Page images
PDF
EPUB
[ocr errors]

The May 1984 Memorandum claims that there is a "generally accepted view" that cold shutdown has to be achieved within 72 hours after a fire, and that the staff's literal reading, without any stated safety basis, divides reactors into two classes: a class of those which must be able to achieve cold shutdown within 72 hours, and a class of those which need only be able to repair cold shutdown equipment within 72 hours. May 1984 Memorandum at 3-4.

The staff answers first ttiat it knows of no "generally accepted view" that cold shutdown has to be achieved within 72 hours. Indeed, the staff points out, it is recognized that the more stringent rule that alternate equipment be able to achieve cold shutdown within 72 hours has not sensibly applied in some areas of some plants, and that exemptions have therefore been granted in those instances. SECY-85-306, Enclosure 8, at 2-3.

The staff further argues that Appendix R itself makes the division to which the Memorandum objects, not, however (the staff adds by way of clarification), between plants, but between areas within the same plant, since a plant with alternate shutdown systems does not necessarily have an alternate system for every normal system in the plant. Id., at 3.

"In any event," the staff says, "there is little, if any, safety distinction to be made between having the capability to achieve cold shutdown within 72 hours and having the capability, at the end of 72 hours, to proceed to cold shutdown." Id.

The distinction between the capability to repair in 72 hours and the capability to achieve cold shutdown in 72 hours is distinctly stated in Appendix R. Section III.L speaks consistently of repairing alternate systems and achieving cold shutdown within 72 hours, while section III.G. speaks consistently of simply repairing normal cold shutdown systems within 72 hours. The May 1984 Memorandum is correct in asserting that the Commission, in the face of industry opposition, retained in the final rule the proposed rule's time limits relating to cold shutdown equipment. However, what the Commission retained was not, as the Memorandum seems to think, a single rule applicable to both normal and alternative systems. The proposed rule's requirement that

Moreover, we are informed that nearly every, if not every, plant to which Appendix R applies has at least one alternate system in some area of the plant.

[ocr errors]

equipment be able to achieve cold shutdown within 72 hours applied only to alternate cold shutdown systems. The proposed rule stated no time requirement applicable to normal cold shutdown systems. See sections III.G. and III.L of the proposed rule, 45 Fed. Reg. at 36089.

Thus, from the start, the Commission apparently intended to distinguish between the fire protection to be given normal cold shutdown systems, and the fire protection to be given alternative systems. Therefore, in reasserting the final form of this distinction, namely the apparently distinct requirements in the final rule, the proposed interpretation does not contradict the Commission's intention in promulgating Appendix R.

Indeed, if one insists that the Commission intended there to be a single requirement applicable to both normal and alternative shutdown systems, then it must be noted that there is good evidence that the Commission intended that single requirement to be the less stringent one that fire protection for cold shutdown systems ensure that they could be repaired within 72 hours. First, as the staff points out, the proposed rule also required that hot shutdown equipment be able to maintain hot shutdown for 72 hours after a fire, and thus acknowledged that cold shutdown equipment might not be available until 72 hours after a fire. See sections III.L.1 and III.L.3 of the proposed rule, 45 Fed. Reg. at 36089.

Second, the final rule contains an analogous requirement whose open-endedness suggests that all the time limits stated for cold shutdown are merely strong suggestions, and that in every case what actually applies is the rule of reason, "Achieve cold shutdown when you can":

If the capability to achieve and maintain cold shutdown will.not be available because of fire damage, the equipment and systems comprising the means to achieve and maintain the hot standby or hot shutdown condition shall be capable of maintaining such conditions until cold shutdown can be achieved.

Appendix R, sec. III.L.4.

Last, the final version of the supposedly more stringent rule, that alternative equipment be able to achieve cold shutdown within 72 hours, is paraphrased thus in a comment accompanying the final rule: "Fire damage to cold shutdown capability is limited to damage that can be repaired within 72 hours to provide a margin in achieving cold shutdown." 45 Fed. Reg. at 76607 (emphasis added).

[ocr errors]

Given the strength of the argument that the Commission intended to promulgate two 72-hour standards, it is not necessary to answer the criticism in the May 1984 Memorandum that the staff's proposed interpretation proffers no safety basis for the distinction between the two standards. See May 1984 Memorandum at 4. The interpretation is not obliged to provide a technical justification for its adherence to standards in effect for over five years.

However, some of the staff's remarks in reply to the Memorandum may have obscured the safety basis for the distinction between the two standards. The staff tries to turn the Memorandum's criticism into a defense of the proposed interpretation by asserting that "there is little, if any, safety distinction to be made" between the two standards. SECY-85-306, Enclosure 8, at 3. The staff here appears to be putting forward a backup argument, which roughly paraphrased, is that "even if it was not the intention of the Commission to promulgate two 72-hour standards, the staff is not now proposing a significantly new rule, for there is little difference between the two 72-hour standards." But if there is little, if any, difference between them, then it seems odd to propose an interpretation the main purpose of which is to assert a difference.

