Development of EQ

Advent Unpublished White Paper (2/99) by DA Horvath, PE

Evolution of the Nuclear Industry's Environmental Qualification Program

1. Environmental Qualification Background and Brief Description

Environmental qualification is evidence in the form of auditable documentation demonstrating that equipment will be capable of performing its required safety function at any time during its installed life under specified service conditions (including the harsh environment effects resulting from a design basis event).

Nuclear plant designs typically entail use of independent redundant trains of safety-related systems in order to assure safety function fulfillment in the event of a single active failure affecting one of the trains [e.g., IEEE 279 which exists as a regulatory requirement but no longer as a current industry standard. IEEE 279 has been superseded by IEEE 379 and 603]. The purpose of EQ is to assure that equipment can perform its safety function(s) with no failure mechanism that could lead to common cause failures or loss of both trains from postulated service conditions. Therefore, even if both trains of a safety-related system are exposed to an accident-produced harsh environment, EQ helps to assure operability of both trains; if a single active failure affects one train, EQ helps to assure operability of the remaining train. The purpose of EQ is not to prevent all failures and, in particular, not to prevent random postulated single failures. The primary role of environmental qualification is to provide reasonable assurance that environmental- and age-related common failure modes will not occur during performance of safety function(s) under postulated service conditions. [These statements are consistent with early and present versions of IEEE 323 as well as IEEE 627.]

Qualification, in general, is demonstration that equipment meets design requirements (including operability). Therefore, seismic qualification would provide evidence of operability during a design seismic event. The term equipment qualification is often used to designate that a piece of equipment is both environmentally qualified and seismically qualified. [Note: In general, the NRC tends to use the term environmental qualification and IEEE standards tend to use the broader term equipment qualification and the synonymous term design qualification.]

As discussed and clarified below, the terms Class 1E and EQ are not interchangeable and neither associated group of equipment is a subset of the other. As defined in the IEEE standards, Class 1E equipment or systems are those electrical components which are essential for achieving emergency reactor shutdown, containment isolation, reactor core cooling, containment and reactor heat removal, or prevention of significant release of radioactive material to the environment.

2. Brief EQ History

Figure 1 is a timeline of EQ Program events over the past 30 years. EQ Program requirements in the nuclear industry have evolved in several large and small steps, in response to many types and degrees of regulatory activities, and along more than one path and dimension. However, most of these events and effects can be grouped into five major chronological phases discussed below. These are:

assuring operability during accident environmental conditions
addressing aging and margin
action on intervenor petitions to strengthen EQ requirements (initiation of formal utility programs)
EQ Rule (10 CFR 50.49) and follow-up activities
utility EQ Program refinement for long term maintenance

FIGURE 1 EQ PROGRAM DEVELOPMENT TIMELINE

a. Operability During Accident Environmental Conditions

Early efforts on EQ [e.g., reactor vendor test reports on essential motors and process instrumentation testing] were specifically directed at assuring operability of equipment essential for accident mitigation with recognition that such equipment may be subjected to elevated temperature, pressure, and humidity/steam conditions as a result of the accident. Later, a concern on operability during and after exposure to chemical spray and integrated radiation dose was also recognized. [Sections 5.3.1 and 5.3.2 of the NRC Division of Operating Reactors (DOR) Guidelines, and as examples, later reactor vendor reports on environmental testing of engineered safety feature-related equipment] Evolution of requirements to assure accident operability developed along two paths (industry standards and regulator driven).

In a fashion similar to many other industries, the commercial nuclear industry considers itself to be self-regulating. This self-regulation takes the form of industry produced codes, standards and guides which are prepared by senior level professionals and subject to consensus vote by the applicable professional society (for example, the Institute of Electrical and Electronics Engineers or IEEE). Standards are used for safety and to protect users and the environment.

In the 1960s, the industry began debating and converging on agreement for the need for addressing EQ in one or more industry standards. The result was the establishment of a requirement for EQ in IEEE Standard 279-1968 and later an interim use standard devoted entirely to EQ requirements (IEEE 323-1971).

In parallel with industry debates and discussions on EQ, the Atomic Energy Commission (predecessor of the Nuclear Regulatory Commission), was preparing its draft and later final general design criteria (GDC) for eventual incorporation into the Code of Federal Regulations Part 50, Appendix A. These general design criteria identified the need to assure operability of safety related equipment for accident mitigation.

