Stichting Laka

Event Report Forms (ERFs) are filed to the IAEA. Sometimes there are multiple event reports, updating the rating, the event description. Here you only see the latest event report

ERF send date: Mon, 03-08-1998
ERF description: Malfunctions of one of the main steam isolation valve (MSIV) control system had led to two reactor trips during December 97. The fault was traced to a printed circuit board (PCB) controlling on load test functions and a modification to replace the PCB was approved. This was first implemented on a single valve and after a period of operation a separate modification to extend the modification to the other 3 MSIVs and the 4 Main Feed Isolation Valves (MFIVs) was approved. The modification had been implemented and tested on all 4 MSIVs and 3MFIVs but a fault was noted during testing on the last MFIV. During the fault investigations on this MFIV it was noticed that the implementation of the modification had involved replacing a multifunction switch which also carried signal lines from the protection system. The replacement multifunction switch had been rewired using a circuit diagram that contained an error. This error inhibited some of the protection signals. Although all valves would have operated if called upon and, in the case of the MSIV, would have been fully functional (albeit with a loss of redundancy) it was decided to declare all valves to be "inoperable" in terms of Technical Specifications' requirements. A six hour shutdown action statement was entered whilst the wiring fault was being rectified. Within 3 hours of discovery the 6 hour action statement was exited and replaced by a 31 day action statement during which time the "original" fault on MFIV "D" was corrected.
Basis for rating:
There were no on- or off-site radiological consequences of the event so the rating proceeds by considering the degradation of defence in depth criterion.
Initiator:
There is no actual initiator so the rating proceeds using table 1 of section III-2.4 of the INES Users' Manual.
The main safety function of these valves is to prevent or mitigate cooldown transients in the primary circuit resulting from secondary circuit de-pressurisation. The MFIVs are less critical because their function is effectively duplicated by the main feed water regulator valves and their associated isolation valves. The MSIVs are the main concern. They are demanded to close on a low steamline pressure signal which can result from a variety of events, notably steam pipe failure, opening of turbine bypass valves and opening of steam generator relief valves.
Initiator frequency:
The number and probability of the possible initiators means the initiating frequency should be taken as "expected" bearing in mind that his means "expected to occur one or more times in the lifetime of the plant".
Safety function availability:
There are 4 Main Steam Isolating Valves (MSIVs) and 4 Main Feed Isolating Valves (MFIVs) one of each associated with the steam and feed lines of each Steam Generator (SG). The closure of these valves, which isolated the SG, is achieved by the operation of close solenoids which are activated by signals from either or both of the two diverse reactor safety systems, the Primary (PPS) and the Secondary Protection System (SPS). The MSIVs each have two pairs of closing solenoids one solenoid is actuated by the PPS and the other by SPS. This arrangement is duplicated for each valve. In this event the power to one pair of solenoids on each valve was isolated from the protection systems and would not have operated. The other pair of solenoids was unaffected and so the valves would still have closed on demand but with reduced reliability because of the reduction in redundancy. The MFIVs each have three solenoids - two triggered by the PPS (fast close and slow close) and the other triggered by the SPS as a slow close. In this event the PPS functions were inhibited on all four valves. However the SPS close function and all other PPS Engineered Safety Function Actuation System (ESFAS) signals to the rest of the main feed system were not affected. Overall the safety function availability was lower than "within operational limits" because of the reduced redundancy. The availability was more than merely "adequate" because the MSIVs were still capable of being actuated by the PPS and SPS is, fully functional, and of being remotely closed from the Main Control Room. In addition, there are other valves available in both the feed and steam pipework to provide isolation in the most probable scenarios and other systems were available which would have controlled the reactivity even if these valves had failed to close (e.g. Emergency Boration System).
Basic Rating:
From Table 1 of the INES Users' Manual the basic rating of the event is 1 or 2 but consideration of the extent of the remaining protection in accordance with the text of section III-2.4.1 shows the lower rating to be appropriate. Therefore the basic rating of this event is 1.
Additional factors:
The scheduled surveillance test interval for these valves is "refuelling", i.e. 18 months to 2 years. The maximum period of operation with degraded protection in this event is 33 days for the first valve to be modified. This difference is not sufficient to lead to down-rating of the event but indicates that the inoperability is not outside the safety case expectations. The common cause factor is taken into account in determining the basic rating, so is not pursued as an additional factor. Procedural inadequacies existed in the form of errors in the wiring diagrams, however this should not lead to uprating because errors at this level of detail can occur and would normally be identified during installation and testing. The final factor to consider is Safety Culture. On the positive side all personnel involved followed the procedures and instructions throughout and this included additional off-site scrutiny not strictly required by the procedures. The event investigation found no evidence of any intent to "shortcut" the proper process. On the negative side the incorrect categorization of the modification went unchallenged through several reviewers and the arrangements for implementation of the modification were inadequate in terms of the scope of testing.
In summary, the two behavioral aspects that might justify uprating this incident on safety culture grounds are: a) the absence of a conservative approach towards a plant modification when faced with uncertain conditions; and b) the apparent absence of a rigorous questioning attitude during review of the categorization of the modification.
Final rating:
the basic rating is level 1 but conservative consideration of the additional factors leads to uprating by one level. The decision whether to upgrade the event is a close one. Section III-2.7 of the INES Users' Manual advises that in this case the judgement should be based on comparison with the overall level definitions.
The final rating is therefore: Level 2.
ERF rating date: 30-07-1998
ERF contact person: Andrew Coatsworth
ERF address: Bootle, Merseyside,, United Kingdom
ERF affiliation: NII, St. Peters House

This map shows a selection of reports from nuclear and radiological incidents stored in the IAEA NEWS-database.
Locations are estimates. Contact us if a location is wrong.
The map shows a maximum of 100 incidents. If hundred incidents or more are within the map, the yellow perimeter indicates from where events are excluded. Drag or zoom the map to explore different areas.

Power Reactor Research Reactor Radwaste Facility Enrichment Facility Radiation Source Irradiation/Accelerator Facility Transportation

Fuel Fabrication Fuel Reprocessing Research Facility Mining/Milling Radioisotope Processing/Handling Facility Other