specific seismic parameters meet the
certified design parameters, or a site-specific analysis will be required to confirm site
acceptability.

AP1000 Response:

The AP1000 includes a seismic margin assessment performed in lieu of a seismic PRA. The
seismic margin assessment follows the guidelines established in NUREG-1407 (Reference 42).
This assessment demonstrates that the AP1000, located at a site having the most severe seismic
inputs meeting the AP1000 site interface requirements, has a seismic risk comparable to that at
existing nuclear power plants.

[Link].4 Leak-Before-Break

NRC Position:

GDC 4 provides the basis for the leak-before-break (LBB) analysis that has been approved for
PWR primary piping, and the pressurizer surge, accumulator, and residual heat removal piping. In

Tier 2 Material 1.9-87 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

addition, it has been used for primary piping inside containment and for piping at least 6 inches
nominal diameter and for both austenitic and carbon steel (clad with stainless) materials.

The NRC will evaluate the acceptability in ALWR designs, based on the justification provided by
a deterministic fracture mechanics analysis submitted as part of the design. The NRC concluded
that the analyses should be based on specific data, such as piping geometry, materials, and piping
loads. However, the analyses may incorporate an initial set of bounding values and preliminary
stress analysis results during the design certification phase. Subsequent verification of the
preliminary analysis will be required.

The LBB approach has established certain limitations for excluding piping susceptible to failure
from degradation mechanisms. In addition, the LBB introduced acknowledged inconsistency in
the design basis, but the NRC published clarifications for the intended treatment of the
containment, emergency core cooling systems, and environmental qualification in the LBB
application.

The NRC position on LBB for the AP1000 is presented in SECY-95-172 (Reference 68).

AP1000 Response:

The AP1000 incorporates the leak-before-break approach for most high-energy lines inside
containment that are 6 inches in diameter or larger. Detailed methodology and criteria are defined
in subsection 3.6.3 and are consistent with those accepted by the NRC on existing nuclear power
plants.

[Link].5 Classification of Main Steam Line of Boiling Water Reactors (BWRs)

This issue is specific to BWRs and therefore does not apply to the AP1000 design.

[Link].6 Tornado Design Basis

NRC Position:

WASH-1300 (Reference 43) and Regulatory Guide 1.76 contain the current NRC regulatory
position for design basis tornados. Based on a contractor review of Regulatory Guide 1.76, the
NRC recommends a maximum tornado speed of 300 mph be used for design basis tornado for
passive ALWR designs.

The tornado design basis requirements have been used in establishing structural requirements
against effects not covered explicitly in review guidance such as Regulatory Guides or the SRP.
The Combined License applicant will have to demonstrate that the design will also be sufficient to
withstand other site hazards such as aviation crashes, nearby explosions, and explosion debris and
missiles.

Tier 2 Material 1.9-88 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response:

The AP1000 is designed in accordance with the NRC recommendations for a maximum tornado
wind speed of 300 mph, as described in Section 3.3. The AP1000 site interface defined in
Chapter 2 provides information to evaluate other site hazards if appropriate.

[Link].7 Containment Bypass

NRC Position:

Reasonable efforts should be made to minimize the possibility of containment bypass leakage, and
ALWR designs should allow for a certain amount of leakage in the containment design. The NRC
is evaluating the need for containment spray for all ALWRs. The containment spray provides
containment temperature and pressure suppression effects and scrubs the containment atmosphere
of fission products, mitigating the effects on the fission product bypass distribution.

AP1000 Response:

Although the phenomenon described for this item is primarily applicable to BWRs, the AP1000
has a variety of design features that help to reduce the potential for containment bypass leakage.

The response to the containment performance issue in subsection 1.9.5 provides additional
information pertaining to various improvements that help to reduce containment bypass.

The safety-related passive containment cooling system design also contributes to the containment
performance. The system includes multiple flow paths to provide cooling water for containment
during severe accident conditions. The containment is also capable of successfully removing core
decay heat with air-cooling alone.

The containment has a significantly reduced number of penetrations. The number of normally
open containment penetrations is also reduced. The result is a low containment leak rate and a low
probability of bypass.

The response to intersystem LOCA in subsection [Link] provides additional information

pertaining to applicable AP1000 design features that reduce the potential for intersystem LOCA
and the potential for containment bypass.

Improvements are made to the steam generator design, such as the use of improved tube materials
and tube supports. These improvements reduce the potential for tube leakage, which contributes to
a reduction in containment bypass. Subsection 5.4.2 provides additional information on the steam
generator design.

During a steam generator tube rupture event, the safety-related passive core cooling system
automatically mitigates the effects of the event, including automatic safety-related protection
against steam generator overfill.

The safety-related passive core cooling system provides long-term pH control for the containment
sump, which helps to reduce the levels of airborne radioactivity, thereby reducing the

Tier 2 Material 1.9-89 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

consequences of leakage from the containment. Section 6.3 includes additional information on the
passive core cooling system.

The diverse actuation system includes containment isolation features to provide isolation for the
most risk-significant containment penetrations. PRA Chapter 24 discusses the provisions for
isolating risk significant containment penetrations.

The performance of the passive fission product removal process and minimal potential for
containment bypass precludes the need for a safety-related containment spray system on AP1000.

[Link].8 Containment Leak Rate Testing

NRC Position:

SECY-91-348 (Reference 44) proposes changes to 10 CFR 50, Appendix J to allow an increased
interval from 24 months to 30 months for Type C containment leakage rate tests, until rule change
proceedings are completed.

AP1000 Response:

10 CFR 50 Appendix J has been revised since SECY-91-348 was issued. AP1000 type C testing
and compliance with 10 CFR 50 Appendix J is discussed in Section 6.2.5.

[Link].9 Post-Accident Sampling System

NRC Position:

Regulatory Guide 1.97 and NUREG-0737 (Reference 45) provide guidance regarding the design
of the post-accident sampling system. 10 CFR 50.34 required the capability to obtain and analyze
samples from containment and the reactor coolant system that may contain TID-14844 source
term radioactive materials, without exceeding specified radiation exposures. The analysis and
quantification are required for certain specified radionuclides that are indicators of the degree of
core damage, containment hydrogen, dissolved gases, chloride, and boron concentrations.

The NRC concluded that adequate capability for monitoring post-accident hydrogen is provided
by the safety-grade containment hydrogen monitoring instrumentation.

The NRC requires sampling the reactor coolant system for dissolved hydrogen, chloride, and
oxygen. The time for taking these samples can be extended to 24 hours after the accident.

The NRC requires sampling the reactor coolant system for boron and for activity measurements.
The time for taking these samples can be extended to 8 hours after power operation for boron and
24 hours after power operation for activity measurements.

AP1000 Response:

The post-accident sampling system is a subsystem of the primary sampling system, described in
subsection 9.3.3.

Tier 2 Material 1.9-90 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

The primary sampling system is designed to conform to the guidelines of the model Safety
Evaluation Report on eliminating post-accident sampling system requirements from technical
specifications for operating plants (Federal Register Volume 65, Number 211, October 31, 2000).
The primary sampling system conforms with the most recent NRC position.

[Link].10 Level of Detail

NRC Position:

The Staff Requirements Memorandum for SECY-90-377 (Reference 47) provided guidance on
the level of detail to be provided for a design certification application under 10 CFR 52. The
guidance was that the application should include the information traditionally provided in a final
safety analysis report, less the site-specific and as-procured information. This information should
be supplemented by design inspections, tests, analysis, and acceptance criteria for those areas
where the NRC is unable to make a final safety decision because of not having the site-specific
information or the as-procured information, or because the technology is evolving so rapidly that it
would be inappropriate to lock in the design.

AP1000 Response:

The AP1000 submittals are consistent with the requirements of 10 CFR 52 and the position in
Reference 47.

[Link].11 Prototyping

NRC Position:

10 CFR 52.47 requires that sufficient data exist on the safety features of the design to assess the
analytical tools used for safety analysis over a sufficient range of normal operating conditions,
transient conditions, and specified accident conditions. Further, the interdependent effects among
the safety features of the design must be found acceptable by analysis, appropriate test programs,
experience, or a combination thereof. SECY-91-057 (Reference 48) informed the Commission of
the steps the NRC was taking to identify the research needs for the AP600. SECY-91-074
(Reference 49) outlined the process the NRC would use to determine the need for a prototype or
other demonstration facility for advanced reactor designs. SECY-91-273 (Reference 40) presented
to the Commission the staff's recommendations for reviewing, monitoring and approving the
Westinghouse test program to support the AP600 design certification application. SECY-92-030
(Reference 50) presented the Commission with the NRC opinion that there was a need for a
full-height, full-pressure integral systems test to support the issuance of a final design approval.

AP1000 Response:

The Westinghouse testing program to assess the analytical methodologies used for the AP1000
safety analysis is described in Section 1.5 and is in conformance with the NRC position.

Tier 2 Material 1.9-91 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

[Link].12 Inspections, Test, Analyses, and Acceptance Criteria (ITAAC)

NRC Position:

10 CFR 52 requires that the design certification application include the proposed tests,
inspections, analyses, and the associated acceptance criteria. For certified standard designs, these
tests, inspections, and analyses must apply to those portions of the facility covered by the design
certification.

The Staff Requirements Memorandum for SECY-91-178 (Reference 51) provided guidance
regarding development of ITAAC for final design approval and design certification applications.

AP1000 Response:

The AP1000 design certification application includes ITAACs.

[Link].13 Reliability Assurance Program

NRC Position:

SECY-89-013 (Reference 52) requires a reliability assurance program for design certification. The
program would ensure that the design reliability of safety significant systems, structures, and
components is maintained over the life of a plant.

The NRC is working on the development of a detailed guidance document consisting of

two levels. The vendor submittal is the first level, consisting of a top-level program that identifies
the scope, conceptual framework, and essential elements of an effective program. The Combined
License applicant fully develops and implements the program based on the plant-specific design
information.

AP1000 Response:

Section 16.2 includes a description of the reliability assurance program. The program description
identifies the scope, conceptual framework, and essential elements of the program. The reliability
assurance program confirms that the performance of the safety-related systems, structures, and
components is consistent with the assumptions made for the design basis analysis.

In addition, the reliability assurance program monitors the long-term performance of important
nonsafety-related structures, systems, and components that provide defense-in-depth against
unnecessary actuation of the passive safety-related systems.

[Link].14 Site-Specific Probabilistic Risk Assessments (PRAs)

NRC Position:

10 CFR 52.47 requires all applicants for standard design certification to provide a PRA with
enveloping analyses for seismic events and tornadoes. The Combined License applicant is

Tier 2 Material 1.9-92 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

responsible for the site-specific PRA information that addresses site-specific events such as river
flooding, storm surge, tsunami, volcanism, and hurricanes.

AP1000 Response:

The AP1000 PRA submitted as a part of the design certification application is based on a site that
bounds a large percentage of plant sites in the United States and is described in Chapter 2.
APP-GW-GLR-101 (Reference 73) identifies the potential external events that may impact the
AP1000 risk on a site-specific basis. This technical report considers a wide range of site-specific
external events as long as a site can show that the external events listed in this report bound those
applicable to the site. The report also discusses impact of site selection on PRA Level 3
requirements.

[Link].15 Severe Accident Mitigation Design Alternatives

NRC Position:

The National Environmental Policy Act (NEPA) requires that alternatives be investigated for
actions that may significantly affect the quality of the human environment. The timing of the
NEPA hearing is at the Early Site Permit or Combined License stage. One objective of the
10 CFR 52 design certification rulemaking is to preclude changes to a certified standard plant
design. The U.S. Court of Appeals has required the NRC to include consideration of severe
accident mitigation design alternatives (SAMDAs) as a part of their environmental impact review
for operating license applications. If this same process is followed for a plant design that had been
certified, it may be necessary to reopen issues that had been resolved in the design certification
rulemaking. To avoid this situation, the NRC issued SECY-91-229 (Reference 53) which
recommended that SAMDAs be specifically addressed during the design certification rulemaking.

AP1000 Response:

The severe accident mitigation design alternatives (SAMDA) evaluation for AP1000 is contained
in Appendix 1B.

[Link].16 Generic Rulemaking Related to Design Certification

NRC Position:

SECY-91-262 (Reference 54) provides the NRC recommendations to proceed with

design-specific rulemaking where appropriate for passive designs, as information becomes
available from ongoing efforts on those issues, independent of the design review and certification
processes. In SECY-93-087 the NRC staff concludes that the design of passive plants is not
sufficiently developed to determine whether generic rulemaking should be initiated for passive
plant designs.

Generic rulemaking activities for source terms during severe accidents are ongoing, and the results
may be used during design certification of the passive plants, focusing on updating 10 CFR 100
siting criteria, and planning to incorporate the revised source criteria in 10 CFR 50.

Tier 2 Material 1.9-93 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

AP1000 Response:

No response necessary. See subsection [Link].1 for a discussion of the use of a physically based
source term.

[Link] Passive Design Issues

Issues related to the passive design were outlined in Reference 30.

[Link].1 Regulatory Treatment of Non-Safety Systems

NRC Position:

The NRC believes that its review of passive designs requires not only a review of the passive
safety-related systems, but also a review of the functional capability and availability of the active
nonsafety-related systems to provide significant defense-in-depth and accident and core damage
prevention capability. The NRC issued a commission policy paper SECY-94-084 (Reference 67),
on the regulatory treatment of non-safety systems (RTNSS), that outlines the process for resolving
the RTNSS issue. This process includes a combination of probabilistic and deterministic criteria to
identify risk-significant nonsafety-related systems.

AP1000 Response:

The AP1000 nonsafety-related active systems are designed to provide reliable support for normal
plant operations and to provide defense-in-depth to minimize unnecessary challenges to the safety-
related passive systems. These active systems are designed for more probable component and
system failures. The systems include reliable, proven equipment and component designs. These
active systems are capable of being powered by the nonsafety-related diesel-generators. The
systems have nonsafety-related automatic actuation and controls that are separate from those of the
safety-related systems.

These systems are designed to provide highly reliable performance. The design standards and
operability provisions for these systems are discussed in subsection [Link]. Availability controls
were developed for nonsafety related structures, systems, and components found to the important
via the RTNSS process. The availability controls for the AP1000 are documented in DCD
Section 16.3 and are the same as those for the AP600.

[Link].2 Definition of Passive Failure

NRC Position:

The NRC considered redefining failure of check valves in passive safety systems, where the valve
fails to provide the mechanical movement to complete its intended safety function, to that of an
active failure, as defined in Appendix A to 10 CFR 50. The NRC was concerned, since
safety-related check valves in passive designs operate under different conditions (low flow and
pressure without pump pressure to open valves) than current generation reactors and evolutionary
designs. The check valves have increased safety significance to the operation of the passive

Tier 2 Material 1.9-94 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

safety-related systems, and operating experience has shown that they have a lower reliability than
originally anticipated. The Staff position is described in SECY-94-084 (Reference 67).

AP1000 Response:

AP1000 is designed to tolerate the single failure of a check valve to change position to perform a
safety-related function. Valve redundancy is provided for the core makeup tank discharge check
valves (to close), the in-containment refueling water storage tank gravity injection check valves (to
open), the containment recirculation gravity injection check valves (to open), and containment
isolation line check valves (to close). The redundancy in the design for each of these safety-related
flow paths is sufficient to accommodate the single failure of a check valve to reposition as
required to perform its safeguards function.

Section 6.3 provides additional information on the failures assumed for the passive core cooling
system including exceptions to the single failure criteria.

[Link].3 SBWR Stability

This issue is applicable to BWRs only.

[Link].4 Safe Shutdown Requirements

NRC Position:

GDC 34 requires that a residual heat removal system be provided to remove residual heat from the
reactor core so that specified, acceptable fuel design limits are not exceeded. Regulatory
Guide 1.139 and Branch Technical Position 5-1 implement this requirement and set forth
conditions to cold shutdown (200°F for a PWR) using only safety-related systems within 36 hours.

The NRC evaluated the alternate means of addressing GDC 34 using passive safety-related
systems to achieve a safe shutdown condition of 420°F. Additionally, the NRC reviewed the
acceptability of using active, nonsafety-related systems to take a plant to cold shutdown
conditions. The results of this review are presented in SECY-94-084 (Reference 67).

AP1000 Response:

The AP1000 includes safety-related passive systems and equipment that are designed to
automatically establish and indefinitely maintain safe shutdown conditions for the plant following
design basis events.