Also in parallel, at least two US reactor vendors, were incorporating accident environment operability requirements into plant design criteria and/or equipment procurement specifications.

During the late 1960s and early 1970s, EQ requirements were met by performing tests of equipment prototypes or other samples in test chambers where the environmental conditions could be raised and lowered accordingly. As discussed above, in many of the early cases, the test specimens were subjected to only elevated temperatures and pressures. Later, it was recognized that radiation dose and chemical spray were also environmental parameters of concern. This recognition caused the earlier EQ test programs to be considered incomplete and resulted in cases where the radiation dose and chemical spray concerns were addressed by tests of separate equipment samples or by analyses. Such approaches were later considered inconclusive.

b. Addressing Aging and Margin

The industry had long awaited the issue of IEEE 323-1971 even though it was labeled by IEEE as an interim use standard. Many equipment vendors had orders or pending orders with an EQ requirement specified or expected. The urgency to provide EQ documentation as part of product delivery was acute. It was well known that the lack of a standard had already caused prior incomplete or inadequate EQ tests to be performed and consequently much money was wasted. A typical EQ test program could cost the test sponsor fifty to two hundred thousand dollars per equipment type to complete. The release of this standard provided the "perceived promise" of a consistent pre-approved industry accepted EQ Program test approach. Therefore, many equipment manufacturers eagerly adopted the use of IEEE 323-1971, not only for use in testing but also to tout in their marketing literature. They then aggressively proceeded to initiate costly EQ testing programs.

Unfortunately, even as IEEE 323-1971 was going to press, it was recognized that it was inadequate in at least two areas: aging and margin. [p. 6 of the NRC's Memorandum and Order dated May 23, 1980] Aging could cause a previously unforeseen EQ-related common cause failure as follows. Aging leads to degradation. If two redundant trains of safety-related equipment are aged in a similar fashion and at similar rates, then both trains of equipment could be near end of operable life when subjected to the severe environment "shock" of an accident at a time when called upon to perform an essential safety function. Therefore, it was argued that if an EQ Program tested a brand new piece of equipment and the equipment passed, no assurance existed that that equipment and its opposite train counterpart if subjected to a sufficient amount of aging degradation would be able to perform the required accident mitigating safety function. [surmised from EPRI NP-1558 A Review of Equipment Aging Theory and Technology September 1980 and Advent staff experience]

Also, IEEE 323-1971 did not require that a test facility impose margin on the environmental parameters calculated to be representative of a design basis accident. Without margin, it was argued that if a testing facility tests an equipment sample at the same value as the analyzed (predicted or expected) environmental parameters, test instrument calibration error and production variations could cause the test results to be non-conservative.

Many members of the IEEE Working Group responsible for IEEE 323 were aware of the new wave of testing being conducted using IEEE 323-1971 and were anxious to correct the aging and margin deficiencies as well as other less significant shortcomings in the standard. The result was that a newer version (IEEE 323-1974) was issued within three years. Typical standard revision cycles are five years or more. IEEE 323-1974 corrected the earlier aging and margin deficiencies as well as provided additional guidance and flexibility. IEEE 323 also imposed EQ Program requirements on all Class 1E equipment, not just those items of equipment subjected to the harsh environment effects of an accident.

Many nuclear equipment manufacturers objected to the release of IEEE 323-1974. After expending significant amounts of money testing to IEEE 323-1971, they were understandably wary of undertaking an even more expensive test program. [author's personal observation.]

The result was that in the 1970s, up to three EQ test program variations (different in scope and degree) existed at each of the nuclear plant facilities including PBNP. These were:

Early EQ Programs (predating IEEE 323 guidance programs and often lacking radiation and spray as well as aging and margin qualification) undertaken by the plant's reactor vendor
IEEE 323-1971 (which typically lacked aging, margin, and other details)
IEEE 323-1974

c. Action On Intervenor Petitions to Strengthen EQ Requirements and Initiation of Formal Utility EQ Programs

Amidst (and possibly in response to) the turmoil of the changing industry self-imposed requirements, a Nuclear plant intervenor organization called The Union of Concerned Scientists (UCS) petitioned the NRC on two occasions (on November 4, 1977 and May 2, 1978) for emergency and remedial relief in the form of nuclear plant shutdowns until it could be shown that EQ concerns were adequately addressed.

