FMEA - Diesel Generator

KAERI/TR-728/96 KR9600263
Failure Mode, Effect and Criticality Analysis

(FMECA) on Mechanical Subsystems of
Diesel Generator at NPP
June 1996
By
Dr. Tae Woon Kim
Dr. Brijendra Singh
Mr. Tae Yong Sung
Mr. Jin Hee Park
Mr. Yoon Hwan Lee
Reliability Analysis, Advanced Research Group

Korea Atomic Energy Research Institute
P.O.Box 105, Yusong, Taejon, 305-600, KOREA
VOL
KAERI/TR-728/96
Failure Mode, Effect and Criticality Analysis

Diesel Generator at NPP
June 1996
By
Dr. Tae Woon Kim
Dr. Brijendra Singh
Mr. Tae Yong Sung
Mr. Jin Hee Park
Mr. Yoon Hwan Lee
Reliability Analysis, Advanced Research Group

P.O. Box 105, Yusong, Taejon, 305-600, KOREA
(Failure Mode. Effect and Criticality Analysis (FMECA) on
Mechanical Subsystems of Diesel Generator at NPP)
:
JL>H ^^ KAERI/TR-728/96
1996.6.
Acknowledgments
Authors are thankful to the members of Advanced Research

Group, Korea Atomic Energy Research Institute, Korea for
their valuable suggestions and discussion. Authors are also
thankful to the following persons for providing us technical
information.
Mr. Sang Min Bae of Nuclear Environment Management
Centre (NEMAC), KAERI.
Mr. Tae Hee Chang, Mr. Jin Bae Song, Mr. Yong San Cho
of Electrical Department, Wolsong Unit I ofKEPCO.
Mr. Byung Doek Cho, Mr. Yong Ki Yoon of Operations
Department, Wolsong Unit 1 ofKEPCO.
Mr. MyungKiKim, Mr. SungLaeRoh, KEPRI.
KAERI/TR-728/96
Failure Mode. Effect and Criticality Analysis

(FMECA) on Mechanical Subsystems of Diesel
Generator at NPP
Tae Woon Kim, Brijendra Singh,

Tae Yong Sung, Jin Hee Park, Yoon Hwan Lee
Advanced Research Group

Abstract
For the implementation of RCM in nuclear power plant, three steps

are required ; (1) Functional failure analysis (FFA), (2) Failure
mode, effect and criticality analysis (FMECA), (3) Logic tree
analysis (LTA). Emergency or standby diesel generators in nuclear
power plant take a important role in the accident situations. This
report presents FMECA results for six mechanical subsystems of
the diesel generators of nuclear power plants to improve the
reliability of those. The six mechanical subsystems are (1) Starting
air, (2) Lub oil, (3) Governor, (4) Jacket water cooling, (5) Fuel, and
(6) Engine subsystems. Generic and plant-specific failure and
maintenance records are reviewed to identify critical components/
failure modes. FMECA are performed for these critical component/
failure modes. After reviewing current preventive maintenance
activities of Wolsong Unit 1, draft RCM recommendations are
developed.
KAERI/TR-728/96
^ a
^- (RCM) 7 l ^ # ^fl^^U $14- RCM
71 H H711 (1) 71^-Jl^-^-^ (FFA), (2) j7^-s.H, S.4 ^

^ (FMECA), (3) ^ e j ^ s . ^ . ^ (LTA)^ A\)
67H
-Y-^^^l tfl^V FMECA ^ 4 1 - ^ J L ^ O ^ . A1B^
^ (1) ^ 7 l A l ^ , (2) <g-^-, (3) 3 : ^ 7 1 , (4) ^ 3 1 ^ , (5)