Sections 6.3 and 7.4 provide additional information pertaining to safe shutdown, using the
safety-related passive systems.

Tier 2 Material 1.9-95 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

[Link].5 Control Room Habitability

NRC Position:

10 CFR 50, Appendix A, GDC 19 requires adequate radiation protection to permit access and
occupancy of the control room under accident conditions without personnel receiving radiation
exposures in excess of five rem whole body, or its equivalent, to any part of the body, for the
duration of the accident. Section 6.4 of the Standard Review Plan defines this dose criterion in
terms of specific whole-body and organ doses (5 rem to whole body, and 30 rem each to thyroid
and skin). The NRC requires that the analyses of main control room habitability be based on the
dose criterion defined in GDC 19 of Appendix A to 10 CFR 50 and Section 6.4 of the Standard
Review Plan (5 rem to whole body, and 30 rem each to thyroid and skin). In addition, the analyses
of control room habitability should be based on the duration of the accident according to GDC 19
of Appendix A to 10 CFR 50.

AP1000 Response:

The AP1000 design includes a passive, safety-related main control room habitability system to
meet the requirements of GDC 19. Section 6.4 provides additional information.

As described in subsection [Link], the main control room operator doses following a design
basis loss of coolant accident are within the dose criterion of GDC 19 (5 rem TEDE as applied to
the AP1000 design).

[Link].6 Radionuclide Attenuation

NRC Position:

The NRC is concerned that use of the auxiliary building for holdup may require additional
restrictions to be placed on the auxiliary building during normal operation. In addition, the NRC is
continuing its evaluation of the need for a containment spray system for passive plant designs.

AP1000 Response:

The AP1000 design does not have a safety-related containment spray or take credit for auxiliary
building holdup for mitigation of the design basis loss of coolant accident. The design includes a
low-leakage-rate containment (0.10 percent per day) together with credit for aerosol removal by
naturally occurring processes and pool scrubbing in containment. The low-leakage containment
and natural aerosol removal are adequate to meet 10 CFR 50.34 dose limits, consistent with the
physically-based source term.

[Link].7 Simplification of Off-Site Emergency Planning

NRC Position:

The NRC states that changes to emergency planning regulatory requirements may be appropriate,
but that an NRC determination on this issue will require detailed design evaluation. Summaries of
specific NRC conclusions are as follows:

Tier 2 Material 1.9-96 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

• Unique characteristics of the designs should be considered in determining the extent of

emergency planning, including the ability to prevent significant release of radioactive
material or to provide delay times for all but the most unlikely events.

• A very low likelihood of all containment bypass sequences will be required before relaxing
emergency planning requirements.

• Lack of information on source term and risk precludes further NRC evaluation of emergency
preparedness for the passive plants at this time.

• Emergency planning requirements following the TMI-2 accident were not premised on
specific assumptions regarding severe accident probability. So, as a policy matter, even very
low calculated probabilities may not be a sufficient basis for changes to emergency planning
requirements.

The industry and the NRC are working to determine a process, including developing technical
criteria and methods, that would justify simplification of offsite emergency planning. The results
of this process would be used as input to a generic rulemaking proposal to be initiated by nuclear
industry organizations.

AP1000 Response:

The AP1000 PRA evaluation risk assessment includes calculations of the AP1000 response to
severe accidents. This response includes the release of radionuclides following a severe accident.
This analysis supports the technical basis for simplification of offsite emergency planning. The
offsite emergency planning is discussed in Section 13.3.

[Link] Additional Licensing Issue

Post-72 Hour Support Actions

The AP1000 includes safety-related passive systems and equipment that are sufficient to
automatically establish and maintain safe shutdown conditions for the plant following design basis
events, assuming that the most limiting single failure occurs. The safety-related passive systems
maintain safe shutdown conditions after an event -- without operator action, without onsite and
offsite ac power sources.

The AP1000 includes nonsafety-related active systems and equipment designed to provide
multiple levels of defense for a wide range of events. For the more probable events, these
nonsafety-related systems automatically actuate to provide a first level of defense to reduce the
likelihood of unnecessary actuation and operation of the safety-related passive systems. These
nonsafety-related systems establish and maintain safe shutdown conditions for the plant following
design basis events, provided that at least one of the standby nonsafety-related ac power sources is
available.

Although event scenarios that result in an extended loss of the nonsafety-related systems or both
offsite and onsite ac power sources for more than 72 hours are very unlikely, this potential is
considered in the AP1000 design.

Tier 2 Material 1.9-97 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

The actions described below are required following an extended loss of these nonsafety-related
systems.

The safety functions required include the following:

• Core cooling, inventory, and reactivity control

• Containment cooling and ultimate heat sink
• Main control room habitability and post-accident monitoring
• Spent fuel pool cooling

The AP1000 design includes both onsite equipment and safety-related connections for use with
transportable equipment and supplies to provide the following extended support actions:

• Provide electrical power to supply the post-accident and spent fuel pool monitoring
instrumentation, using the ancillary diesel generators or a portable, engine-driven ac
generator that both connect to electrical connections at the ancillary diesel generator electric
panel. See Section 8.3 for additional information.

• Provide makeup water to the passive containment cooling water storage tank to maintain
external containment cooling water flow, using one of the two PCS recirculation pumps
powered by an ancillary diesel generator or a portable, engine-driven pump that connects to a
safety-related makeup connection. See subsection 6.2.2 for additional information.

• Ventilation and cooling of the main control room, the instrumentation and control rooms, and
the dc equipment rooms is provided by open doors and ancillary fans or portable fans
powered by an ancillary diesel generator or a portable, engine-driven ac generator.

• Provide makeup water to the spent fuel pool from the passive containment cooling water
storage tank, passive containment cooling water ancillary water storage tank, and from the
long term makeup connection. See subsection [Link].4 for a discussion of the operation of
the passive containment cooling system and subsection [Link].3 and [Link] for discussion
of makeup to the spent fuel pool.

• Provide a vent path between the fuel handling area and outside environment to vent water
vapor generated by elevated spent fuel pool water temperature. See subsection [Link].3.4 for
additional information.

These actions are accomplished by the site support personnel, in coordination with the main
control room operators. These actions are performed separate from, but in parallel with, other
actions taken by the plant operators to directly mitigate the consequences of an event.

[Link] Operational Experience

Operational experience highlighted in NRC bulletins, generic letters, and information notices has
been incorporated into the AP1000 design. Generic letters and bulletins are identified in
WCAP-15800 (Reference 65). The applicability of each generic letter and bulletin to the AP1000

Tier 2 Material 1.9-98 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

is assessed in WCAP-15800. If required, additional information for applicable issues is provided

in the referenced sections of the DCD.

1.9.6 References

1. NUREG-0696, "Functional Criteria for Emergency Response Facilities," 1981.

2. Report NP-2770-LD, "EPRI PWR Safety Valve Test Report," December 1982.

3. NUREG-0933, "A Prioritization of Generic Safety Issues," June 2001.

4. NUREG-0371, "Task Action Plans for Generic Activities (Category A)," U.S. Nuclear
Regulatory Commission, November 1978.

5. NUREG-0927, Revision 1, "Evaluation of Water Hammer Occurrences in Nuclear Power

Plants," U.S. Nuclear Regulatory Commission, March 1984.

6. NRC letter to all PWR Licensees of Operating Reactors, Applicants for Operating Licensees
and Holders of Construction Permits, and Ft. St. Vrain, "Staff Recommended Actions
Stemming from NRC Integrated Program for the Resolution of Unresolved Safety Issues
Regarding Steam Generator Tube Integrity," (Generic Letter 85-02) April 17, 1985.

7. NUREG-0844, "NRC Integrated Program for the Resolution of Unresolved Safety Issues
A-3, A-4, A-5 Regarding Steam Generator Tube Integrity," U.S. Nuclear Regulatory
Commission, September 1988.

8. NUREG-0577, Revision 1, "Potential for Low Fracture Toughness and Lamellar Tearing in
PWR Steam Generator and Reactor Coolant Pump Supports," U.S. Nuclear Regulatory
Commission, October 1983.

9. IEEE 323-1974, "Qualifying Class 1E Equipment for Nuclear Power Generating Stations,"
Institute of Electrical and Electronics Engineers.

10. NUREG-0612, "Control of Heavy Loads at Nuclear Power Plants," U.S. Nuclear Regulatory
Commission, July 1980.

11. NUREG-0510, "Identification of Unresolved Safety Issues Relating to Nuclear Power

Plants," U.S. Nuclear Regulatory Commission, January 1979.

12. NUREG-0705, "Identification of New Unresolved Safety Issues Relating to Nuclear Power
Plant Stations," U.S. Nuclear Regulatory Commission, February 1981.

13. IEEE 344-1987, "Recommended Practices for Seismic Qualification of Class 1E Equipment
for Nuclear Power Generating Stations," Institute of Electrical and Electronics Engineers.

14. NUREG-0410, "NRC Program for the Resolution of Generic Issues Related to Nuclear
Power Plants."

Tier 2 Material 1.9-99 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

15. NUREG-0660, "NRC Action Plan Developed as a result of the TMI-2 accident," May 1980.

16. NUREG-0985, "Nuclear Regulatory Commission Human Factors Program Plan Revision 2,"
April 1986.

17. IEEE 384-1981, "IEEE Standard Criteria for Independence of Class 1E Equipment and
Circuits," Institute of Electrical and Electronics Engineers.

18. NUREG-0471, "Generic Task Problem Descriptions (Category B, C, and D Tasks)" and
NUREG-0933, "A Prioritization of Generic Safety Issues," June 1978.

19. NUREG-0484, Revision 1, "Methodology for Combining Dynamic Responses," May 1980.

20. IEEE 317-1983, "Standard for Electric Penetration Assemblies in Containment Structures for
Nuclear Power Generating Stations," Institute of Electrical and Electronics Engineers.

21. ANSI/ANS-58.8-1984. "Time Response Design Criteria for Nuclear Safety Related Operator
Actions."

22. NUREG/CR-2425, "Sediment and Radionuclide Transport in Rivers," December 1982.

23. NUREG-0693, "Analysis of Ultimate-Heat-Sink Cooling Ponds," November 1980.

24. NUREG-0733, "Analysis of Ultimate Heat-Sink Spray Ponds," August 1981.

25. NUREG-0858, "Comparison Between Field Data and Ultimate Heat Sink Cooling-Pond and
Spray-Pond Models," September 1980.

26. ANSI 5.1, "Decay Heat Power in Light Water Reactors," American National Standards
Institute, 1979.

27. NUREG-0691, "Investigation and Evaluation of Cracking Incidents in Piping in Pressurized

Water Reactors," September 1980.

28. ANSI 56.5-1979, "PWR and BWR Containment Spray System Design Criteria."

29. USNRC, SECY-90-016, "Evolutionary Light Water Reactor (LWR) Certification Issues And
Their Relationship to Current Regulatory Requirements," January 12, 1990.

30. NRC letter, Subject: Identification of Issues Concerning the Evolutionary and Passive Plant
Designs, Dennis M. Crutchfield, USNRC Director, Division of Advanced Reactors and
Special Projects, to E. E. Kintner, Chairman ALWR Steering Committee, February 27, 1992.

31. Staff Requirements Memorandum, Subject: SECY-90-016 - Evolutionary Light Water

Reactor (LWR) Certification Issues and Their Relationship to Current Regulatory
Requirements, Samuel J. Chilk, USNRC Secretary, to James M. Taylor, USNRC Executive
Director for Operations, June 26, 1990.

Tier 2 Material 1.9-100 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

32. NUREG-1150, "Severe Accident Risk: An Assessment for Five U.S. Nuclear Power Plants,"
June 1989.

33. "Passive ALWR Source Term," D. E. Leaver, et al., DOE/ID-10321, February 1991.

34. NUREG-0649, "Task Action Plans for Unresolved Safety Issues Related to Nuclear Power
Plants," Revision 1, September 1984.

35. NUREG-1032, "Evaluation of Station Blackout Accidents at Nuclear Power Plants,

Technical Findings Related to Unresolved Safety Issue A-44," June 1988.

36. NUREG-1109, "Regulatory/Backfit Analysis for the Resolution of Unresolved Safety Issue
A-44, Station Blackout," June 1988.

37. Branch Technical Position CMEB 9.5-1, "Guidelines for Fire Protection for Nuclear Power
Plants," July 1986.

38. Generic Letter 89-04, "Guidance on Developing Acceptable Inservice Testing Programs,"
April 3, 1989.

39. Generic Letter 89-10, "Safety-Related Motor-Operated Valve Testing and Surveillance,"
June 28, 1989.

40. SECY-91-273, "Review of Vendors' Test Programs to Support the Design Certification of
Passive Light Water Reactors," August 27, 1991.

41. SECY-91-078, "Chapter 11 of EPRI's Requirements Document and Additional Evolutionary

Light Water Reactor Certification Issues," March 25, 1991.

42. NUREG-1407, "Procedural and Submittal Guidance for the Individual Plant Examination of
External Events (IPEEE) for Severe Accident Vulnerabilities," June 1991.

43. WASH-1400 (NUREG-75/014), "Reactor Safety Study, An Assessment of Accident Risks in

U.S. Commercial Nuclear Power Plants," October 1975.

44. SECY-91-348, preliminary untitled SECY related to containment leakrate testing, issued to
the Commission for review, and not yet released by the NRC.

45. NUREG-0737, "Clarification of TMI Action Plan Requirements," November 1980.

46. NUREG-4330, "Review of Light Water Reactor Regulatory Requirements, Volume 1,

Identification of Regulatory Requirements That May Have Marginal Importance to Risk,"
April 1986.

47. SECY-90-377, "Requirements for Design Certification Under 10 CFR Part 52,"
November 8, 1990.

48. SECY-91-057, "Early Review of AP600 and SBWR Research Needs," March 1, 1991.

Tier 2 Material 1.9-101 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

49. SECY-91-074, "Prototype Decisions for Advanced Reactor Designs," March 19, 1991.

50. SECY-92-030, "Integral System Testing Requirements for Westinghouse's AP600 Plant,"
January 27, 1992.

51. SECY-91-178, "Inspections, Tests, Analyses, and Acceptance Criteria (ITAAC) for Design
Certifications and Combined Licenses," June 12, 1991.

52. SECY-89-013, "Design Requirements Related to the Evolutionary Advanced Light Water
Reactors (ALWRs)," January 19, 1989.

53. SECY-91-229, "Severe Accident Mitigation Design Alternatives for Certified Standard
Designs," July 31, 1991.

54. SECY-91-262, "Resolution of Selected Technical and Severe Accident Issues for
Evolutionary Light Water Reactor (LWR) Designs," August 16, 1991.

55. Not used.

56. WCAP-15993, "Evaluation of the AP1000 Conformance to Inter-System Loss-of-Coolant

Accident Acceptance Criteria," Revision 1, March 2003.

57. SECY-95-172, "Key Technical Issues Pertaining to the Westinghouse AP600 Standardized
Passive Reactor Design," June 30, 1995.

58. NUREG-1465, "Accident Source Terms for Light-Water Nuclear Power Plants," L. Soffer,
et al., February 1995.

59. SECY-94-302, "Source Term-Related Technical and Licensing Issues Pertaining to

Evolutionary and Passive Light-Water-Reactor Designs," December 19, 1994.

60. SECY-94-194, "Proposed Revisions to 10 CFR Part 100 and 10 CFR Part 50, and New
Appendix S to 10 CFR Part 50," July 27, 1994.

61. Not used.

62. Theofanous, T. G., et al., "In-Vessel Coolability and Retention of a Core Melt,"
DOE/ID-10460, July 1995.

63. WCAP-15799, "AP1000 Compliance with SRP Acceptance Criteria," Revision 1,

August 2003.

64. NCRP Report No. 116, Limitation of Exposure to Ionizing Radiation, March 31, 1993.

65. WCAP-15800, "Operational Assessment for AP1000," Revision 3, July 2004.

66. SECY-98-161, "The Westinghouse AP1000 Standard Design as it Relates to the Fire
Protection and the Spent Fuel Pool Cooling Systems," July 1, 1998.

Tier 2 Material 1.9-102 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

67. SECY-94-084, "Policy and Technical Issues Associated with the Regulatory Treatment of
Non-Safety Systems in Passive Plant Designs," March 28, 1994.