The NRC responded with two Orders (on April 13, 1978 and May 23, 1980) to nuclear plant licensees. In these orders the NRC acknowledged that the UCS had highlighted "an area of regulatory review which had not been adequately addressed," and concluded that mass plant shutdowns were not required, but directed its staff to take actions to improve licensee EQ Programs.

The NRC staff consequently issued several regulatory documents of increasing scope, priority, and threat of enforcement action. In these documents, the NRC directed and provided criteria (NRC DOR Guidelines and NUREG 0588) for comprehensive and regimented reviews of EQ Programs as well as detailed individual equipment qualification evaluations. The NRC also required that summary results be submitted for regulatory review and that licensees prepare justifications for continued operation (JCO) for any uncovered EQ Program deficiencies. The result was that the first formal EQ Programs were initially developed.

d. 10 CFR 50.49 (EQ Rule) and Follow-up Activities

To assure that continuing adequate attention was provided to licensee EQ Programs, the NRC undertook rulemaking for a change to the Code of Federal Regulations. On January 21, 1983, 10 CFR 50.49 was issued mandating requirements for an EQ Program. This rule had several major effects including:

grandfathering previous EQ efforts completed prior to DOR Guidelines and NUREG 0588
requiring an upgrade to the rule's requirements for replacement equipment
expanding accident scope from just pipe breaks to all design basis events producing a harsh environment
defining a post-accident mild environment
expanding equipment scope from just safety-related to include post-accident monitoring instruments and certain non-safety-related equipment with adverse failure modes
specifying additional considerations for aging and synergistic effects
establishing a final deadline for completion of qualification efforts

In 1984, the NRC prepared SERs for each plant's EQ Program based on submittals received from licensees. Each SER committed to follow on-site inspections for EQ Program compliance. In 1985, the NRC undertook five pilot licensee EQ Program inspections (one in each of the then five regions) as part of an effort to develop consistent review guidelines. Within a few years after the EQ Rule deadline for qualification, all licensees received a site inspection of their EQ Programs. These inspections included not only numerous reviews of the paperwork auditability trail used to establish qualification of various equipment types, but also walk-down inspections to confirm adequacy of the equipment installation's EQ configuration. (For example, EQ Pilot Inspections of Calvert Cliffs, Crystal River, Zion, Fort Calhoun, and Rancho Seco).

e. Refinement of EQ Programs for Long Term Maintenance

After the EQ Rule's final deadline (November 30, 1985) for meeting EQ requirements had passed, the NRC continued to take an active interest in EQ through the monitoring of EQ problems identified by licensees through LERs and other processes. Many EQ related NRC Information Notices were released in subsequent years to notify nuclear utilities of EQ problems identified elsewhere which might prove more generic in nature. Sometimes the problems resulted from new testing conducted and other times from a closer look or independent review performed on existing documentation.

Utility EQ Programs had been developed quickly because of the need to meet what were found to be aggressive schedule requirements. Often conservative decisions were made because they were quicker and required less evaluation. As a result, the decisions were often later found to not be cost-effective.

Therefore, as a result of reviewing NRC released EQ problems and lessons learned at other plants and a desire to improve both cost effectiveness and long term usability, many utilities performed evaluations and undertook efforts to improve their EQ Programs. Examples of improvement areas include:

EQ equipment list and associated basis (what equipment should really be on the list?)
EQ equipment maintenance requirements including maintenance intervals (what maintenance is really necessary?)
EQ equipment obsolescence problems (what parts will be needed to maintain an EQ configuration but are no longer available?)
normal service condition temperatures (what is the normal daily and seasonal temperature variation as compared to the design normal maximum temperature which may have been used in the qualified life evaluations?)
EQ file compilations (in what way can this EQ package be compiled to facilitate future reviews, references by others, and plant modifications?)
accident environmental conditions including effects of steam flooding (what are more reasonable expected accident environment conditions as a function of plant location?)

More recently the NRC has identified EQ as an unresolved safety issue not only for components (such as cables for long term license renewal), but also because of reluctance shown by many utilities to upgrade their DOR Guideline qualified equipment to the newer requirements of 10 CFR 50.49. Questions within IEEE standards committees and at the NRC still exist on whether existing approaches to aging and qualified life are acceptable. Because EQ continues to be an important regulatory issue, a knowledge and understanding of the bases behind the many EQ Program decisions which have been made continue to be important.

Please contact us if you are interested in other ways that Advent can provide additional information or training on the complex and multidimensional aspects of Environmental Qualification.