. nsl JI (6)
l ^ FMECA S f-
1^71 i til Cl^^-^l 71^1 ^ ^ 1 ^ ^

TABLE OF CONTENTS
Subject Page Number
I. Introduction - 1
II. FMECA Methodology 3
1. Selection of Critical Components 3
2. Failure Mode and Effect Analysis -- - 4
3. Classification of Criticality 4
4. Failure Probability of Components 5
III. FMECA on Diesel Generator Subsystems 6
1. Air start subsystem 6
2. Lube oil subsystem 8
3. Jacket water cooling subsystem 11
4. Governor subsystem 13
5. Fuel subsystem 14
6. Engine subsystem 15
IV. Conclusion 16
V. References 17
APPENDIX
I: List of Components of SDGs at Wolsong Unit 1 19
II: Current Preventive Maintenence Tasks of SDGs 21
III: Failure History of SDGs of Wolsong Unit 1 - 23
List of Tables
Table 1: FMECA Worksheet of Air start subsystem 26

Table 2: FMECA Worksheet of Lube oil subsystem 27
Table 3: FMECA Worksheet of Jacket water cooling subsystem 28
Table 4: FMECA Worksheet of Governor subsystem 29
Table 5: FMECA Worksheet of Fuel subsystem 30
Table 6: FMECA Worksheet of Engine subsystem 31
Table A. 1: List of Components of SDGs at Wolsong Unit 1 19
Table A.2. Current PM Activities of SDGs at Wolsong Unit 1 - 21
Table A.3: Starting Failure Records of SDGs at Wolsong Unit 1 -- 24
Table A.4: Running Failure Records of SDGs at Wolsong Unit 1 25
Failure Mode, Effect and Criticalitv Analysis (FMECA)
on Mechanical Subsystems of Diesel Generator at NPP
I. Introduction
The emergency or standby diesel generators in nuclear power plants
take a very important role in point of view of risk. If off-site AC
power source is not available in accident situations in nuclear power
plant, then on-site emergency AC power source i.e. diesel generators
should be available to actuate safety equipments such as pumps and
valves to cool down reactors. Therefore, high reliability is required
for the diesel generators.
There are two kinds of activities to maintain the reliability of safety

equipment of nuclear power plant; surveillance and maintenance,
respectively. Surveillance and maintenance activities also affect the
failure rate of the component. Surveillance is the key to mastering
modern maintenance. Surveillance is really the only way of
significantly decreasing the probability of major failures on large
components. There are two kinds of maintenance policies; corrective
maintenance and preventive maintenance. This two kind of activities
also impacts on the failure rate of equipment.
To improve the reliability of disel generators at nuclear power plants,

the reliability-centered maintenance (RCM) approach is adopted.
Largely, RCM approach can be divided into three phases; (1)
Functional failure analysis (FFA) on the selected system or
subsystem, (2) Failure mode, effect and criticality analysis (FMECA)
to identify the impact of failure to plant safety or economics, (3)
Logic tree analysis (LTA) to select appropriate preventive
maintenance and surveillance tasks. To provide for help during RCM
process on safety systems of nuclear power plant, the guidelines are
developed at first (KAERT/TR-665/96).
This report presents FMECA results for six mechanical subsystems

of the diesel generators of nuclear power plants. These are (1)
FMECA on Diesel Generator
Starting air, (2) Lub oil, (3) Governor, (4) Jacket water cooling, (5)
Fuel, and (6) Engine subsystems. Generic and plant-specific failure
and maintenance records are reviewed to identify critical
components/ failure modes. FMECA are performed for these critical
component/ failure modes.
Failure records of USA (NUREG/CR-2989), French plants (EdF

Rapport, DAS #584e), Kori Units 3&4 (KAERI/TR-363/93),
Wolsong Unit 1 are reviewed to identify which components have
frequent failures. Diesel generator operation handbook (Jones, C.T.)
is also used to identify critical failure modes. Hundreds of failure
components/modes are identified for each subsystem, at first. For the
selected failure components/modes, FMECA are performed. The
FMECA results are summarized in Tables 1 through 4.
To give help to understand major failure mechanisms and

conventional preventive maintenance (PM) activities, failure records
and current PM tasks of standby diesel generators (SDGs) of
Wolsong Unit 1 are provided in the Appendices.
II. FMECA Methodology
1. Selection of Critical Components
At first, a few of critical components in diesel generator are identified

by reviewing failure and maintenance records. Critical component is
a component of subsystem that has a critical failure mode. A
component failure mode having significant operational, safety or
maintenance efeects that warrants the selection of maintenance tasks
to prevent the failure mode from occuring. Figure 1 shows logical
diagram for critical component selection.
CONSEQUENCES OF
THE FAILURE MODE
Yes No
Impact on Safety ?
Yes No
Impact on Generation ?
Yes Impact on Cost of