68. SECY-95-172, "Key Technical Issues Pertaining to the Westinghouse AP1000 Standardized
Passive Reactor Design," June 30, 1995.

69. WCAP-15992, "AP1000 Adverse Systems Interactions Evaluation Report," Revision 1,

February 2003.

70. WCAP-15776, "Safety Criteria for the AP1000 Instrumentation and Control Systems,"
April 2002.

71. APP-GW-GLR-079, "AP1000 Verification of Water Sources for Long-Term Recirculation

Cooling Following a LOCA," Westinghouse Electric Company LLC.

72. APP-GW-GLR-040, "Plant Operations, Surveillance, and Maintenance Procedures,"

Westinghouse Electric Company LLC.

73. APP-GW-GLR-101, "AP1000 Probabilistic Risk Assessment External Events Evaluation to

Support COL Applications," Westinghouse Electric Company LLC.

Tier 2 Material 1.9-103 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-1 (Sheet 1 of 15)

REGULATORY GUIDE/DCD SECTION CROSS-REFERENCES

DCD Chapter, Section or
Division 1 Regulatory Guide Subsection
1.1 Net Positive Suction Head for Emergency Core Cooling and This regulatory guide is not
Containment Heat Removal System Pumps (Rev. 0, November 2, 1970) applicable to AP1000.
1.2 Withdrawn
1.3 Assumptions Used for Evaluating the Potential Radiological This regulatory guide is not
Consequences of a Loss-of-coolant Accident for Boiling Water Reactors applicable to AP1000.
(Rev. 2, June 1974)
1.4 Assumptions Used for Evaluating the Potential Radiological The guidance of Reg. Guide
Consequences of a Loss-of-Coolant Accident for Pressurized Water 1.183, “Alternative
Reactors (Rev. 2, June 1974) Radiological Source Terms
For Evaluating Design Basis
Accidents At Nuclear Power
Reactors” will be followed
instead of Reg. Guide 1.4.
1.5 Assumptions Used for Evaluating the Potential Radiological This regulatory guide is not
Consequences of a Steam Line Break Accident for Boiling Water applicable to AP1000.
Reactors (Rev. 0, March 10, 1971)
1.6 Independence Between Redundant Standby (Onsite) Power Sources and 8.1
Between Their Distribution Systems (Rev. 0, March 10, 1971) 8.3.1
8.3.2
16.1 Bases
1.7 Control of Combustible Gas Concentration in Containment Following a 6.1.1
Loss-of-Coolant Accident (Rev. 2, November 1978) 6.2.4
15.6.3
Appendix 15A
1.8 Qualification and Training of Personnel for Nuclear Power Plants This regulatory guide is not
(Rev. 3, 1 May 2000) applicable to AP1000 design
certification.
1.9 Selection, Design, and Qualification of Diesel Generator Units Used as This regulatory guide is not
Onsite Electric Power Systems at Nuclear Power Plants (Proposed applicable to AP1000.
Rev. 3, November 1988)
1.10 Withdrawn
1.11 Instrument Lines Penetrating Primary Reactor Containment (Rev. 0, 3.6.2
March 10, 1971) 6.2.3
1.12 Instrumentation for Earthquakes (Rev. 2, March 1997) 3.7.4

Tier 2 Material 1.9-104 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-1 (Sheet 2 of 15)

REGULATORY GUIDE/DCD SECTION CROSS-REFERENCES

DCD Chapter, Section or
Division 1 Regulatory Guide Subsection
1.13 Spent Fuel Storage Facility Design Basis (Proposed Rev. 2, 9.1.2
December 1981) 9.1.3
9.1.4
16.1 Bases
1.14 Reactor Coolant Pump Flywheel Integrity (Rev. 1, August 1975) 5.4.1
1.15 Withdrawn
1.16 Reporting of Operating Information - Appendix A Technical This regulatory guide is not
Specifications (Rev. 4, August 1975). applicable to AP1000 design
certification.
1.17 Withdrawn
1.18 Withdrawn
1.19 Withdrawn
1.20 Comprehensive Vibration Assessment Program for Reactor Internals 3.9.2
During Preoperational and Initial Startup Testing (Rev. 2, May 1976) 14
1.21 Measuring, Evaluating, and Reporting Radioactivity in Solid Wastes and 11.5
Releases of Radioactive Materials in Liquid and Gaseous Effluents From
Light-Water-Cooled Nuclear Power Plants (Rev. 1, June 1974)
1.22 Periodic Testing of Protection System Actuation Functions (Rev. 0, 7.1
February 17, 1972) 7.2
7.4
1.23 Onsite Meteorological Program (Second Proposed Rev. 1, April 1986) 2.3
1.24 Assumptions Used for Evaluating the Potential Radiological This regulatory guide is not
Consequences of a Pressurized Water Reactor Radioactive Gas Storage applicable to AP1000.
Tank Failure (Rev. 0, March 23, 1972)
1.25 Assumptions Used for Evaluating the Potential Radiological The guidance of Reg. Guide
Consequences of a Fuel Handling Accident in the Fuel Handling and 1.183, “Alternative
Storage Facility for Boiling and Pressurized Water Reactors (Rev. 0, Radiological Source Terms
March 23, 1972) For Evaluating Design Basis
Accidents At Nuclear Power
Reactors” will be followed
instead of Reg. Guide 1.25.
1.26 Quality Group Classifications and Standards for Water-, Steam-, and 3.2.2
Radioactive-Waste-Containing Components of Nuclear Power Plants
(Rev. 3, February 1976)
1.27 Ultimate Heat Sink for Nuclear Power Plants (Rev. 2, January 1976) 6.2.2

Tier 2 Material 1.9-105 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-1 (Sheet 3 of 15)

REGULATORY GUIDE/DCD SECTION CROSS-REFERENCES

DCD Chapter, Section or
Division 1 Regulatory Guide Subsection
1.28 Quality Assurance Program Requirements (Design and Construction) 2.5
(Rev. 3, August 1985) 17
1.29 Seismic Design Classification (Rev. 3, September 1978) 3.2.1
1.30 Quality Assurance Requirements for the Installation, Inspection, and This regulatory guide is not
Testing of Instrumentation and Electric Equipment (Rev. 0, applicable to AP1000 design
August 11, 1972) certification.
1.31 Control of Ferrite Content in Stainless Steel Weld Metal (Rev. 3, 4.5.1
April 1978) 4.5.2
5.2.3
5.3.2
6.1.1
1.32 Criteria for Safety-Related Electric Power Systems for Nuclear Power 8.1
Plants (Rev. 2, February 1977) 8.2
8.3.1
8.3.2
16.1 Bases
1.33 Quality Assurance Program Requirements (Operation) (Rev. 2, [Link]
February 1978) 3D.4.1.2
3D.6.4
1.34 Control of Electroslag Weld Properties (Rev. 0, December 28, 1972) 4.5.2
5.2.3
5.3.2
1.35 Inservice Inspection of Ungrouted Tendons in Pre-stressed Concrete This regulatory guide is not
Containments (Rev. 3, July 1990) applicable to AP1000.
1.35.1 Determining Prestressing Forces for Inspection of Prestressed Concrete This regulatory guide is not
Containments (Rev. 0, July 1990) applicable to AP1000.
1.36 Nonmetallic Thermal Insulation for Austenitic Stainless Steel (Rev. 0, 5.2.3
February 23, 1973) 6.1.1
1.37 Quality Assurance Requirements for cleaning of Fluid Systems and 17
Associated Components of Water-Cooled Nuclear Power Plants (Rev. 0,
March 1973)
1.38 Quality Assurance Requirements for Packaging, Shipping, Receiving, 17
Storage, and Handling of Items for Water-Cooled Nuclear Power Plants
(Rev. 2, May 1977)
1.39 Housekeeping Requirements for Water-Cooled Nuclear Power Plants 17
(Rev. 2, September 1977)

Tier 2 Material 1.9-106 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-1 (Sheet 4 of 15)

REGULATORY GUIDE/DCD SECTION CROSS-REFERENCES

DCD Chapter, Section or
Division 1 Regulatory Guide Subsection
1.40 Qualification Tests of Continuous-Duty Motors Installed Inside the This regulatory guide is not
Containment of Water-Cooled Nuclear Power Plants (Rev. 0, applicable to AP1000.
March 16, 1973)
1.41 Preoperational Testing of Redundant Onsite Electric Power Systems to 14
Verify Proper Load Group Assignments (Rev. 0, March 16, 1973)
1.42 Withdrawn
1.43 Control of Stainless Steel Weld Cladding of Low-Alloy Steel 5.2.3
Components (Rev. 0, May 1973) 5.3.2
1.44 Control of the Use of Sensitized Stainless Steel (Rev. 0, May 1973) 4.5.1
4.5.2
5.2.3
5.3.2
6.1.1
10.3
1.45 Reactor Coolant Pressure Boundary Leakage Detection Systems 5.2.5
(Rev. 0, May 1973) 16.1 Bases
1.46 Withdrawn
1.47 Bypassed and Inoperable Status Indication for Nuclear Power Plant 6.3
Safety Systems (Rev. 0, May 1973) 7.2
7.3
7.4
7.5
8.3.2
1.48 Withdrawn
1.49 Power Levels of Nuclear Power Plants (Rev. 1, December 1973) 16
1.50 Control of Preheat Temperature for Welding of Low-Alloy Steel 5.2.3
(Rev. 0, May 1973) 5.3.2
6.1.1
1.51 Withdrawn
1.52 Design, Testing, and Maintenance Criteria for Post Accident 6.4
Engineered-Safety-Feature Atmosphere Cleanup System Air Filtration
and Adsorption Units of Light-Water-Cooled Nuclear Power Plants
(Rev. 3, June 2001)

Tier 2 Material 1.9-107 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-1 (Sheet 5 of 15)

REGULATORY GUIDE/DCD SECTION CROSS-REFERENCES

DCD Chapter, Section or
Division 1 Regulatory Guide Subsection
1.53 Application of the Single Failure Criterion to Nuclear Power Plant 7.1
Protection Systems (Rev. 0, June 1973) 7.2
7.4
15.2
15.3
15.4
15.5
15.6
1.54 Service Level I, II, and III Protective Coatings Applied to Nuclear Power 6.1.2
Plants (Rev. 1, July 2000)
1.55 Withdrawn
1.56 Maintenance of Water Purity in Boiling Water Reactors (Rev. 1, This regulatory guide is not
July 1978) applicable to AP1000.
1.57 Design Limits and Loading Combinations for Metal Primary Reactor 3.8.2
Containment System Components (Rev. 0, June 1973) 3.8.3
1.58 Withdrawn
1.59 Design Basis Floods for Nuclear Power Plants (Rev. 2, August 1977) 2.4
3.4
1.60 Design Response Spectra for Seismic Design of Nuclear Power Plants 2.5
(Rev. 1, December 1973) 3.7.1
1.61 Damping Values for Seismic Design of Nuclear Power Plants (Rev. 0, 3.7.1
October 1973) [Link]
Appendix 3D
1.62 Manual Initiation of Protective Actions (Rev. 0, October 1973) 7.1
7.2
1.63 Electric Penetration Assemblies in Containment Structures for Nuclear 8.3.1
Power Plants (Task EE 405-4) (Rev. 3, February 1987) Appendix 3D
1.64 Withdrawn
1.65 Materials and Inspections for Reactor Vessel Closure Studs (Rev. 0, 5.3.2
October 1973)
1.66 Withdrawn
1.67 Withdrawn

Tier 2 Material 1.9-108 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-1 (Sheet 6 of 15)

REGULATORY GUIDE/DCD SECTION CROSS-REFERENCES

DCD Chapter, Section or
Division 1 Regulatory Guide Subsection
1.68 Initial Test Programs for Water-Cooled Nuclear Power Plants (Rev. 2, 14
August 1978) 16.1 Bases
1.68.1 Preoperational and Initial Startup Testing of Feedwater and Condensate This regulatory guide is not
Systems for Boiling Water Reactor Power Plants (Rev. 1, January 1977) applicable to AP1000.
1.68.2 Initial Test Program to Demonstrate Remote Shutdown Capability for 14
Water-Cooled Nuclear Power Plants (Rev. 1, July 1978)
1.68.3 Preoperational Testing of Instrument and Air Control Systems (Task 9.3.1
RS 709-4) (Rev. 0, April 1982) 14
1.69 Concrete Radiation Shields for Nuclear Power Plants (Rev. 0, 3.8.4
December 1973) 12.3
1.70 Standard Format and Content of Safety Analysis Reports for Nuclear 1.1
Power Plants (Rev. 3, November 1978)
1.71 Welder Qualification for Areas of Limited Accessibility (Rev. 0, [Link].6
December 1973)
1.72 Spray Pond Piping Made From Fiberglass-Reinforced Thermosetting This regulatory guide is not
Resin (Rev. 2, November 1978) applicable to AP1000.
1.73 Qualification Tests of Electric Valve Operators Installed Inside the 3.11
Containment of Nuclear Power Plants (Rev. 0, January 1974) Appendix 3D
1.74 Withdrawn
1.75 Physical Independence of Electric Systems (Rev. 2, September 1978) 7.1
7.2
7.3
7.4
7.5
8.1
8.3.1
8.3.2
9.5.1
1.76 Design Basis Tornado for Nuclear Power Plants (Rev. 0, April 1974) 2.3
3.3

Tier 2 Material 1.9-109 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-1 (Sheet 7 of 15)

REGULATORY GUIDE/DCD SECTION CROSS-REFERENCES

DCD Chapter, Section or
Division 1 Regulatory Guide Subsection
1.77 Assumptions Used for Evaluating a Control Rod Ejection Accident for The guidance of Reg.
Pressurized Water Reactors (Rev. 0, May 1974) Guide 1.183, “Alternative
Radiological Source Terms
For Evaluating Design Basis
Accidents At Nuclear Power
Reactors” will be followed
instead of Reg. Guide 1.77.
16.1 Bases
1.78 Evaluating the Habitability of a Nuclear Power Plant Control Room 2.2
During a Postulated Hazardous Chemical Release (Rev. 1, 6.4
December 2001) 9.4.1
9.5.1
16.1 Bases
1.79 Preoperational Testing of Emergency Core Cooling Systems for 14
Pressurized Water Reactors (Rev. 1, September 1975)
1.80 Withdrawn
1.81 Shared Emergency and Shutdown Electric Systems for Multi-Unit This regulatory guide is not
Nuclear Power Plant (Rev. 1, January 1975) applicable to AP1000.
1.82 Water Sources for Long Term Recirculation Cooling Following a 6.3
Loss-of-Coolant Accident (Task 203-4) (Rev. 2, May, 1996)
1.83 Inservice Inspection of Pressurized Water Reactor Steam Generator 5.4.2
Tubes (Rev. 1, July 1975)
1.84 Design and Fabrication Code Case Acceptability ASME Section III 4.5.1
Division 1 (Rev. 32, June 2003) 4.5.2
5.2.1
5.2.3
10.3
1.85 Withdrawn
1.86 Termination of Operating Licenses for Nuclear Reactors (Rev. 0, This regulatory guide is not
June 1974) applicable to AP1000 design
certification.
1.87 Guidance for Construction of Class 1 Components in Elevated- This regulatory guide is not
Temperature Reactors (Rev. 1, June 1975) applicable to AP1000.
1.88 Withdrawn

Tier 2 Material 1.9-110 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-1 (Sheet 8 of 15)