Therefore, rather than have the proposed interpretation appear to be without technical justification, we note briefly what we are given to understand the technical justification to be: there is indeed little safety difference between achieving cold shutdown by the 72-hour mark and starting at the 72-hour mark to go to cold shutdown with eguipment which has been repaired by that time. However, there is a significant safety difference between the level of fire protection given equipment which must be able to achieve cold shutdown within 72 hours and the level of fire protection given eguipment which need only be repaired within 72 hours.

Therefore, Appendix R aims for certain levels of fire protection, not time limits on certain phases of operation. It is the essential aim of Appendix R to require that a system be given fire protection appropriate to its safety functions. Thus the Appendix first establishes a minimum level of fire protection for normal cold shutdown equipment. The level is appropriate because it "provide[s] a margin in achieving cold shutdown conditions." See 45 Fed. Reg. at 76607. However, the Appendix then establishes a higher level of protection for the alternative system, for it is the system of last resort. The levels are, to be sure, expressed in terms of time, but the terms"are not limits on operation; they are, instead, more like the time ratings on

10

fire boundaries, which are measures of the level of fire protection.

C. Fire Damage

We here recommend that the staff's proposed interpretation on fire damage be modified in much the way in which the May 1984 Memorandum would like it to be modified. However, we do not agree with the Memorandum's claim that the interpretation significantly changes anything in Appendix R. Rather we recommend modification because the scope of the phrase "fire damage" in the interpretation could be misunderstood and a related subsection of the Appendix, one which deals with damage by fire suppression, thereby obscured.

Sections III.G.l and 2 of Appendix R require that fire protection assure that particular features of shutdown systems be "free of fire damage." The staff's proposed interpretation assigns a functional meaning to the phrase "free of fire damage:" "that is, the structure, system or component under consideration is capable of performing its intended function during and after the postulated fire, as needed." SECY-85-306, Enclosure 4, at 1-2.

The Memorandum argues that the proposed interpretation does not share the Commission's concern in promulgating Appendix R that shutdown systems not be disabled by fire suppression agents. The Memorandum apparently construes the phrase "fire damage" liberally to mean any fire-related damage, including damage from fire suppression, but is concerned that licensees will construe the phrase more literally to mean only "damage by fire" and conclude that they are under no further obligation once they have shown that the redundant shutdown systems will be free of disabling damage by fire. The Memorandum recommends that the interpretation be modified to explicitly require that the shutdown systems not be disabled by fire suppression agents. May 198 4 Memorandum at 5.

The staff (EDO) agrees that shutdown systems are not to be disabled by fire suppression, and claims that its proposed interpretation intends only to make it clear that the lack of protection against purely cosmetic damage would not justify rejecting a request for an exemption. SECY-85-306 at 8.

The reply could have noted that Appendix R, in section III.G.3, clearly requires consideration of damage from fire suppression systems. The section mandates alternative shutdown systems first where the licensee cannot meet section III.G.2's requirement that protection of redundant trains of hot shutdown systems ensure that at least one of

11

the trains will be free of fire damage, or, second, where these trains may be subject to damage from fire suppression systems. The staff's proposed interpretation does nothing to remove this section, and thus the phrase "fire damage" can be construed literally without relieving licensees of an obligation to protect against damage from fire suppression.

Indeed, unless the phrase is construed literally, part of section III.G.3 will be pointless. If "fire damage" means any fire-related damage, the second part of section III.G.3, the part which requires an alternative system where redundant trains could be damaged by fire suppression systems, is redundant, for that part of section III.G.3 assumes that it is possible to meet section III.G.2's requirement that at least one redundant train of hot shutdown equipment be "free of fire damage" and yet still face a risk of damage from fire suppression systems. (If the requirement in III.G.2 is not met, the first part of section III.G.3 applies.) But if "fire damage" includes any fire-related damage, then the situation assumed by the second part of section III.G.3 could never arise, and there would be no need for that part.

The interpretation's functional definition of fire damage could be read to make the second part of section III.G.3 seem pointless, for the standard is worded generally enough to permit the conclusion that it applies to damage from any fire-related source, including fire suppression systems. Thus, insofar as it purports to be a definition of the phrase "fire damage," it appears to attribute the same generality to the phrase. For the sake of clarity the staff's proposed interpretation might be modified to say that the functional standard of damage applies both to damage by fire and damage by fire suppression, and that the two kinds of damage are discussed in sections III.G.2 and III.G.3, respectively.

We are told that the interpretation is a response to the industry's having asked the staff to say what it meant by "damage by fire." Given this context for the interpretation, it can be argued that there is no need to make the clarifying changes we are recommending. However, as the very existence of the Memorandum's criticism of the interpretation shows, it will be read and seriously weighed by some who are not as aware of the context of the interpretation as some parts of the industry and staff are. Clarification of the interpretation could help prevent further misunderstanding.

« PreviousContinue »