Repairs ?
No
NON-CRITICAL COMPONENT
CRITICAL COMPONENT
Figure I: Logical Diagram for Critical Component Selection

2. Failure Mode and Effect Analysis
Failure modes of each component are identified using appropriate risk

measure. The most common criteria used to rank the criticality of a
component functional failure are related to their impacts on safety,
availability and maintenance costs. Past operating experience are also
useful to take decision of failure mode of component.
Failure modes and effects analysis (FMEA) is used to analyze system

to determine what the effects of individual components might be on
the entire assembly or system. At first, major assemblies of the
system are listed, after which each assembly is broken down into its
component elements. Each component is then studied to see how it
could fail, what could cause each type of failure, and the effect of
this failure on other components, subassemblies, and the entire
product. FMEA is a tool to systematically analyze all contributing
component failure modes and identify the resulting effects on the
system. The worksheet for FMECA is very useful to decide the
maintenance policies for component. If any new failure occurs during
maintenance period, it should be entered into the worksheet of
FMECA and how to detect this failure is also to be mentioned.
3. Classification of Failure Mode
The final step in the FMEA is to classify the component failure mode
as critical or non-critical. A critical component failure mode causes
the loss of function, it affects on plant safety or operation. If the
effects do not call for a critical classification, other factors to consider
include a high probability of failure and a large amount of corrective
maintenance. These factors, by themselves, do not make a failure
mode critical. Based on the operating experience for each part from
historical data, dominant failure modes are determined.
The criticality, i.e., the effect of any failure mode on component, is

classified as follows:
Classification of Impact on Component Example

Failure Mode
I. Safe This failure mode has negligible small
impact on the component. leakage
II. Marginal This failure mode will degrade bearing
the component to some extent but failure due to
will not damage the component. lack of lub
oil
III. Critical This failure mode will degrade piston failure
component performance and/or
will cause loss of function of
component/ system.
4. Failure Probability of Components
Critical components are subdivided into individual parts and each part
is treated as a separate component, since surveillance tests and
maintenance activities may only affect given parts instead of the
component. Therefore, the component failure rate should be replaced
by the sum of the failure rates of its parts.
III. FMECA on Diesel Generator Subsystems

Diesel generator is divided into five subsystems based on their
functions. The FMECA are described in main text and Tables 1
through 6 for these mechanical subsystems. These results are mainly
obtained from the generic information. The FMECA shown here are
subject to change as plant-specific knowledges are obtained.
1. Air start subsystem

2. Lube oil subsystem
3. Governor subsystem
4. Jacket water cooling subsystem
5. Fuel subsystem
6. Engine subsystem
1. Air start subsystem
Most of the diesel engine starting systems use compressed air. Air
may be injected directly into the cylinder through a distributor, or the
air may drive air motors that are geared to turn the engine.
The operator should check the starting air pipes on the engine at
point both before and after the air-starting distributor for signs of over
heating. If one or more pipes is usually hot, it is probable that an air
starting valve is not properly closed. The starting air system consists
of two redundant subsystems, consisting of a compressor, aftercooler,
dryer, and storage receiver. Starting air system is shown in Fig. 1.
Starting air
admission valves
Strainer ft Starting Air Header
1
Air
receiver
m
* Air start valves
Pressure gauge * Air distributors
* Governor oil
boost cylinder
Compressor/ Air Dryer