REGULATORY GUIDE/DCD SECTION CROSS-REFERENCES

DCD Chapter, Section or
Division 1 Regulatory Guide Subsection
1.89 Environmental Qualification of Certain Electric Equipment Important to 3.11
Safety for Nuclear Power Plants (Task EE 042-2) (Rev. 1, June 1984) Appendix 3D
1.90 Inservice Inspection of Prestressed Concrete Containment Structures This regulatory guide is not
With Grouted Tendons (Rev. 1, August 1977) applicable to AP1000.
1.91 Evaluations of Explosions Postulated to Occur on Transportation Routes 19.58
Near Nuclear Power Plant Sites (Rev. 1, February 1978)
1.92 Combining Modal Responses and Spatial Components in Seismic 3.7
Response Analysis (Rev. 1, February 1976; Rev. 2, July 2006) Appendix 3D
1.93 Availability of Electric Power Sources (Rev. 0, December 1974) 8.1
8.3
16.1 Bases
1.94 Quality Assurance Requirements for Installation, Inspection, and Testing This regulatory guide is not
of Structural Concrete and Structural Steel During the Construction applicable to AP1000 design
Phase of Nuclear Power Plants (Rev. 1, April 1976) certification.
1.95 Withdrawn
1.96 Design of Main Steam Isolation Valve Leakage Control Systems for This regulatory guide is not
Boiling Water Reactor Nuclear Power Plants (Rev. 1, June 1976) applicable to AP1000.
1.97 Instrumentation for Light-Water-Cooled Nuclear Power Plants to Assess 7.5
Plant and Environs Conditions During and Following an Accident 18.8
(Rev. 3, May 1983) 16.1 Bases
Appendix 3D
1.98 Assumptions Used for Evaluating the Potential Radiological This regulatory guide is not
Consequences of a Radioactive Offgas System Failure in a Boiling Water applicable to AP1000.
Reactor (Rev. 0, March 1976)
1.99 Radiation Embrittlement of Reactor Vessel Materials (Task ME 305-4) 5.3.2
(Rev. 2, May 1988) 5.3.3
16.1 Bases
1.100 Seismic Qualification of Electric and Mechanical Equipment for Nuclear 3.10
Power Plants (Task EE 108-5) (Rev. 2, June 1988) Appendix 3D
1.101 Emergency Planning and Preparedness for Nuclear Power Reactors This regulatory guide is not
(Rev. 3, August 1992) applicable to AP1000 design
certification.
1.102 Flood Protection for Nuclear Power Plants (Rev. 1, September 1976) 3.4

Tier 2 Material 1.9-111 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-1 (Sheet 9 of 15)

REGULATORY GUIDE/DCD SECTION CROSS-REFERENCES

DCD Chapter, Section or
Division 1 Regulatory Guide Subsection
1.103 Withdrawn
1.104 Withdrawn
1.105 Instrument Setpoints for Safety-Related Systems (Task 1C 010-5) 7.1
(Rev. 3, December 1999) 16
1.106 Thermal Overload Protection for Electric Motors on Motor-Operated 8.1
Valves (Rev. 1, March 1977)
1.107 Qualifications for Cement Grouting Tendons for Prestressing Tendons in This regulatory guide is not
Containment Structures (Rev. 1, February 1977) applicable to AP1000.
1.108 Withdrawn
1.109 Calculation of Annual Doses to Man From Routine Releases of Reactor 11.3.3
Effluents for the Purpose of Evaluating Compliance With 10 CFR
Part 50 Appendix I (Rev. 1, October 1977)
1.110 Cost-Benefit Analysis for Radwaste Systems for Light-Water-Cooled 11.2
Nuclear Power Reactors (Rev. 0, March 1976) 11.3
1.111 Methods for Estimating Atmospheric Transport and Dispersion of 2.3
Gaseous Effluents in Routine Releases From Light-Water-Cooled
Reactors (Rev. 1, July 1977)
1.112 Calculation of Releases of Radioactive Materials in Gaseous and Liquid 11.2.3
Effluents From Light-Water-Cooled Power Reactors (Rev. 0-R, 11.3.3
May 1977)
1.113 Estimating Aquatic Dispersion of Effluents From Accidental and Routine This regulatory guide is not
Reactor Releases for the Purpose of Implementing Appendix I (Rev. 1, applicable to AP1000 design
April 1977) certification.
1.114 Guidance to Operators at the Controls and to Senior Operators in the This regulatory guide is not
Control Room of a Nuclear Power Unit (Rev. 2, May 1989) applicable to AP1000 design
certification.
1.115 Protection Against Low-Trajectory Turbine Missiles (Rev 1, July 1977) 3.5
3.8.4
1.116 Quality Assurance Requirements for Installation, Inspection, and Testing This regulatory guide is not
of Mechanical Equipment and Systems (Rev. 0-R, May 1977) applicable to AP1000 design
certification.
1.117 Tornado Design Classification (Rev. 1, April 1978) 3.5
9.1.2

Tier 2 Material 1.9-112 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-1 (Sheet 10 of 15)

REGULATORY GUIDE/DCD SECTION CROSS-REFERENCES

DCD Chapter, Section or
Division 1 Regulatory Guide Subsection
1.118 Periodic Testing of Electric Power and Protection Systems (Rev. 3, 7.1
April 1995) 8.1
8.3
1.119 Withdrawn
1.120 Fire Protection Guidelines for Nuclear Power Plants (Rev. 1, 9.5.1
November 1977)
1.121 Bases for Plugging Degraded PWR Steam Generator Tubes (Rev. 0, 5.4.2
August 1976) 16.1 Bases
1.122 Development of Floor Design Response Spectra for Seismic Design of 3.7
Floor-Supported Equipment or Components (Rev. 1, February 1978) Appendix 3D
1.123 Withdrawn
1.124 Service Limits and Loading Combinations for Class 1 Linear-Type 3.9.3, [Link], [Link]
Component Supports (Rev. 1, January 1978)
1.125 Physical Models for Design and Operation of Hydraulic Structures and 2.4
Systems for Nuclear Power Plants (Rev. 1, October 1978)
1.126 An Acceptable Model and Related Statistical Methods for the Analysis of 4.2
Fuel Densification (Rev. 1, March 1978)
1.127 Inspection of Water-Control Structures Associated With Nuclear Power This regulatory guide is not
Plants (Rev. 1, March 1978) applicable to AP1000.
1.128 Installation Design and Installation of Large Lead Storage Batteries for 8.3.2
Nuclear Power Plants (Rev. 1, October 1978)
1.129 Maintenance, Testing, and Replacement of Large Lead Storage Batteries 16.1 Bases
for Nuclear Power Plants (Rev. 1, February 1978)
1.130 Service Limits and Loading Combinations for Class 1 3.9.3
Plate-and-Shell-Type Component Supports (Rev. 1, October 1978)
1.131 Qualification Tests of Electric Cables, Field Splices and Connections for 3.11
Light-Water-Cooled Nuclear Power Plants (Rev. 0, August 1977) Appendix 3D
1.132 Site Investigations for Foundations of Nuclear Power Plants (Rev. 1, This regulatory guide is not
March 1979) applicable to AP1000 design
certification.
1.133 Loose-Part Detection Program for the Primary System of Light-Water- [Link]
Cooled Reactors (Rev. 1, May 1981)

Tier 2 Material 1.9-113 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-1 (Sheet 11 of 15)

REGULATORY GUIDE/DCD SECTION CROSS-REFERENCES

DCD Chapter, Section or
Division 1 Regulatory Guide Subsection
1.134 Medical Evaluation of Nuclear Power Plant Personnel Requiring This regulatory guide is not
Operator Licenses (Rev. 3, March 1998) applicable to AP1000 design
certification.
1.135 Normal Water Level and Discharge at Nuclear Power Plants (Rev. 0, 2.4
September 1977)
1.136 Material for Concrete Containments (Rev. 2, June 1981) This regulatory guide is not
applicable to AP1000.
1.137 Fuel-Oil Systems for Standby Diesel Generators (Rev. 1, October 1979) 9.5.4
1.138 Laboratory Investigation of Soils for Engineering Analysis and Design of This regulatory guide is not
Nuclear Power Plants (Rev. 0, April 1978) applicable to AP1000 design
certification.
1.139 Guidance for Residual Heat Removal (Rev. 0, May 1978) 6.3
7.4
1.140 Design, Inspection, and Testing Criteria for Air Filtration and Adsorption 9.4.1
Units of Normal Atmosphere Cleanup Systems in Light-Water-Cooled 9.4.4
Nuclear Power Plants (Rev. 2, June 2001) 9.4.5
9.4.7
9.4.9
16.1 Bases
1.141 Containment Isolation Provisions for Fluid Systems (Rev. 0, April 1978) 6.2.4
1.142 Safety-Related Concrete Structures for Nuclear Power Plants (Other 3.8.3
Than Reactor Vessels and Containments) (Rev. 1, October 1981) 3.8.4
3.8.5
1.143 Design Guidance for Radioactive Waste Management Systems, 3.8.4
Structures, and Components Installed in Light-Water-Cooled Nuclear 10.4.8
Power Plants (Rev. 2, November 2001) 11.2
11.3
11.4
11.5
1.144 Withdrawn
1.145 Atmospheric Dispersion Models for Potential Accident Consequence This regulatory guide is not
Assessments at Nuclear Power Plants (Rev. 1, November 1982) applicable to AP1000 design
certification.
1.146 Withdrawn

Tier 2 Material 1.9-114 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-1 (Sheet 12 of 15)

REGULATORY GUIDE/DCD SECTION CROSS-REFERENCES

DCD Chapter, Section or
Division 1 Regulatory Guide Subsection
1.147 Inservice Inspection Code Case Acceptability ASME Section XI [Link]
Division 1 (Rev. 12, May 1999) 6.6.3
1.148 Functional Specification for Active Valve Assemblies in Systems 3.10
Important to Safety in Nuclear Power Plants (Rev. 0, March 1981) 5.4.8
1.149 Nuclear Power Plant Simulation Facilities for Use in Operator License This regulatory guide is not
Examinations (Rev. 2, April 1996) applicable to AP1000 design
certification.
1.150 Ultrasonic Testing of Reactor Pressure Vessel Welds During Preservice 5.2.4
and Inservice Examinations (Rev. 1, February 1983) 5.3.2
5.3.4
1.151 Instrument Sensing Lines (Task 1C 126-5) (Rev. 0, July 1983) 7.1
7.5
7.6
7.7
1.152 Criteria for Programmable Digital Computer System Software in 7.1
Safety-Related Systems of Nuclear Power Plants (Task 1C 127-5) 7.2
(Rev. 1, January 1996) 7.3
7.4
7.5
7.6
1.153 Criteria for Power, Instrumentation, and Control Portions of Safety 7.1
Systems (Task 1C 609-5) (Rev. 1, June 1996) 7.2
7.3
7.4
7.5
7.6
1.154 Format and Content of Plant-Specific Pressurized Thermal Shock Safety 5.3
Analysis Reports for Pressurized Water Reactors (Rev. 0, January 1987)
1.155 Station Blackout (Task SI 501-4) (Rev. 0, August 1988) 8.2
8.3.1
1.156 Environmental Qualification of Connection Assemblies for Nuclear 3.10
Power Plants (Task EE 404-4) (Rev. 0, November 1987) 3.11
Appendix 3D
1.157 Best-Estimate Calculations of Emergency Core Cooling System 6.3
Performance (Task RS 701-4) (Rev. 0, May 1989)

Tier 2 Material 1.9-115 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-1 (Sheet 13 of 15)

REGULATORY GUIDE/DCD SECTION CROSS-REFERENCES

DCD Chapter, Section or
Division 1 Regulatory Guide Subsection
1.158 Qualification of Safety-Related Lead Storage Batteries for Nuclear 3.10
Power Plants (Task EE 006-5) (Rev. 0, February 1989) 3.11
Appendix 3D
1.159 Assuring the Availability of Funds for Decommissioning Nuclear This regulatory guide is not
Reactors (Rev. 0, August 1990) applicable to AP1000 design
certification.
1.160 Monitoring the Effectiveness of Maintenance at Nuclear Power Plants [Link]
(Rev. 2, March 1997) 17.5.6
The COL applicant is
responsible for assessing
conformance to Regulatory
Guide 1.160 of monitoring
the effectiveness of
maintenance.
1.161 Evaluation of Reactor Pressure Vessels with Charpy Upper-Shelf Energy This regulatory guide is not
Less Than 50 Ft-Lb (Rev. 0, June 1995) applicable to AP1000 design
certification.
1.162 Format and Content of Report for Thermal Annealing of Reactor This regulatory guide is not
Pressure Vessels (Rev. 0, February 1996) applicable to AP1000 design
certification.
1.163 Performance Based Containment Leak-Test Program (Rev. 0, 6.2
September 1995) 16.1 Bases
1.165 Identification and Characterization of Seismic Sources and
Determination Safe Shutdown Earthquake Ground Motion (Rev. 0,
March 1997)
1.166 Pre-Earthquake Planning and Immediate Nuclear Power Plant Operator This regulatory guide is not
Postearthquake Actions (Rev. 0, March 1997) applicable to AP1000 design
certification.
1.167 Restart of a Nuclear Power Plant Shut Down by a Seismic Event (Rev. 0, This regulatory guide is not
March 1997) applicable to AP1000 design
certification.
1.168 Verification, Validation, Reviews, and Audits for Digital Computer 7
Software Used in Safety Systems of Nuclear Power Plants (Rev. 0,
September 1997)
1.169 Configuration Management Plans for Digital Computer Software Used in 7
Safety Systems of Nuclear Power Plants (Rev. 0, September 1997)

Tier 2 Material 1.9-116 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-1 (Sheet 14 of 15)

REGULATORY GUIDE/DCD SECTION CROSS-REFERENCES

DCD Chapter, Section or
Division 1 Regulatory Guide Subsection
1.170 Software Test Documentation for Digital Computer Software Used in 7
Safety Systems of Nuclear Power Plants (Rev. 0, September 1997)
1.171 Software Unit Testing for Digital Computer Software Used in Safety 7
Systems of Nuclear Power Plants (Rev. 0, September 1997)
1.172 Software Requirements Specifications for Digital Computer Software 7
Used in Safety Systems of Nuclear Power Plants (Rev. 0,
September 1997)
1.173 Developing Software Life Cycle Processes for Digital Computer 7
Software Used in Safety Systems of Nuclear Power Plants (Rev. 0,
September 1997)
1.174 An Approach for using Probabilistic Risk Assessment in Risk-Informed This regulatory guide is not
Decisions On Plant-Specific Changes to the Licensing Basis (Rev. 0, applicable to AP1000 design
July 1998) certification.
1.175 An Approach for Plant-Specific, Risk-Informed Decisionmaking: This regulatory guide is not
Inservice Testing (Rev. 0, July 1998) applicable to AP1000 design
certification.
1.176 An Approach for Plant-Specific, Risk-Informed Decisionmaking: This regulatory guide is not
Graded Quality Assurance (Rev. 0, August 1998) applicable to AP1000 design
certification.
1.177 An Approach for Plant-Specific, Risk-Informed Decisionmaking: 16.1 Bases
Technical Specifications (Rev. 0, August 1998)
1.178 An Approach for Plant-Specific, Risk-Informed Decisionmaking: This regulatory guide is not
Inservice Inspection of Piping (Rev. 0, September 1998) applicable to AP1000 design
certification.
1.179 Standard Format and Content of License Termination Plans for Nuclear This regulatory guide is not
Power Reactors (Rev. 0, January 1999) applicable to AP1000 design
certification.
1.180 Guidelines for Evaluating Electromagnetic and Radio-Frequency Appendix 3D
Interference in Safety-Related Instrumentation and Control Systems
(Rev. 1, October 2003)
1.181 Content of the Updated Final Safety Analysis Report in Accordance with This regulatory guide is not
10 CFR 50.71(e) (Rev. 0, September 1999) applicable to AP1000 design
certification.
1.182 Assessing and Managing Risk Before Maintenance Activities at Nuclear 16.1 Bases
Power Plants (Rev. 0, May 2000)

Tier 2 Material 1.9-117 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-1 (Sheet 15 of 15)

REGULATORY GUIDE/DCD SECTION CROSS-REFERENCES

DCD Chapter, Section or
Division 1 Regulatory Guide Subsection
1.183 Alternative Radiological Source Terms For Evaluating Design Basis 2.3
Accidents At Nuclear Power Reactors (Rev. 0, July 2000) Appendix 3D
4.2
6.5.1
15.4
15.6.3
15.7
16.1 Bases
1.184 Decommissioning of Nuclear Power Reactors (Rev. 0, August 2000) This regulatory guide is not
applicable to AP1000 design
certification.
1.185 Standard Format and Content for Post-shutdown Decommissioning This regulatory guide is not
Activities Report (Rev. 0, August 2000) applicable to AP1000 design
certification.
1.186 Guidance and Examples of Identifying 10 CFR 50.2 Design Bases This regulatory guide is not
(Rev. 0, December 2000) applicable to AP1000 design
certification.
1.187 Guidance for Implementation of 10 CFR 50.59, Changes, Tests, and This regulatory guide is not
Experiments (Rev. 0, November 2000) applicable to AP1000 design
certification.
1.189 Fire Protection for Operating Nuclear Power Plants (Rev. 0, April 2001) This regulatory guide is not
applicable to AP1000 design
certification.
1.190 Calculational and Dosimetry Methods for Determining Pressure Vessel [Link].2.2
Neutron Fluence (Rev. 0, March 2001)
1.197 Demonstrating Control Room Envelope Integrity at Nuclear Power 9.4.1
Reactors (Rev. 0, May 2003) 6.4.5
1.199 Anchoring Components and Structural Supports in Concrete (Rev. 0, [Link]
November 2003) [Link].1
[Link]

Tier 2 Material 1.9-118 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 1 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
TMI Action Plan Items
I.A.1.1 Shift Technical Advisor f
I.A.1.2 Shift Supervisor Administrative Duties f
I.A.1.3 Shift Manning f
I.A.1.4 Long-Term Upgrading f See DCD subsection
13.1.1
I.A.2.1(1) Qualifications - Experience f
I.A.2.1(2) Training f
I.A.2.1(3) Facility Certification of Competence and Fitness of Applicants f
for Operator and Senior Operator Licenses
I.A.2.2 Training and Qualifications of Operations Personnel c
I.A.2.3 Administration of Training Programs f
I.A.2.4 NRR Participation in Inspector Training d
I.A.2.5 Plant Drills c
I.A.2.6(1) Revise Regulatory Guide 1.8 f
I.A.2.6(2) Staff Review of NRR 80-117 c
I.A.2.6(3) Revise 10 CFR 55 e
I.A.2.6(4) Operator Workshops c
I.A.2.6(5) Develop Inspection Procedures for Training Programs c
I.A.2.6(6) Nuclear Power Fundamentals a
I.A.2.7 Accreditation of Training Institutions c
I.A.3.1 Revise Scope of Criteria for Licensing Examinations f
I.A.3.2 Operator Licensing Program Changes c
I.A.3.3 Requirements for Operator Fitness c
I.A.3.4 Licensing of Additional Operations Personnel c
I.A.3.5 Establish Statement of Understanding with INPO and DOE d

Tier 2 Material 1.9-119 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 2 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
I.A.4.1(1) Short-Term Study of Training Simulators c
I.A.4.1(2) Interim Changes in Training Simulators f
I.A.4.2(1) Research on Training Simulators f
I.A.4.2(2) Upgrade Training Simulator Standards f
I.A.4.2(3) Regulatory Guide on Training Simulators f See DCD subsection
1.9.3, item (2)(i)
I.A.4.2(4) Review Simulators for Conformance to Criteria f
I.A.4.3 Feasibility Study of Procurement of NRC Training Simulator d
I.A.4.4 Feasibility Study of NRC Engineering Computer d
I.B.1.1(1) Prepare Draft Criteria c
I.B.1.1(2) Prepare Commission Paper c
I.B.1.1(3) Issue Requirements for the Upgrading of Management and c
Technical Resources
I.B.1.1(4) Review Responses to Determine Acceptability c
I.B.1.1(5) Review Implementation of the Upgrading Activities c
I.B.1.1(6) Prepare Revisions to Regulatory Guides 1.33 and 1.8 e
I.B.1.1(7) Issue Regulatory Guides 1.33 and 1.8 e
I.B.1.2(1) Prepare Draft Criteria c
I.B.1.2(2) Review Near-Term Operating License Facilities c
I.B.1.2(3) Include Findings in the SER for Each Near-Term Operating c
License Facility
I.B.1.3(1) Require Licensees to Place Plant in Safest Shutdown Cooling d
Following a Loss of Safety Function Due to Personnel Error
I.B.1.3(2) Use Existing Enforcement Options to Accomplish Safest d
Shutdown Cooling
I.B.1.3(3) Use Non-Fiscal Approaches to Accomplish Safest Shutdown d
Cooling
I.B.2.1(1) Verify the Adequacy of Management and Procedural Controls d
and Staff Discipline

Tier 2 Material 1.9-120 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 3 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
I.B.2.1(2) Verify that Systems Required to Be Operable Are Properly d
Aligned
I.B.2.1(3) Follow-up on Completed Maintenance Work Orders to Ensure d
Proper Testing and Return to Service
I.B.2.1(4) Observe Surveillance Tests to Determine Whether Test d
Instruments Are Properly Calibrated
I.B.2.1(5) Verify that Licensees Are Complying with Technical d
Specifications
I.B.2.1(6) Observe Routine Maintenance d
I.B.2.1(7) Inspect Terminal Boards, Panels, and Instrument Racks for d
Unauthorized Jumpers and Bypasses
I.B.2.2 Resident Inspector at Operating Reactors d
I.B.2.3 Regional Evaluations d
I.B.2.4 Overview of Licensee Performance d
I.C.1(1) Small Break LOCAs f
I.C.1(2) Inadequate Core Cooling f
I.C.1(3) Transients and Accidents f
I.C.1(4) Confirmatory Analyses of Selected Transients c
I.C.2 Shift and Relief Turnover Procedures f
I.C.3 Shift Supervisor Responsibilities f
I.C.4 Control Room Access f
I.C.5 Procedures for Feedback of Operating Experience to Plant g See DCD subsection
Staff 1.9.3, item (3)(i)
I.C.6 Procedures for Verification of Correct Performance of f
Operating Activities
I.C.7 NSSS Vendor Review of Procedures f
I.C.8 Pilot Monitoring of Selected Emergency Procedures for f
Near-Term Operating License Applicants

Tier 2 Material 1.9-121 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 4 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
I.C.9 Long-Term Program Plan for Upgrading of Procedures c See DCD
subsections 13.5.1
and 1.9.3,
item (2)(ii)
I.D.1 Control Room Design Reviews g See DCD subsection
1.9.3, item (2)(iii)
I.D.2 Plant Safety Parameter Display Console g See DCD subsection
1.9.3, item (2)(iv)
I.D.3 Safety System Status Monitoring c See DCD subsection
1.9.3, item (2)(v)
I.D.4 Control Room Design Standard c
I.D.5(1) Operator-Process Communication c
I.D.5(2) Plant Status and Post-Accident Monitoring g See DCD subsection
1.9.4, item I.D.5(2)
I.D.5(3) On-Line Reactor Surveillance System c See DCD subsection
1.9.4, item I.D.5(3)
I.D.5(4) Process Monitoring Instrumentation c
I.D.5(5) Disturbance Analysis Systems d
I.D.6 Technology Transfer Conference d
I.E.1 Office for Analysis and Evaluation of Operational Data d
I.E.2 Program Office Operational Data Evaluation d
I.E.3 Operational Safety Data Analysis d
I.E.4 Coordination of Licensee, Industry, and Regulatory Programs d
I.E.5 Nuclear Plant Reliability Data Systems d
I.E.6 Reporting Requirements d
I.E.7 Foreign Sources d
I.E.8 Human Error Rate Analysis d
I.F.1 Expand QA List c, j See DCD
subsections
[Link].1, item I.F.1
and 1.9.3, item (3)(ii)

Tier 2 Material 1.9-122 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 5 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
I.F.2(1) Assure the Independence of the Organization Performing the a See DCD subsection
Checking Function 17.5
I.F.2(2) Include QA Personnel in Review and Approval of Plant g See DCD subsection
Procedures 1.9.3, item (3)(iii)
I.F.2(3) Include QA Personnel in All Design, Construction, g See DCD subsection
Installation, Testing, and Operation Activities 1.9.3, item (3)(iii)
I.F.2(4) Establish Criteria for Determining QA Requirements for a See DCD subsection
Specific Classes of Equipment 17.5
I.F.2(5) Establish Qualification Requirements for QA and QC a See DCD subsection
Personnel 17.5
I.F.2(6) Increase the Size of Licensees' QA Staff f
I.F.2(7) Clarify that the QA Program Is a Condition of the a See DCD subsection
Construction Permit and Operating License 17.5
I.F.2(8) Compare NRC QA Requirements with Those of Other a See DCD subsection
Agencies 17.5
I.F.2(9) Clarify Organizational Reporting Levels for the QA f
Organization
I.F.2(10) Clarify Requirements for Maintenance of "As-Built" a See DCD subsection
Documentation 17.5
I.F.2(11) Define Role of QA in Design and Analysis Activities a See DCD subsection
17.5
I.G.1 Training Requirements f, j See DCD subsection
[Link].1, item I.G.1
I.G.2 Scope of Test Program f, j See DCD subsection
[Link].1, item I.G.2
II.A.1 Siting Policy Reformulation c
II.A.2 Site Evaluation of Existing Facilities e
II.B.1 Reactor Coolant System Vents g See DCD subsection
1.9.3, item (2)(vi)
II.B.2 Plant Shielding to Provide Access to Vital Areas and Protect g See DCD subsection
Safety Equipment for Post-Accident Operation 1.9.3, item (2)(vii)

Tier 2 Material 1.9-123 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 6 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
II.B.3 Post-Accident Sampling g See DCD subsection
1.9.3, item (2)(viii)
II.B.4 Training for Mitigating Core Damage f
II.B.5(1) Behavior of Severely Damaged Fuel d
II.B.5(2) Behavior of Core Melt d
II.B.5(3) Effect of Hydrogen Burning and Explosions on Containment d
Structures
II.B.6 Risk Reduction for Operating Reactors at Sites with High f
Population Densities
II.B.7 Analysis of Hydrogen Control e
II.B.8 Rulemaking Proceedings on Degraded Core Accidents g See DCD subsection
1.9.3, items (1)(i),
(1)(xii), (2)(ix),
(3)(iv), and (3)(v)
II.C.1 Interim Reliability Evaluation Program c
II.C.2 Continuation of Interim Reliability Evaluation Program c
II.C.3 Systems Interaction e
II.C.4 Reliability Engineering c
II.D.1 Testing Requirements g See DCD subsection
1.9.3, item (2)(x)
II.D.2 Research on Relief and Safety Valve Test Requirements a
II.D.3 Relief and Safety Valve Position Indication g See DCD subsection
1.9.3, item (2)(xi)
II.E.1.1 Auxiliary Feedwater System Evaluation g See DCD subsection
1.9.3, item (1)(ii)
II.E.1.2 Auxiliary Feedwater System Automatic Initiation and Flow g See DCD subsection
Indication 1.9.3, items (1)(ii)
and (2)(xii)
II.E.1.3 Update Standard Review Plan and Develop Regulatory Guide d, j See DCD subsection
[Link].1, item
II.E.1.3

Tier 2 Material 1.9-124 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 7 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
II.E.2.1 Reliance on ECCS e
II.E.2.2 Research on Small Break LOCAs and Anomalous Transients c
II.E.2.3 Uncertainties in Performance Predictions a
II.E.3.1 Reliability of Power Supplies for Natural Circulation g See DCD subsection
1.9.3, item (2)(xiii)
II.E.3.2 Systems Reliability e
II.E.3.3 Coordinated Study of Shutdown Heat Removal Requirements e
II.E.3.4 Alternate Concepts Research c
II.E.3.5 Regulatory Guide e
II.E.4.1 Dedicated Penetrations g See DCD subsection
1.9.3, item (3)(vi)
II.E.4.2 Isolation Dependability g See DCD subsection
1.9.3, item (2)(xiv)
II.E.4.3 Integrity Check c
II.E.4.4 Purging g See DCD subsection
1.9.3, item (2)(xv)
II.E.5.1 Design Evaluation b
II.E.5.2 B&W Reactor Transient Response Task Force b
II.E.6.1 Test Adequacy Study d, j See DCD subsection
[Link].1, item
II.E.6.1
II.F.1 Additional Accident Monitoring Instrumentation g See DCD subsection
1.9.3, item (2)(xvii)
II.F.2 Identification of and Recovery from Conditions Leading to g See DCD subsection
Inadequate Core Cooling 1.9.3, item (2)(xviii)
II.F.3 Instruments for Monitoring Accident Conditions g See DCD subsection
1.9.3, item (2)(xix)
II.F.4 Study of Control and Protective Action Design Requirements a

Tier 2 Material 1.9-125 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 8 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
II.F.5 Classification of Instrumentation, Control, and Electrical d
Equipment
II.G.1 Power Supplies for Pressurizer Relief Valves, Block Valves, g See DCD subsection
and Level Indicators 1.9.3, item (2)(xx)
II.H.1 Maintain Safety of TMI-2 and Minimize Environmental Impact c
II.H.2 Obtain Technical Data on the Conditions Inside the TMI-2 b
Containment Structure
II.H.3 Evaluate and Feed Back Information Obtained from TMI e
II.H.4 Determine Impact of TMI on Socioeconomic and Real d
Property Values
II.J.1.1 Establish a Priority System for Conducting Vendor d
Inspections
II.J.1.2 Modify Existing Vendor Inspection Program d
II.J.1.3 Increase Regulatory Control Over Present Non-Licensees d
II.J.1.4 Assign Resident Inspectors to Reactor Vendors and d
Architect-Engineers
II.J.2.1 Reorient Construction Inspection Program d
II.J.2.2 Increase Emphasis on Independent Measurement in d
Construction Inspection Program
II.J.2.3 Assign Resident Inspectors to All Construction Sites d
II.J.3.1 Organization and Staffing to Oversee Design and Construction f See DCD subsection
1.9.3, item (3)(vii)
II.J.3.2 Issue Regulatory Guide e
II.J.4.1 Revise Deficiency Reporting Requirements f
II.K.1(1) Review TMI-2 PNs and Detailed Chronology of the TMI-2 f
Accident
II.K.1(2) Review Transients Similar to TMI-2 That Have Occurred at b
Other Facilities and NRC Evaluation of Davis-Besse Event
II.K.1(3) Review Operating Procedures for Recognizing, Preventing, f
and Mitigating Void Formation in Transients and Accidents

Tier 2 Material 1.9-126 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 9 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
II.K.1(4) Review Operating Procedures and Training Instructions f
II.K.1(5) Safety-Related Valve Position Description f
II.K.1(6) Review Containment Isolation Initiation Design and f
Procedures
II.K.1(7) Implement Positive Position Controls on Valves That Could b
Compromise or Defeat AFW Flow
II.K.1(8) Implement Procedures That Assure Two Independent 100% b
AFW Flow Paths
II.K.1(9) Review Procedures to Assure That Radioactive Liquids and f
Gases Are Not Transferred out of Containment Inadvertently
II.K.1(10) Review and Modify Procedures for Removing Safety-Related f, j See DCD subsection
Systems from Service [Link].1, item
II.K.1(10)
II.K.1(11) Make All Operating and Maintenance Personnel Aware of the f
Seriousness and Consequences of the Erroneous Actions
Leading up to, and in Early Phases of, the TMI-2 Accident
II.K.1(12) One Hour Notification Requirement and Continuous f
Communications Channels
II.K.1(13) Propose Technical Specification Changes Reflecting f, j See DCD subsection
Implementation of All Bulletin Items [Link].1, item
II.K.1(13)
II.K.1(14) Review Operating Modes and Procedures to Deal with f
Significant Amounts of Hydrogen
II.K.1(15) For Facilities with Non-Automatic AFW Initiation, Provide f
Dedicated Operator in Continuous Communication with CR to
Operate AFW
II.K.1(16) Implement Procedures That Identify PZR PORV "Open" f
Indications and That Direct Operator to Close Manually at
"Reset" Setpoint
II.K.1(17) Trip PZR Level Bistable so That PZR Low Pressure Will f, j See DCD subsection
Initiate Safety Injection [Link].1, item
II.K.1(17)