Aftercooler
Diesel Generator Engine

Control Panel
Figure 1: Air Start Subsystem
Critical components/ failure modes of air start subsystem

* Air compressor failed, because of bad bearing
* Air start solenoid valve, leaking or stuck open
* Air motor failed, because of bad bearings
* Air start valve plugged, from corrosion
FMECA worksheet for air start subsystem is given in Table 1.
Air start subsystem
Air start subsystem
Air compressor Air start

solenoid valves
Compressor Motor
Air start solenoid valve
The most common control failure in the starting air system is solenoid
valve failure. This valve fails to operate most frequently by not
closing completely or sticking open. Dirt or water in the air starting
system may cause this to happen. Water transports dirt and metal
particles and creates rust. The valve may stuck because of dirt and/
or water but additionally is susceptible to overheating and coil failure.
If, there is no maintenance for solenoid valve, then there is no need to
find out the cause of failure. Only replacement is the solution. So
time should be fixed according to old failure and maintenance
records. Some manufacturers specified operating environment.
Air compressor
The two primary failure modes of air compressor are insufficient

building of discharge pressure and/ or insufficient capacity. Leaking
discharge valves are the primary source of both failures. The valve
leakage may be age-related since the valve and valve seats wear over
time, or it may be caused by carbon buildup on the valve seats. The
carbon buildup is created as a result of lub oil in the air, which in turn
occurs from either failure to change lub oil as specified or a lack of
oil scrapper ring maintenance. In either event, the oil on the cylinder
walls will vaporize into the air and oxidize on the hot discharge valve
seat surface. Additionally, the failure to produce sufficient capacity
may be dirty intercoolers, which should be cleaned periodically.
Air compressor motor
If the motor fails to operate, it is most likely the result of dirt or water
(and rust) in the system. This dirt and rust from the air system piping
will cause internal wear of the motor and vanes and thus cause loss of
motor efficiency.
2. Lub oil subsystem
The life of lubricating oil is the period of time (based on operating

hours and regardless of the load carried) between changes of the oil
during which the oil provides optimum lubrication. If the engine is

operated with the lubricated oil at too low temperature, excessive
slugging can be expected. This condition will, in turn, lead to a short
filter element life, filter element bypassing, decreased plant capacity,
and an accelerated wear out rate. When lubricating oil heaters are
used in direct contact with the lubricating oil, there is always some
risk of coking. The heater skin temperature should not exceed 150C
(300F). This temperature will probably not be detectable, but the
heater should be inspected frequently for signs of carbon buildup.
Excessive carbon buildup will result in the burnout of the heater
element. The purpose of the lubricating oil pressure relief valve is to
regulate the working pressure of the lubricating oil throughout the
engine and to relieve any excessive pressures that may be developed
by lubricating oil pump.
Lub oil subsystem
Lube oil subsystem
Lube oil Lube oil Lube oil

pump cooler heater
Critical components /failure modes of lub oil subsystem
* Low lub oil temperature, because heater failed

* High lub oil pressure
* Lube oil pump bearing
Low level of lub oil
Leakage in oil cooler tube
Lub oil pump
Lub oil pumps are directly driven by the engine. In majority of the
engines of 500-kW and greater capacity, auxiliary motor-driven
FMECA on Diesel Generator 10
lubricating oil priming pumps are provided. If the flow of lubricating

oil to the lubricating pump is restricted, problems will develop (1) in
maintaining an adequate lubricating oil working pressure at the
bearings and probable shutdown of the engine by the protective
devices and (2) in gross wear in the lubricating oil pump casing in
way of the pump rotors.
Lub oil cooler
Lubricating oil coolers will leak when they are corroded, subjected to
high vibration, or overpressurized. In all cases, the pressures
prevailing in the lubricating oil cooler will be higher than in the
cooling liquid. When leakage occurs, the oil will flow to the coolant
as long as the engine is running, but it is possible that there might be a
small amount of coolant leakage but into a static engine. A leaking
lubricating oil cooler will readily be detected by observing the
sightglass in the coolant header tank, which will soon be occluded by
oil. Shortly thereafter, a drop in the sump lubricating oil level will be
noticed. As soon as a lubricating cooler is revealed to be leaked, the
following actions are to be taken: the engine must be stopped, the
cooling system must be drained, steps must be taken to replace or
repair the cooler, and the whole of the cooling system that has been
contaminated by oil must be cleaned.
All lubricating oil coolers will leak to the cooling water because
pressure of the lubricating oil system is higher than that of the raw
water circulating system.
FMECA worksheet for lub oil subsystem is given in Table 2.