Tier 2 Material 1.9-127 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 10 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
II.K.1(18) Develop Procedures and Train Operators on Methods of b
Establishing and Maintaining Natural Circulation
II.K.1(19) Describe Design and Procedure Modifications to Reduce b
Likelihood of Automatic PZR PORV Actuation in Transients
II.K.1(20) Provide Procedures and Training to Operators for Prompt b
Manual Reactor Trip for LOFW, TT, MSIV Closure, LOOP,
LOSG Level, and LO PZR Level
II.K.1(21) Provide Automatic Safety-Grade Anticipatory Reactor Trip for b
LOFW, TT, or Significant Decrease in SG Level
II.K.1(22) Describe Automatic and Manual Actions for Proper g See DCD subsection
Functioning of Auxiliary Heat Removal Systems When FW 1.9.3, item (2)(xxi)
System Not Operable
II.K.1(23) Describe Uses and Types of RV Level Indication for b
Automatic and Manual Initiation Safety Systems
II.K.1(24) Perform LOCA Analyses for a Range of Small-Break Sizes e, j See DCD subsection
and a Range of Time Lapses Between Reactor Trip and RCP [Link].1, item
Trip II.K.1(24)
II.K.1(25) Develop Operator Action Guidelines e
II.K.1(26) Revise Emergency Procedures and Train ROs and SROs f
II.K.1(27) Provide Analyses and Develop Guidelines and Procedures for e
Inadequate Core Cooling Conditions
II.K.1(28) Provide Design That Will Assure Automatic RCP Trip for All e
Circumstances Where Required
II.K.2(1) Upgrade Timeliness and Reliability of AFW System b
II.K.2(2) Procedures and Training to Initiate and Control AFW b
Independent of Integrated Control System
II.K.2(3) Hard-Wired Control-Grade Anticipatory Reactor Trips b
II.K.2(4) Small-Break LOCA Analysis, Procedures and Operator b
Training
II.K.2(5) Complete TMI-2 Simulator Training for All Operators b
II.K.2(6) Reevaluate Analysis of Dual-Level Setpoint Control b

Tier 2 Material 1.9-128 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 11 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
II.K.2(7) Reevaluate Transient of September 24, 1977 b
II.K.2(8) Continued Upgrading of AFW System e
II.K.2(9) Analysis and Upgrading of Integrated Control System e
II.K.2(10) Hard-Wired Safety-Grade Anticipatory Reactor Trips b See DCD subsection
1.9.3, item (2)(xxiii)
II.K.2(11) Operator Training and Drilling b
II.K.2(12) Transient Analysis and Procedures for Management of Small e
Breaks
II.K.2(13) Thermal-Mechanical Report on Effect of HPI on Vessel b
Integrity for Small-Break LOCA With No AFW
II.K.2(14) Demonstrate That Predicted Lift Frequency of PORVs and b
SVs Is Acceptable
II.K.2(15) Analysis of Effects of Slug Flow on Once-Through Steam b
Generator Tubes After Primary System Voiding
II.K.2(16) Impact of RCP Seal Damage Following Small-Break LOCA g See DCD subsection
With Loss of Offsite Power 1.9.3, item (1)(iii)
II.K.2(17) Analysis of Potential Voiding in RCS During Anticipated b
Transients
II.K.2(18) Analysis of Loss of Feedwater and Other Anticipated e
Transients
II.K.2(19) Benchmark Analysis of Sequential AFW Flow to b
Once-Through Steam Generator
II.K.2(20) Analysis of Steam Response to Small-Break LOCA b
II.K.2(21) LOFT L3-1 Predictions b
II.K.3(1) Install Automatic PORV Isolation System and Perform g See DCD subsection
Operational Test 1.9.3, item (1)(iv)
II.K.3(2) Report on Overall Safety Effect of PORV Isolation System g See DCD subsection
1.9.3, item (1)(iv)
II.K.3(3) Report Safety and Relief Valve Failures Promptly and f
Challenges Annually

Tier 2 Material 1.9-129 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 12 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
II.K.3(4) Review and Upgrade Reliability and Redundancy of Non- e
Safety Equipment for Small-Break LOCA Mitigation
II.K.3(5) Automatic Trip of Reactor Coolant Pumps f, j See DCD subsection
[Link].1, item
II.K.3(5)
II.K.3(6) Instrumentation to Verify Natural Circulation e
II.K.3(7) Evaluation of PORV Opening Probability During b
Overpressure Transient
II.K.3(8) Further Staff Consideration of Need for Diverse Decay Heat e
Removal Method Independent of SGs
II.K.3(9) Proportional Integral Derivative Controller Modification g See DCD subsection
1.9.4, item II.K.3(9)
II.K.3(10) Anticipatory Trip Modification Proposed by Some Licensees f
to Confine Range of Use to High Power Levels
II.K.3(11) Control Use of PORV Supplied by Control Components, Inc. f
Until Further Review Complete
II.K.3(12) Confirm Existence of Anticipatory Trip Upon Turbine Trip f
II.K.3(13) Separation of HPCI and RCIC System Initiation Levels b
II.K.3(14) Isolation of Isolation Condensers on High Radiation b
II.K.3(15) Modify Break Detection Logic to Prevent Spurious Isolation b
of HPCI and RCIC Systems
II.K.3(16) Reduction of Challenges and Failures of Relief Valves - b
Feasibility Study and System Modification
II.K.3(17) Report on Outage of ECC Systems - Licensee Report and b
Technical Specification Changes
II.K.3(18) Modification of ADS Logic - Feasibility Study and g See DCD subsection
Modification for Increased Diversity for Some Event 1.9.3, item (1)(vii)
Sequences
II.K.3(19) Interlock on Recirculation Pump Loops b
II.K.3(20) Loss of Service Water for Big Rock Point b

Tier 2 Material 1.9-130 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 13 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
II.K.3(21) Restart of Core Spray and LPCI Systems on Low Level - b
Design and Modification
II.K.3(22) Automatic Switchover of RCIC System Suction - Verify b
Procedures and Modify Design
II.K.3(23) Central Water Level Recording e
II.K.3(24) Confirm Adequacy of Space Cooling for HPCI and RCIC b
Systems
II.K.3(25) Effect of Loss of AC Power on Pump Seals g See DCD subsection
1.9.3, item (1)(iii)
II.K.3(26) Study Effect on RHR Reliability of Its Use for Fuel Pool e
Cooling
II.K.3(27) Provide Common Reference Level for Vessel Level b
Instrumentation
II.K.3(28) Study and Verify Qualification of Accumulators on ADS g See DCD subsection
Valves 1.9.3, item (1)(x)
II.K.3(29) Study to Demonstrate Performance of Isolation Condensers b
with Non-Condensibles
II.K.3(30) Revised Small-Break LOCA Methods to Show Compliance f
with 10 CFR 50, Appendix K
II.K.3(31) Plant-Specific Calculations to Show Compliance with f
10 CFR 50.46
II.K.3(32) Provide Experimental Verification of Two-Phase Natural e
Circulation Models
II.K.3(33) Evaluate Elimination of PORV Function e
II.K.3(34) Relap-4 Model Development e
II.K.3(35) Evaluation of Effects of Core Flood Tank Injection on e
Small-Break LOCAs
II.K.3(36) Additional Staff Audit Calculations of B&W Small-Break e
LOCA Analyses
II.K.3(37) Analysis of B&W Response to Isolated Small-Break LOCA e

Tier 2 Material 1.9-131 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 14 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
II.K.3(38) Analysis of Plant Response to a Small-Break LOCA in the e
Pressurizer Spray Line
II.K.3(39) Evaluation of Effects of Water Slugs in Piping Caused by HPI e
and CFT Flows
II.K.3(40) Evaluation of RCP Seal Damage and Leakage During a Small- e
Break LOCA
II.K.3(41) Submit Predictions for LOFT Test L3-6 with RCPs Running e
II.K.3(42) Submit Requested Information on the Effects of e
Non Condensible Gases
II.K.3(43) Evaluation of Mechanical Effects of Slug Flow on Steam e
Generator Tubes
II.K.3(44) Evaluation of Anticipated Transients with Single Failure to b
Verify No Significant Fuel Failure
II.K.3(45) Evaluate Depressurization with Other Than Full ADS b
II.K.3(46) Response to List of Concerns from ACRS Consultant b
II.K.3(47) Test Program for Small-Break LOCA Model Verification e
Pretest Prediction, Test Program, and Model Verification
II.K.3(48) Assess Change in Safety Reliability as a Result of e
Implementing B&OTF Recommendations
II.K.3(49) Review of Procedures (NRC) e
II.K.3(50) Review of Procedures (NSSS Vendors) e
II.K.3(51) Symptom-Based Emergency Procedures e
II.K.3(52) Operator Awareness of Revised Emergency Procedures e
II.K.3(53) Two Operators in Control Room e
II.K.3(54) Simulator Upgrade for Small-Break LOCAs e
II.K.3(55) Operator Monitoring of Control Board e
II.K.3(56) Simulator Training Requirements e
II.K.3(57) Identify Water Sources Prior to Manual Activation of ADS b

Tier 2 Material 1.9-132 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 15 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
III.A.1.1(1) Implement Action Plan Requirements for Promptly Improving f
Licensee Emergency Preparedness
III.A.1.1(2) Perform an Integrated Assessment of the Implementation f
III.A.1.2 Upgrade Licensee Emergency Support Facilities g See DCD subsection
1.9.3, item (2)(xxv)
III.A.1.3(1) Maintain Supplies of Thyroid-Blocking Agent - Workers c
III.A.1.3(2) Maintain Supplies of Thyroid-Blocking Agent - Public c
III.A.2.1(1) Publish Proposed Amendments to the Rules d
III.A.2.1(2) Conduct Public Regional Meetings d
III.A.2.1(3) Prepare Final Commission Paper Recommending Adoption of d
Rules
III.A.2.1(4) Revise Inspection Program to Cover Upgraded Requirements d
III.A.2.2 Development of Guidance and Criteria d
III.A.3.1(1) Define NRC Role in Emergency Situations c
III.A.3.1(2) Revise and Upgrade Plans and Procedures for the NRC c
Emergency Operations Center
III.A.3.1(3) Revise Manual Chapter 0502, Other Agency Procedures, and c
NUREG-0610
III.A.3.1(4) Prepare Commission Paper c
III.A.3.1(5) Revise Implementing Procedures and Instructions for c
Regional Offices
III.A.3.2 Improve Operations Centers c
III.A.3.3 Communications d See DCD subsection
[Link].2
III.A.3.4 Nuclear Data Link c
III.A.3.5 Training, Drills, and Tests c
III.A.3.6(1) Interaction of NRC and Other Agencies - International c
III.A.3.6(2) Federal c

Tier 2 Material 1.9-133 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 16 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
III.A.3.6(3) State and Local c
III.B.1 Transfer of Responsibilities to FEMA c
III.B.2(1) The Licensing Process c
III.B.2(2) Federal Guidance c
III.C.1(1) Review Publicly Available Documents d
III.C.1(2) Recommend Publication of Additional Information d
III.C.1(3) Program of Seminars for News Media Personnel d
III.C.2(1) Develop Policy and Procedures for Dealing With Briefing d
Requests
III.C.2(2) Provide Training for Members of the Technical Staff d
III.D.1.1(1) Review Information Submitted by Licensees Pertaining to g See DCD subsection
Reducing Leakage from Operating Systems 1.9.3, item (2)(xxvi)
III.D.1.1(2) Review Information on Provisions for Leak Detection a
III.D.1.1(3) Develop Proposed System Acceptance Criteria a
III.D.1.2 Radioactive Gas Management a
III.D.1.3(1) Decide Whether Licensees Should Perform Studies and Make a
Modifications
III.D.1.3(2) Review and Revise SRP a
III.D.1.3(3) Require Licensees to Upgrade Filtration Systems a
III.D.1.3(4) Sponsor Studies to Evaluate Charcoal Adsorber c
III.D.1.4 Radwaste System Design Features to Aid in Accident a
Recovery and Decontamination
III.D.2.1(1) Evaluate the Feasibility and Perform a Value-Impact Analysis a
of Modifying Effluent-Monitoring Design Criteria
III.D.2.1(2) Study the Feasibility of Requiring the Development of a
Effective Means for Monitoring and Sampling Noble Gases
and Radioiodine Released to the Atmosphere
III.D.2.1(3) Revise Regulatory Guides a

Tier 2 Material 1.9-134 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 17 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
III.D.2.2(1) Perform Study of Radioiodine, Carbon-14, and Tritium c
Behavior
III.D.2.2(2) Evaluate Data Collected at Quad Cities e
III.D.2.2(3) Determine the Distribution of the Chemical Species of e
Radioiodine in Air-Water-Steam Mixtures
III.D.2.2(4) Revise SRP and Regulatory Guides e
III.D.2.3(1) Develop Procedures to Discriminate Between Sites/Plants c
III.D.2.3(2) Discriminate Between Sites and Plants That Require c
Consideration of Liquid Pathway Interdiction Techniques
III.D.2.3(3) Establish Feasible Method of Pathway Interdiction c
III.D.2.3(4) Prepare a Summary Assessment c
III.D.2.4(1) Study Feasibility of Environmental Monitors c
III.D.2.4(2) Place 50 TLDs Around Each Site d
III.D.2.5 Offsite Dose Calculation Manual c
III.D.2.6 Independent Radiological Measurements d
III.D.3.1 Radiation Protection Plans c
III.D.3.2(1) Amend 10 CFR 20 d
III.D.3.2(2) Issue a Regulatory Guide d
III.D.3.2(3) Develop Standard Performance Criteria d
III.D.3.2(4) Develop Method for Testing and Certifying Air-Purifying d
Respirators
III.D.3.3 In-plant Radiation Monitoring g See DCD subsection
1.9.3, item
(2)(xxvii)
III.D.3.4 Control Room Habitability g See DCD subsection
1.9.3, item
(2)(xxviii)
III.D.3.5(1) Develop Format for Data To Be Collected by Utilities d
Regarding Total Radiation Exposure to Workers

Tier 2 Material 1.9-135 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 18 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
III.D.3.5(2) Investigate Methods of Obtaining Employee Health Data by d
Nonlegislative Means
III.D.3.5(3) Revise 10 CFR 20 d
IV.A.1 Seek Legislative Authority d
IV.A.2 Revise Enforcement Policy d
IV.B.1 Revise Practices for Issuance of Instructions and Information d
to Licensees
IV.C.1 Extend Lessons Learned from TMI to Other NRC Programs c
IV.D.1 NRC Staff Training d
IV.E.1 Expand Research on Quantification of Safety d
Decision-Making
IV.E.2 Plan for Early Resolution of Safety Issues d
IV.E.3 Plan for Resolving Issues at the CP Stage d
IV. E.4 Resolve Generic Issues by Rulemaking d
IV.E.5 Assess Currently Operating Reactors c
IV.F.1 Increased OIE Scrutiny of the Power-Ascension Test Program c
IV.F.2 Evaluate the Impacts of Financial Disincentives to the Safety c
of Nuclear Power Plants
IV.G.1 Develop a Public Agenda for Rulemaking d
IV.G.2 Periodic and Systematic Reevaluation of Existing Rules d
IV.G.3 Improve Rulemaking Procedures d
IV.G.4 Study Alternatives for Improved Rulemaking Process d
IV.H.1 NRC Participation in the Radiation Policy Council d
V.A.1 Develop NRC Policy Statement on Safety d
V.B.1 Study and Recommend, as Appropriate, Elimination of d
Nonsafety Responsibilities
V.C.1 Strengthen the Role of Advisory Committee on Reactor d
Safeguards

Tier 2 Material 1.9-136 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 19 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
V.C.2 Study Need for Additional Advisory Committees d
V.C.3 Study the Need to Establish an Independent Nuclear Safety d
Board
V.D.1 Improve Public and Intervenor Participation in the Hearing d
Process
V.D.2 Study Construction-During-Adjudication Rules d
V.D.3 Reexamine Commission Role in Adjudication d
V.D.4 Study the Reform of the Licensing Process d
V.E.1 Study the Need for TMI-Related Legislation d
V.F.1 Study NRC Top Management Structure and Process d
V.F.2 Reexamine Organization and Functions of the NRC Offices d
V.F.3 Revise Delegations of Authority to Staff d
V.F.4 Clarify and Strengthen the Respective Roles of Chairman, d
Commission, and Executive Director for Operations
V.F.5 Authority to Delegate Emergency Response Functions to a d
Single Commissioner
V.G.1 Achieve Single Location, Long-Term d
V.G.2 Achieve Single Location, Interim d

Task Action Plan Items

A-1 Water Hammer (former USI) g See DCD subsection
1.9.4, item A-1
A-2 Asymmetric Blowdown Loads on Reactor Primary Coolant g See DCD subsection
Systems (former USI) 1.9.4, item A-2
A-3 Westinghouse Steam Generator Tube Integrity (former USI) g See DCD subsection
1.9.4, item A-3
A-4 CE Steam Generator Tube Integrity (former USI) b
A-5 B&W Steam Generator Tube Integrity (former USI) b
A-6 Mark I Short-Term Program (former USI) b

Tier 2 Material 1.9-137 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 20 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
A-7 Mark I Long-Term Program (former USI) b
A-8 Mark II Containment Pool Dynamic Loads Long-Term b
Program (former USI)
A-9 ATWS (former USI) g See DCD subsection
1.9.4, item A-9
A-10 BWR Feedwater Nozzle Cracking (former USI) b
A-11 Reactor Vessel Materials Toughness (former USI) g See DCD subsection
1.9.4, item A-11
A-12 Fracture Toughness of Steam Generator and Reactor Coolant g See DCD subsection
Pump Supports (former USI) 1.9.4, item A-12
A-13 Snubber Operability Assurance g See DCD subsection
1.9.4, item A-13
A-14 Flaw Detection a
A-15 Primary Coolant System Decontamination and Steam c
Generator Chemical Cleaning
A-16 Steam Effects on BWR Core Spray Distribution b
A-17 Systems Interactions in Nuclear Power Plants (former USI) c, j See DCD subsection
[Link].2, item A-17
A-18 Pipe Rupture Design Criteria a
A-19 Digital Computer Protection System d
A-20 Impacts of the Coal Fuel Cycle d
A-21 Main Steam Line Break Inside Containment - Evaluation of a
Environmental Conditions for Equipment Qualification
A-22 PWR Main Steam Line Break - Core, Reactor Vessel and a
Containment Building Response
A-23 Containment Leak Testing d
A-24 Qualification of Class e Safety-Related Equipment g See DCD subsection
(former USI) 1.9.4, item A-24
A-25 Non-Safety Loads on Class e Power Sources g See DCD subsection
1.9.4, item A-25

Tier 2 Material 1.9-138 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 21 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
A-26 Reactor Vessel Pressure Transient Protection (former USI) g See DCD subsection
1.9.4, item A-26
A-27 Reload Applications d
A-28 Increase in Spent Fuel Pool Storage Capacity g See DCD subsection
1.9.4, item A-28
A-29 Nuclear Power Plant Design for the Reduction of c, j See DCD subsection
Vulnerability to Industrial Sabotage [Link].2, item A-29
A-30 Adequacy of Safety-Related DC Power Supplies e
A-31 RHR Shutdown Requirements (former USI) g See DCD subsection
1.9.4, item A-31
A-32 Missile Effects e
A-33 NEPA Review of Accident Risks i
A-34 Instruments for Monitoring Radiation and Process Variables e
During Accidents
A-35 Adequacy of Offsite Power Systems g See DCD subsection
1.9.4, item A-35
A-36 Control of Heavy Loads Near Spent Fuel (former USI) g See DCD subsection
1.9.4, item A-36
A-37 Turbine Missiles a
A-38 Tornado Missiles a
A-39 Determination of Safety Relief Valve Pool Dynamic Loads b See DCD subsection
and Temperature Limits (former USI) 1.9.4, item A-39
A-40 Seismic Design Criteria - Short Term Program (former USI) g See DCD subsection
1.9.4, item A-40
A-41 Long Term Seismic Program c
A-42 Pipe Cracks in Boiling Water Reactors (former USI) b
A-43 Containment Emergency Sump Performance (former USI) g See DCD subsection
1.9.4, item A-43
A-44 Station Blackout (former USI) g See DCD subsection
1.9.4, item A-44

Tier 2 Material 1.9-139 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 22 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
A-45 Shutdown Decay Heat Removal Requirements (former USI) c
A-46 Seismic Qualification of Equipment in Operating Plants g See DCD subsection
(former USI) 1.9.4, item A-46
A-47 Safety Implications of Control Systems (former USI) g See DCD subsection
1.9.4, item A-47
A-48 Hydrogen Control Measures and Effects of Hydrogen Burns g See DCD subsection
on Safety Equipment 1.9.4, item A-48
A-49 Pressurized Thermal Shock (former USI) g See DCD subsection
1.9.4, item A-49
B-1 Environmental Technical Specifications d
B-2 Forecasting Electricity Demand d
B-3 Event Categorization a
B-4 ECCS Reliability e
B-5 Ductility of Two-Way Slabs and Shells and Buckling Behavior c, j See DCD subsection
of Steel Containments [Link].2, item B-5
B-6 Loads, Load Combinations, Stress Limits e
B-7 Secondary Accident Consequence Modeling a
B-8 Locking Out of ECCS Power Operated Valves a
B-9 Electrical Cable Penetrations of Containment c
B-10 Behavior of BWR Mark III Containments b
B-11 Subcompartment Standard Problems d
B-12 Containment Cooling Requirements (Non-LOCA) c
B-13 Marviken Test Data Evaluation d
B-14 Study of Hydrogen Mixing Capability in Containment e
Post-LOCA
B-15 CONTEMPT Computer Code Maintenance a
B-16 Protection Against Postulated Piping Failures in Fluid e
Systems Outside Containment

Tier 2 Material 1.9-140 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 23 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
B-17 Criteria for Safety-Related Operator Actions c See DCD subsection
1.9.4, item B-17
B-18 Vortex Suppression Requirements for Containment Sumps e
B-19 Thermal-Hydraulic Stability c
B-20 Standard Problem Analysis d
B-21 Core Physics a
B-22 LWR Fuel a See DCD subsection
1.9.4, item B-22
B-23 LMFBR Fuel a
B-24 Seismic Qualification of Electrical and Mechanical e
Components
B-25 Piping Benchmark Problems d
B-26 Structural Integrity of Containment Penetrations c
B-27 Implementation and Use of Subsection NF d
B-28 Radionuclide/Sediment Transport Program d
B-29 Effectiveness of Ultimate Heat Sinks d See DCD subsection
1.9.4, item B-29
B-30 Design Basis Floods and Probability d
B-31 Dam Failure Model a
B-32 Ice Effects on Safety-Related Water Supplies e See DCD subsection
1.9.4, item B-32
B-33 Dose Assessment Methodology d
B-34 Occupational Radiation Exposure Reduction e
B-35 Confirmation of Appendix I Models for Calculations of d
Releases of Radioactive Materials in Gaseous and Liquid
Effluents from Light Water Cooled Power Reactors

Tier 2 Material 1.9-141 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 24 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
B-36 Develop Design, Testing, and Maintenance Criteria for g See DCD subsection
Atmosphere Cleanup System Air Filtration and Adsorption 1.9.4, item B-36
Units for Engineered Safety Feature Systems and for Normal
Ventilation Systems
B-37 Chemical Discharges to Receiving Waters d
B-38 Reconnaissance Level Investigations a
B-39 Transmission Lines a
B-40 Effects of Power Plant Entrainment on Plankton a
B-41 Impacts on Fisheries a
B-42 Socioeconomic Environmental Impacts d
B-43 Value of Aerial Photographs for Site Evaluation d
B-44 Forecasts of Generating Costs of Coal and Nuclear Plants d
B-45 Need for Power - Energy Conservation e
B-46 Cost of Alternatives in Environmental Design a
B-47 Inservice Inspection of Supports - Classes 1, 2, 3, and MC a
Components
B-48 BWR CRD Mechanical Failure (Collet Housing) b
B-49 Inservice Inspection Criteria and Corrosion Prevention d
Criteria for Containments
B-50 Post-Operating Basis Earthquake Inspections a
B-51 Assessment of Inelastic Analysis Techniques for Equipment e
and Components
B-52 Fuel Assembly Seismic and LOCA Responses e
B-53 Load Break Switch g See DCD subsection
1.9.4, item B-53
B-54 Ice Condenser Containments c
B-55 Improved Reliability of Target Rock Safety Relief Valves b
B-56 Diesel Reliability g See DCD subsection
1.9.4, item B-56

Tier 2 Material 1.9-142 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 25 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
B-57 Station Blackout e
B-58 Passive Mechanical Failures c
B-59 (N-1) Loop Operation in BWRs and PWRs d
B-60 Loose Parts Monitoring System c
B-61 Allowable ECCS Equipment Outage Periods g See DCD subsection
1.9.4, item B-61
B-62 Reexamination of Technical Bases for Establishing SLs, a
LSSSs, and Reactor Protection System Trip Functions
B-63 Isolation of Low Pressure Systems Connected to the Reactor g See DCD subsection
Coolant Pressure Boundary 1.9.4, item B-63
B-64 Decommissioning of Reactors f
B-65 Iodine Spiking a
B-66 Control Room Infiltration Measurements g See DCD subsection
1.9.4, item B-66
B-67 Effluent and Process Monitoring Instrumentation e
B-68 Pump Overspeed During LOCA a
B-69 ECCS Leakage Ex-Containment e
B-70 Power Grid Frequency Degradation and Effect on Primary c
Coolant Pumps
B-71 Incident Response e
B-72 Health Effects and Life Shortening from Uranium and Coal d
Fuel Cycles
B-73 Monitoring for Excessive Vibration Inside the Reactor e
Pressure Vessel
C-1 Assurance of Continuous Long Term Capability of Hermetic g See DCD subsection
Seals on Instrumentation and Electrical Equipment 1.9.4, item C-1
C-2 Study of Containment Depressurization by Inadvertent Spray c
Operation to Determine Adequacy of Containment External
Design Pressure

Tier 2 Material 1.9-143 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 26 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
C-3 Insulation Usage Within Containment e
C-4 Statistical Methods for ECCS Analysis d See DCD subsection
1.9.4, item C-4
C-5 Decay Heat Update d See DCD subsection
1.9.4, item C-5
C-6 LOCA Heat Sources d See DCD subsection
1.9.4, item C-6
C-7 PWR System Piping c
C-8 Main Steam Line Leakage Control Systems b
C-9 RHR Heat Exchanger Tube Failures a
C-10 Effective Operation of Containment Sprays in a LOCA g See DCD subsection
1.9.4, item C-10
C-11 Assessment of Failure and Reliability of Pumps and Valves c
C-12 Primary System Vibration Assessment c
C-13 Non-Random Failures e
C-14 Storm Surge Model for Coastal Sites a
C-15 NUREG Report for Liquids Tank Failure Analysis a
C-16 Assessment of Agricultural Land in Relation to Power Plant a
Siting and Cooling System Selection
C-17 Interim Acceptance Criteria for Solidification Agents for g See DCD subsection
Radioactive Solid Wastes 1.9.4, item C-17
D-1 Advisability of a Seismic Scram a
D-2 Emergency Core Cooling System Capability for Future Plants a
D-3 Control Rod Drop Accident c

New Generic Issues

1. Failures in Air-Monitoring, Air-Cleaning, and Ventilating a
Systems
2. Failure of Protective Devices on Essential Equipment a

Tier 2 Material 1.9-144 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 27 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
3. Set Point Drift in Instrumentation c
4. End-of-Life and Maintenance Criteria c
5. Design Check and Audit of Balance-of-Plant Equipment e
6. Separation of Control Rod from Its Drive and BWR High Rod c
Worth Events
7. Failures Due to Flow-Induced Vibrations a
8. Inadvertent Actuation of Safety Injection in PWRs e
9. Reevaluation of Reactor Coolant Pump Trip Criteria e
10. Surveillance and Maintenance of TIP Isolation Valves and a
Squib Charges
11. Turbine Disc Cracking e
12. BWR Jet Pump Integrity b
13. Small Break LOCA from Extended Overheating of Pressurizer a
Heaters
14. PWR Pipe Cracks c, j See DCD subsection
[Link].3, item 14
15. Radiation Effects on Reactor Vessel Supports c See DCD subsection
1.9.4, item 15
16. BWR Main Steam Isolation Valve Leakage Control Systems e
17. Loss of Offsite Power Subsequent to LOCA a
18. Steam Line Break with Consequential Small LOCA e
19. Safety Implications of Nonsafety Instrument and Control e
Power Supply Bus
20. Effects of Electromagnetic Pulse on Nuclear Power Plants c
21. Vibration Qualification of Equipment a
22. Inadvertent Boron Dilution Events c, j See DCD subsection
[Link].3, item 22
23. Reactor Coolant Pump Seal Failures c See DCD subsection
1.9.4, item 23

Tier 2 Material 1.9-145 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 28 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
24. Automatic Emergency Core Cooling System Switch to a, j See DCD subsection
Recirculation [Link].3, item 24
25. Automatic Air Header Dump on BWR Scram System b
26. Diesel Generator Loading Problems Related to SIS Reset on e
Loss of Offsite Power
27. Manual vs. Automated Actions e
28. Pressurized Thermal Shock e
29. Bolting Degradation or Failure in Nuclear Power Plants c See DCD subsection
1.9.4, item 29
30. Potential Generator Missiles - Generator Rotor Retaining a
Rings
31. Natural Circulation Cooldown e
32. Flow Blockage in Essential Equipment Caused by Corbicula e
33. Correcting Atmospheric Dump Valve Opening Upon Loss of e
Integrated Control System Power
34. RCS Leak a
35. Degradation of Internal Appurtenances in LWRs a
36. Loss of Service Water c
37. Steam Generator Overfill and Combined Primary and e
Secondary Blowdown
38. Potential Recirculation System Failure as a Consequence of a
Injection of Containment Paint Flakes or Other Fine Debris
39. Potential for Unacceptable Interaction Between the CRD e
System and Non-Essential Control Air System
40. Safety Concerns Associated with Pipe Breaks in the BWR b
Scram System
41. BWR Scram Discharge Volume Systems b
42. Combination Primary/Secondary System LOCA e

Tier 2 Material 1.9-146 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 29 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
43. Reliability of Air Systems f, j See DCD subsection
[Link].3, item 43
44. Failure of Saltwater Cooling System e
45. Inoperability of Instrumentation Due to Extreme Cold g See DCD subsection
Weather 1.9.4, item 45
46. Loss of 125 Volt DC Bus e
47. Loss of Off-Site Power c
48. LCO for Class e Vital Instrument Buses in Operating Reactors e
49. Interlocks and LCOs for Redundant Class e Tie Breakers e
50. Reactor Vessel Level Instrumentation in BWRs c
51. Proposed Requirements for Improving the Reliability of Open g See DCD subsection
Cycle Service Water Systems 1.9.4, item 51
52. SSW Flow Blockage by Blue Mussels e
53. Consequences of a Postulated Flow Blockage Incident in a a
BWR
54. Valve Operator-Related Events Occurring During 1978, 1979, e
and 1980
55. Failure of Class e Safety-Related Switchgear Circuit Breakers a
to Close on Demand
56. Abnormal Transient Operating Guidelines as Applied to a e
Steam Generator Overfill Event
57. Effects of Fire Protection System Actuation c See DCD subsection
1.9.4, item 57
58. Inadvertent Containment Flooding a
59. Technical Specification Requirements for Plant Shutdown d
when Equipment for Safe Shutdown is Degraded or
Inoperable
60. Lamellar Tearing of Reactor Systems Structural Supports e
61. SRV Line Break Inside the BWR Wetwell Airspace of Mark I c
and II Containments

Tier 2 Material 1.9-147 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 30 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
62. Reactor Systems Bolting Applications e
63. Use of Equipment Not Classified as Essential to Safety in a
BWR Transient Analysis
64. Identification of Protection System Instrument Sensing Lines c
65. Probability of Core-Melt Due to Component Cooling Water e
System Failures
66. Steam Generator Requirements c
67.2.1 Integrity of Steam Generator Tube Sleeves d
67.3.1 Steam Generator Overfill e
67.3.2 Pressurized Thermal Shock e
67.3.3 Improved Accident Monitoring e, j See DCD subsection
[Link].3, item
67.3.3
67.3.4 Reactor Vessel Inventory Measurements e
67.4.1 RCP Trip e
67.4.2 Control Room Design Review e
67.4.3 Emergency Operating Procedures e
67.5.1 Reassessment of SGTR Design Basis d
67.5.2 Reevaluation of SGTR Design Basis d
67.5.3 Secondary System Isolation a
67.6.0 Organizational Responses e
67.7.0 Improved Eddy Current Tests e
67.8.0 Denting Criteria e
67.9.0 Reactor Coolant System Pressure Control e
67.10.0 Supplement Tube Inspections d
68. Postulated Loss of Auxiliary Feedwater System Resulting e
from Turbine-Driven Auxiliary Feedwater Pumps Steam
Supply Line Rupture