3. Jacket water subsystem
The jacket water system, which provides cooling for the engine, oil
cooler, turbochargers, governor, and air coolers, is shown in Figure 2.
VENT
Jacket water high
temperature sensors
Standpipe
Temperature
Control Valve
Air Air
Cooler Cooler
JACKET WATER
HEAT EXCHANGER
i r
Out In
LUBE OIL COOLER
Figure 2: Jacket Water Cooling Subsystem
Diesel generator cooled by plant service water are equipped with heat
exchangers. Hot water from the diesel jacket flows through one side
of the heat exchanger and cooling water flows through the other.
When the diesel generator is not operating, cooling water does not
flow through the heat exchanger; but when the diesel starts, a
tachometer generates a signal that opens a valve through which

cooling water flows to the heat exchanger.
Designs on jacket water cooling source are different between

Wolsong Unit 1 and Units 2/3/4. Wolsong Unit 1 uses sea water as
jacket water heat exchanger cooling source. Wolsong Units 2/3/4 are
designed to use component cooling water system. Component cooling
water systems of Wolsong Units 1 and 2 have the same capacities.
Therefore, jacket water cooling source of Wolsong unit 1 can be
changed from current sea water to component cooling water system.
Jacket water subsystem
Jacket water subsystem
Heater Heat Radiator

exchanger tube
Critical components/ failure modes of jacket water subsystem
High water temperature, so DG trip

Service water fails either open or close
* Jacket water heater failed.
* Low jacket coolant pressure.
* Radiator tube leak
Leakage in
- Cooling water
- Radiator tube
- Gasket & O-rings
- Heat exchanger tube
Jacket water heater
The jacket water heater is fitted with a thermostatic control that

permits the engine jacket water to be maintained at 15 to 30 C (60
to 90 F). This is an adequate temperature for a standing unit in a
ready to run condition. Any higher temperature level will be
unnecessary, uneconomic, and damaging to the engine in several
respects.
Heat exchanger
The most frequent heat exchanger failure is leaking cooling water into
the lub oil or lub oil into the cooling water. This can be detected by
oil in the water reservoir or by a false increase in the lub supply. The
cause is usually either failure of the gaskets, improper installation of
the gaskets and seals during maintenance and repair, or failure of the
tubes in the cooler.
FMECA worksheet of jacket water subsystem is given in Table 3.
4. Governor subsystem
The purpose of the governor is to regulate the speed of the engine in

conformity with the engine's application. Governor itself is a
component.
Functions of governor
1. Load limiting governors are arranged to limit the load that may
be applied to an engine.
2. Variable speed governors will maintain any preset speed of an
engine regardless of load.
3. Speed limiting governor limits the minimum and maximum
speeds of an engine. The intermediate speeds are controlled by
an external, usually manual, means.
4. Isochronous or constant-speed governors maintain an engine at
preset constant speed regardless of load.
Critical components/ failure modes of governor subsystem
* Speed control fails (high and low speed), replace solenoid

* Dirt oil in governor
* Low governor oil pressure
* Low level of oil in governor
* Oil leak, replace gasket
FMECA worksheet for governor subsystem is given in Table 4.
5. Fuel subsystem
The fuel oil subsystem consists of bulk storage tanks, day tanks,
supply pipes, and pumps. The bulk storage tanks contain enough fuel
to operate at least one diesel genertor for 4 to 7 days. Each diesel
generator has a day tank which contains enough fuel to operate for 2
to 4 hours. Usually, redundant AC pumps transfer fuel from the bulk
tanks to the day tanks. An engine-driven pump or a gravity feeder
supplies the diesel engine with fuel from the day tank. The engine-
driven pump may have an AC, DC or manual backup pump. The bulk
tanks are frequently interconnected through pipes with normally
closed valves, but since the output lines from the day tanks are
usually not interconnected, each tank supplies only one diesel. There
are usually one or two manually-operated block valves in the supply
lines from the bulk tank to the day tanks. Alarms indacate low-low or
high-high levels in the day tanks and level switches in the day tanks
automatically control fuel transfer from the bulk tanks.
Failure modes of fuel subsystem
Some critical failure events, such as failure to start, failure to run,

secondary failure, and a lot of non-failure events have been occurred.
The injectors are machined to close tolerances because they have to
inject fuel into the cylinders under high pressure. Pipe leaks and
breaks are responsible for the fuel system failure. If fuel leak is found
during testing, the diesel generator is usually shut down immediately
to repair the leak as a precaution against fire hazards. For large leaks,
the diesel engine would have to be tripped to prevent a fire.
However, some of the leaks are small enough that the diesel engine
could be left running and the fuel spill controlled. Dominant failure
modes in fuel subsystems are plugging in fuel injection pipe and
leakeages through gasket and valves. Some of them resulted in
critical failures which prevent the diesel generator from proper
functioning and some are not critical failures. Some of failure modes
are as follows.
Fuel injector pump failed

* sticking fuel injectors
* lack of fuel
* low fuel oil pressure
Pipes leaks and breaks
* gaskets, valves, o-rings
* vibration
FMEA worksheet for fuel subsystem is given in Table 5.
6. Engine subsystem
Bearing failure may be caused by loss or deterioration of the

lubricating oil film between the bearing surfaces or dirty oils.
Critical components/ failure modes of engine subsystem
* Engine bearings
* Crankshaft
* Cylinder/ piston
FMEA worksheet for engine subsystem is given in Table 6.

IV. Conclusion
In this report, failure mode effect and criticality analysis of the diesel
generator of the nuclear power plants is described on the basis of
foreign and Korean failure and maintenance records. This report
describes six subsystems of diesel generator on the basis of functional
analysis and failure mode analysis for each component of the
subsystem. Actually this is the first phase for implementation of
RCM approach on diesel generator. This report is a trial application
of FMECA to diesel generator. A systematic functional failure
analysis and logic tree analysis will be performed in future. This
report will be helpful to select appropriate maintenance and
surveillance tasks, which will be described in separate report as third
phase of RCM analysis on diesel generator.
V. References
1. Tae Woon Kim, Brijendra Singh, Guidelines for Implementation

of RCM on Safety Systems, KAERI, TR-665/96, April 1996.
2. Clive T. Jones, Diesel Plant Operations Handbook, McGraw-Hill,
Inc., 1991.
3. K.Holmberg & A.Folkeson, Operational Reliability and
Systematic Maintenance, Elsevier Science Publishers Ltd., New
York 10010, USA, 1991.
4. Ronald T. Anderson, Lewis Neri, Reliability Centered
Maintenance: Management & Engineering Method, Elsevier
Science Publishers Ltd., New York 10010, USA, 1990
5. S.Martorell, A.Munoz & V.Serradell, An Approach to Integrating
Surveillance and Maintenance Tasks to Prevent the Dominant
Failure Causes of Critical Components, Reliability Engineering
and System Safety, Vol. 50, pp 179-187, 1995
6. Brijendra Singh, Design Review for Reliability and
Maintainability, National Conference on Emerging Trends in
Electronic Product Design and Technology, CEDT, Mohali,
Chandigarh, India, April 6-8, 1995.
7. Tae Woon Kim, Brijendra Singh, Guidelines for Implementation
of RCM on Safety Systems, KAERI, TR-665-95, April 1996.
8. Tae Woon Kim, Brijendra Singh, Chang K. Park, Tae Hee Chang,
Jin Bae Song, Development of RCM Framework for
Implementation on Safety Systems of Nuclear Power Plant,
Proceedings of the Korean Nuclear Society Spring Meeting,
Cheju, Korea, May 1996.
9. Tae Woon Kim, Brijendra Singh, RCM Approach to Improve the
Reliability of Diesel Generator, International Topical Meeting on
Probabilistic Safety Assessment, PSA'96, Park City, Utah,
September 29- October 3, 1996.
lO.G.L.Crellin, T.D.Matteson, A.M.Smith, Use of Reliability-
Centered Maintenance for the McGuire Nuclear Station
Feedwater System, Electric Power Research Institute, NP-4795,
1986
11. Maintenance and Test Records of Standby Diesel Generators of