Tier 2 Material 1.9-148 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 31 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
69. Make-up Nozzle Cracking in B&W Plants c
70. PORV and Block Valve Reliability g See DCD subsection
1.9.3, item (1)(iv)
71. Failure of Resin Demineralizer Systems and Their Effects on a
Nuclear Power Plant Safety
72. Control Rod Drive Guide Tube Support Pin Failures a
73. Detached Thermal Sleeves a, j See DCD subsection
[Link].3, item 73
74. Reactor Coolant Activity Limits for Operating Reactors a
75. Generic Implications of ATWS Events at the Salem Nuclear g, j See DCD subsection
Plant [Link].3, item 75
76. Instrumentation and Control Power Interactions a
77. Flooding of Safety Equipment Compartments by Back-flow e
Through Floor Drains
78. Monitoring of Fatigue Transient Limits for Reactor Coolant c
System
79. Unanalyzed Reactor Vessel Thermal Stress During Natural c See DCD subsection
Circulation Cooldown [Link].3, item 79
80. Pipe Break Effects on Control Rod Drive Hydraulic Lines in a
the Drywells of BWR Mark I and II Containments
81. Impact of Locked Doors and Barriers on Plant and Personnel a
Safety
82. Beyond Design Basis Accidents in Spent Fuel Pools c, j See DCD subsection
[Link].3, item 82
83. Control Room Habitability c See DCD subsection
[Link].3, item 83
84. CE PORVs c
85. Reliability of Vacuum Breakers Connected to Steam a
Discharge Lines Inside BWR Containments
86. Long Range Plan for Dealing with Stress Corrosion Cracking b
in BWR Piping

Tier 2 Material 1.9-149 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 32 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
87. Failure of HPCI Steam Line Without Isolation g See DCD subsection
1.9.4, item 87
88. Earthquakes and Emergency Planning c
89. Stiff Pipe Clamps h (Medium)
90. Technical Specifications for Anticipatory Trips a
91. Main Crankshaft Failures in Transamerica DeLaval c
Emergency Diesel Generators
92. Fuel Crumbling During LOCA a
93. Steam Binding of Auxiliary Feedwater Pumps g See DCD subsection
1.9.4, item 93
94. Additional Low Temperature Overpressure Protection for g See DCD subsection
Light Water Reactors 1.9.4, item 94
95. Loss of Effective Volume for Containment Recirculation c
Spray
96. RHR Suction Valve Testing e
97. PWR Reactor Cavity Uncontrolled Exposures e
98. CRD Accumulator Check Valve Leakage a
99. RCS/RHR Suction Line Valve Interlock on PWRs f
100. OTSG Level b
101. BWR Water Level Redundancy c
102. Human Error in Events Involving Wrong Unit or Wrong Train c
103. Design for Probable Maximum Precipitation g See DCD subsection
1.9.4, item 103
104. Reduction of Boron Dilution Requirements a
105. Interfacing Systems LOCA at BWRs c See DCD subsection
1.9.4, item 105
106. Piping and Use of Highly Combustible Gases in Vital Areas c See DCD subsection
1.9.4, item 106
107. Main Transformer Failures a

Tier 2 Material 1.9-150 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 33 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
108. BWR Suppression Pool Temperature Limits a
109. Reactor Vessel Closure Failure a
110. Equipment Protective Devices on Engineered Safety Features a
111. Stress Corrosion Cracking of Pressure Boundary Ferritic d
Steels in Selected Environments
112. Westinghouse RPS Surveillance Frequencies and Out-of- d
Service Times
113. Dynamic Qualification Testing of Large Bore Hydraulic c See DCD subsection
Snubbers 1.9.4, item 113
114. Seismic-Induced Relay Chatter e
115. Enhancement of the Reliability of Westinghouse Solid State c
Protection System
116. Accident Management a
117. Allowable Time for Diverse Simultaneous Equipment Outages a
118. Tendon Anchorage Failure f
119.1 Piping Rupture Requirements and Decoupling of Seismic and d
LOCA Loads
119.2 Piping Damping Values a
119.3 Decoupling the OBE from the SSE d
119.4 BWR Piping Materials d
119.5 Leak Detection Requirements d
120. On-Line Testability of Protection Systems c, j See DCD subsection
[Link].3, item 120
121. Hydrogen Control for Large, Dry PWR Containments c See DCD subsection
1.9.4, item 121
122.1.a Failure of Isolation Valves in Closed Position e
122.1.b Recovery of Auxiliary Feedwater e
122.1.c Interruption of Auxiliary Feedwater Flow e

Tier 2 Material 1.9-151 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 34 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
122.2 Initiating Feed-and-Bleed c
122.3 Physical Security System Constraints a
123. Deficiencies in the Regulations Governing DBA and a
Single-Failure Criteria Suggested by the Davis-Besse Event of
June 9, 1985
124. Auxiliary Feedwater System Reliability g See DCD subsection
1.9.4, item 124
125.I.1 Availability of the STA a
125.I.2.a Need for a Test Program to Establish Reliability of the PORV e
125.I.2.b Need for PORV Surveillance Tests to Confirm Operational e
Readiness
125.I.2.c Need for Additional Protection Against PORV Failure a
125.I.2.d Capability of the PORV to Support Feed-and-Bleed e
125.I.3 SPDS Availability c
125.I.4 Plant-Specific Simulator a
125.I.5 Safety Systems Tested in All Conditions Required by Design a
Basis Analysis
125.I.6 Valve Torque Limit and Bypass Switch Settings a
125.I.7.a Recover Failed Equipment a
125.I.7.b Realistic Hands-On Training a
125.I.8 Procedures and Staffing for Reporting to NRC Emergency a
Response Center
[Link].1.a Two-Train AFW unavailability a
[Link].1.b Review Existing AFW Systems for Single Failure e
[Link].1.c NUREG-0737 Reliability Improvements a
[Link].1.d AFW/Steam and Feedwater Rupture Control System/ICS a
Interactions in B&W Plants
[Link].2 Adequacy of Existing Maintenance Requirements for a
Safety-Related Systems

Tier 2 Material 1.9-152 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 35 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
[Link].3 Review Steam/Feedline Break Mitigation Systems for Single a
Failure
[Link].4 Thermal Stress of OTSG Components a
[Link].5 Thermal-Hydraulic Effects of Loss and Restoration of a
Feedwater on Primary System Components
[Link].6 Reexamine PRA-Based Estimates of the Likelihood of a a
Severe Core Damage Accident Based on Loss of All
Feedwater
[Link].7 Reevaluate Provisions to Automatically Isolate Feedwater c
from Steam Generator During a Line Break
[Link].8 Reassess Criteria for Feed-and-Bleed Initiation a
[Link].9 Enhanced Feed-and-Bleed Capability a
[Link].10 Hierarchy of Impromptu Operator Actions a
[Link].11 Recovery of Main Feedwater as Alternative to AFW a
[Link].12 Adequacy of Training Regarding PORV Operation a
[Link].13 Operator Job Aids a
[Link].14 Remote Operation of Equipment Which Must Now Be a
Operated Locally
126. Reliability of PWR Main Steam Safety Valves d
127. Testing and Maintenance of Manual Valves in Safety-Related a
Systems
128. Electrical Power Reliability h (High) See DCD subsection
1.9.4, item 128
129. Valve Interlocks to Prevent Vessel Drainage During Shutdown a
Cooling
130. Essential Service Water Pump Failures at Multiplant Sites f See DCD subsection
1.9.4, item 130
131. Potential Seismic Interaction Involving the Movable In-Core e
Flux Mapping System in Westinghouse Plants
132. RHR Pumps Inside Containment a

Tier 2 Material 1.9-153 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 36 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
133. Update Policy Statement on Nuclear Plant Staff Working d
Hours
134. Rule on Degree and Experience Requirements c
135. Steam Generator and Steam Line Overfill c See DCD subsection
1.9.4, item 135
136. Storage and Use of Large Quantities of Cryogenic d
Combustibles On Site
137. Refueling Cavity Seal Failure a
138. Deinerting Upon Discovery of RCS Leakage a
139. Thinning of Carbon Steel Piping in LWRs d
140. Fission Product Removal Systems a
141. LBLOCA With Consequential SGTR a
142. Leakage Through Electrical Isolators in Instrumentation c See DCD subsection
Circuits 1.9.4, item 142
143. Availability of Chilled Water Systems c, j See DCD subsection
[Link].3, item 143
144. Scram Without a Turbine/Generator Trip a
145. Actions to Reduce Common Cause Failures c
146. Support Flexibility of Equipment and Components d
147. Fire-Induced Alternate Shutdown Control Room Panel d
Interactions
148. Smoke Control and Manual Fire-Fighting Effectiveness d
149. Adequacy of Fire Barriers a
150. Overpressurization of Containment Penetrations a
151. Reliability of Recirculation Pump Trip During an ATWS c
152. Design Basis for Valves That Might Be Subjected to a
Significant Blowdown Loads
153. Loss of Essential Service Water in LWRs c, j See DCD subsection
[Link].3, item 153

Tier 2 Material 1.9-154 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 37 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
154. Adequacy of Emergency and Essential Lighting a
155.1 More Realistic Source Term Assumptions g
155.2 Establish Licensing Requirements For Non-Operating d
Facilities
155.3 Improve Design Requirements For Nuclear Facilities a
155.4 Improve Criticality Calculations a
155.5 More Realistic Severe Reactor Accident Scenario a
155.6 Improve Decontamination Regulations a
155.7 Improve Decommissioning Regulations a
156 Systematic Evaluation Program f
157 Containment Performance c
158 Performance Of Safety-Related Power-Operated Valves Under c
Design Basis Conditions
159 Qualification Of Safety-Related Pumps While Running On a
Minimum Flow
160 Spurious Actuations Of Instrumentation Upon Restoration Of a
Power
161 Use Of Non-Safety-Related Power Supplies In Safety-Related a
Circuits
162 Inadequate Technical Specifications For Shared Systems At a
Multiplant Sites When One Unit Is Shut Down
163 Multiple Steam Generator Tube Leakage h See DCD subsection
(Medium) [Link].3, item 163
164 Neutron Fluence In Reactor Vessel a
165 Spring-Actuated Safety And Relief Valve Reliability c
166 Adequacy Of Fatigue Life Of Metal Components c
167 Hydrogen Storage Facility Separation a
168 Environmental Qualification Of Electrical Equipment f See DCD subsection
[Link].3, item 168

Tier 2 Material 1.9-155 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 38 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
169 BWR MSIV Common Mode Failure Due To Loss Of a
Accumulator Pressure
170 Fuel Damage Criteria For High Burnup Fuel c
171 ESF Failure From LOOP Subsequent To A LOCA c
172 Multiple System Responses Program e
173.A Spent Fuel Storage Pool Operating Facilities c
173.B Spent Fuel Storage Pool Permanently Shutdown Facilities c
174 Fastener Gaging Practices c
175 Nuclear Power Plant Shift Staffing c
176 Loss Of Fill-Oil In Rosemount Transmitters c
177 Vehicle Intrusion At TMI g
178 Effect Of Hurricane Andrew On Turkey Point d
179 Core Performance c
180 Notice Of Enforcement Discretion d
181 Fire Protection d
182 General Electric Extended Power Uprate b
183 Cycle-Specific Parameter Limits In Technical Specifications d
184 Endangered Species d
185 Control of Recriticality following Small-Break LOCA in h See DCD subsection
PWRs (High) [Link].3, item 185
186 Potential Risk and Consequences of Heavy Load Drops a
187 The Potential impact of Postulated Cesium Concentration on a
Equipment Qualification in the Containment Sump in Nuclear
Power Plants.
188 Steam Generator Tube Leaks/Ruptures Concurrent with a
Containment Bypass
189 Susceptibility of Ice Condenser Containments to Early Failure a
from Hydrogen Concentration during a Severe Accident

Tier 2 Material 1.9-156 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 39 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
190 Fatigue Evaluation Of Metal Components For 60-Year Plant c
Life
191 Assessment Of Debris Accumulation On PWR Sump h See DCD
Performance (High) subsections [Link].7
and [Link].3,
item 191
Human Factors Issues
HF1.1 Shift Staffing f
HF1.2 Engineering Expertise on Shift c
HF1.3 Guidance on Limits and Conditions of Shift Work c
HF2.1 Evaluate Industry Training d
HF2.2 Evaluate INPO Accreditation d
HF2.3 Revise SRP Section 13.2 d
HF3.1 Develop Job Knowledge Catalog d
HF3.2 Develop License Examination Handbook d
HF3.3 Develop Criteria for Nuclear Power Plant Simulators e
HF3.4 Examination Requirements e
HF3.5 Develop Computerized Exam System d
HF4.1 Inspection Procedure for Upgraded Emergency Operating c, i
Procedures
HF4.2 Procedures Generation Package Effectiveness Evaluation d
HF4.3 Criteria for Safety-Related Operator Actions e
HF4.4 Guidelines for Upgrading Other Procedures c, j See DCD subsection
[Link].4, item
HF4.4
HF4.5 Application of Automation and Artificial Intelligence e
HF5.1 Local Control Stations c See DCD subsection
1.9.4, item HF5.1
HF5.2 Review Criteria for Human Factors Aspects of Advanced g See DCD subsection
Controls and Instrumentation 1.9.4, item HF5.2

Tier 2 Material 1.9-157 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 40 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
HF5.3 Evaluation of Operational Aid Systems e
HF5.4 Computers and Computer Displays e
HF6.1 Develop Regulatory Position on Management and e
Organization
HF6.2 Regulatory Position on Management and Organization at e
Operating Reactors
HF7.1 Human Error Data Acquisition d
HF7.2 Human Error Data Storage and Retrieval d
HF7.3 Reliability Evaluation Specialist Aids d
HF7.4 Safety Event Analysis Results Applications d
HF8 Maintenance and Surveillance Program c
Chernobyl Issues
CH1.1A Symptom-Based EOPs d
CH1.1B Procedure Violations d
CH1.2A Test, Change, and Experiment Review Guidelines d
CH1.2B NRC Testing Requirements d
CH1.3A Revise Regulatory Guide 1.47 d
CH1.4A Engineered Safety Feature Availability d
CH1.4B Technical Specification Bases d
CH1.4C Low Power and Shutdown d
CH1.5 Operating Staff Attitudes Toward Safety d
CH1.6A Assessment of NRC Requirements on Management d
CH1.7A Accident Management d
CH2.1A Reactivity Transients d
CH2.2 Accidents at Low Power and at Zero Power e
CH2.3A Control Room Habitability e
CH2.3B Contamination Outside Control Room d

Tier 2 Material 1.9-158 Revision 18

1. Introduction and General Description of Plant AP1000 Design Control Document

Table 1.9-2 (Sheet 41 of 41)

LISTING OF UNRESOLVED SAFETY ISSUES AND GENERIC SAFETY ISSUES

Action Plan Applicable
Item/Issue Screening
No. Title Criteria Notes
CH2.3C Smoke Control d
CH2.3D Shared Shutdown Systems d
CH2.4A Firefighting With Radiation Present d
CH3.1A Containment Performance d
CH3.2A Filtered Venting d
CH4.1 Size of the Emergency Planning Zones a
CH4.2 Medical Services a
CH4.3A Ingestion Pathway Protective Measures d
CH4.4A Decontamination d
CH4.4B Relocation d
CH5.1A Mechanical Dispersal in Fission Product Release d
CH5.1B Stripping in Fission Product Release d
CH5.2A Steam Explosions d
CH5.3 Combustible Gas a
CH6.1A The Fort St. Vrain Reactor and the Modular HTGR a
CH6.1B Structural Graphite Experiments d
CH6.2 Assessment d

Notes:
a. Issue has been prioritized as Low, Drop or has not been prioritized.
b. Issue is not an AP1000 design issue. Issue is applicable to GE, B&W, or CE designs only.
c. Issue resolved with no new requirements.
d. Issue is not a design issue (Environmental, Licensing, or Regulatory Impact Issue; or covered in an existing NRC
program).
e. Issue superseded by one or more issues.
f. Issue is not an AP1000 design certification issue. Issue is applicable to current operating plants or is programmatic
in nature.
g. Issue is resolved by establishment of new regulatory requirements and/or guidance.
h. Issue is unresolved pending generic resolution (for example, prioritized as High, Medium, or possible resolution
identified).
i. The AP600 DSER (Draft NUREG-01512) identified this item as not being required to be addressed by
10 CFR 52.47.
j. The AP600 DSER (Draft NUREG-01512) identified this item as required to be discussed.

Tier 2 Material 1.9-159 Revision 18