Wolsong Unit-1 NPP, 1985-1993, KEPCO.
12T.C.Hook, E.A.Hughes, R.E.Levine, T.A.Morgan, L.M.Parker,
Application of Reliability-Centered Maintenance to San Onofre
Units 2 and 3 Auxiliary Feedwater System, Electric Power
Research Institute, NP-5430, 1987.
13.Handbook on Safety Related Maintenance, IAEA, Vienna,
October, 1993.
14. A.F.Colas, Reliability of Emergency Diesel-Generators Used in
French NPP: Evaluation of the Failure Rate and Its Failure Trend
and Disfuctions Review, EdF, Rapport DAS #584e, April 1989.
15.S.M.Wong, J.L.Boccio, S.Karimian, M.A.Azarm, J.Carbonano,
G.DeMoss, Trial Application of Reliability Technology to
Emergency Diesel Generators at the Trojan Nuclear Power Plant,
BNL-NUREG-38841.
16.Tae Woon Kim, Won Dea Jung, Jin Hee Park, Chang K. Park,
Survey and Analysis of the Loss of Off-Site Power Events on
Korean Nuclear Power Plants and the Reliability / Unavailability of
Emergency Diesel Generators of Kori Units 3&4, KAERI, TR-
363/93, May 1993.
APPENDIX I
Table A.I: List of Components of SDGs at Wolsong Unit 1
COMPONENT CODE COMPONENT COMPONENT NAME

CODE
SDG#1 SDG#2
5200-SDG-01 5200-SDG-01 DIESEL ENGINE
5200-AC-01 5200-AC-01
5200-OHR-01 5200-OHR-01
5200-OTR-1 5200-OTR-1
5200-TC-1 5200-TC-2 TURBO CHARGER
5200-TBO-2 5200-TBO-2
5200-V-01 5200-V-02 MAKE-UP TANK FLOAT VALVE
5211-AC-01 5211-AC-01
5224- FUEL OIL SUBSYSTEM
5224-FR-211 5224-FR-212 DUPLEX FILTER
5224-P-101, 103 5224-P-102, 104 FUEL OIL TRANSFER PUMP
5224-P-211 5224-P-213 MOTOR-DRIVEN FUEL OIL BOOSTER PUMP
5224-P-212 5224-P-214 ENGINE-DRIVEN FUEL OIL BOOSTER PUMP
5224-STR-101 5224-STR-102 DUPLEX SUCTION STRAINER
5224-STR-211,212 5224-STR-213.214 STRAINER (Y-TYPE)
5224-TK-01 5224-TK-02 FUEL OIL DAY TANK
5224-TK-101, 103 5224-TK-102, 104 FUEL OIL STORAGE TANKS
5225- AIR START SUBSYSTEM
5225-ECP-1 5225-ECP-2 ENGINE-DRIVEN AIR COMPRESSOR
5225-MCP-1 5225-MCP-2 MOTOR-DRIVEN AIR COMPRESSOR
5225-RC-01.02 5225-RC-03, 04 AIR RECEIVER
5225-TP-7001.2 5225-TP-7003, 4 AIR TRAP
5281- JACKET WATER SUBSYSTEM
5281-HX-221 5281-HX-222 FUEL VALVE COOLER
5281-HX-225 5281-HX-226 INTERCOOLER
5281-HX-227 5281-HX-228 JACKER WATER COOLER
5281-HTR-01 5282-HTR-02 THERMOSTATICALLY CONTROLLED HEATER
5281-P-001 5281-P-002 JACKET WATER STANDBY CIRCULATING PUMP
5281-P-221 5281-P-222 MOTOR-DRIVEN FUEL VALVE COOLING PUMP
5281-P-223 5281-P-226 MOTOR-DRIVEN JACKET WATER STANDBY
PUMP
5281-P-224 5281-P-227 ENGINE-DRIVEN J.W. PUMP
5281-P-225 5281-P-228 MOTOR-DRIVEN HEATER CIRCULATING PUMP
5281-TK-221 5281-TK-222 J.W. MAKE-UP TANK

5281-TK-3 5281-TK-4 J.W. MAKE-UP HEAD TANK
5282- LUB OIL SUBSYSTEM
5282-FR-201 5282-FR-203 LUB OIL FILTER
5282-FR-202 5282-FR-204 DUPLEX FILTER
5282-HX-201 5282-HX-202 LUB OIL COOLER
5282-HTR-01 5282-HTR-02 THERMOSTATICALLY CONTROLLED HEATER
5282-P-001 5282-P-002 LUB OIL STANDBY CIRCULATING PUMP
5282-P-201 5282-P-206 ENGINE-DRIVEN LUB OIL PUMP
5282-P-202 5282-P-207 MOTOR-DRIVEN STANDBY LUB OIL PUMP
5282-P-203 5282-P-208 LUB OIL KEEP WARM PUMP
5282-P-204 5282-P-209 ENGINE-DRIVEN ROCKER LUB OIL PUMP
5282-P-205 5282-P-210 MOTOR-DRIVEN ROCKER ARM LUB OIL PUMP
5282-P-221 5282-P-222
5282-PRV-7208 5282-PRV-7228
5282-PRV-7213 5282-PRV-7233
5282-STR-201.202 5282-STR-203, 204
APPENDIX II
Current preventive maintenence tasks of standbv diesel generators

ofWolsong Unit 1
Table A.2 describes current preventive maintenance activities on

standby diesel generators (SDGs) of Wolsong Unit 1, which is
performed by mechanical department.
Table A.2: Currnet Preventive Maintenance Activities on Standby Diesel

Generators (SDGs) in Mechanical Department of Wolsong Unit 1.
Sub- Component ID Component Name Preventive Maintenance Task Period

system
Fuel 5281-P221, Fuel bay cooling Pump Bearing 1Y
222 pump
Fuel 5224-P103, Stby fuel oil Coupling 1Y
104 transfer pump
Air 5224-RC 1, 3 Starting air Rotor Bearing 6M
start compressor
Air 5224-RC 1,3 Motor driven Compressor side 1Y
start Starting air 1. sump lub. oil change
compressor 2. sump oil suction FR
Check, Cleaning, Change
when necessary
Air 5224-RC 2, 4 Engine driven 1. Engine side: sump lub oil 1Y
start Starting air change
compressor 2. Compressor side : sump
lub oil change
Gover 5224-RC 2,4 Governor Oil Level Check 1Y
nor
Jacket 5281-P225 Jacket water keep LPump Bearing 1Y
water warm pump 2.Coupling
Sub- Component ID Component Name Preventive Maintenance Task Period

system
Lub oil 5282-SDG 1, 2 Lub. Oil Change 1. Rocker lub oil reservoir 1Y
2. Governor
3. Turbo Charger oil
4. Gen. bearing
Lub oil 5200-SDG 1, Lub. Oil Sampling Engine sump lub. oil 2W
2 Analysis sampling, analysis
Engine 5200-SDG 1, Cylinder Measure the cylinder max. 1M
2 pressure and temp.
Gover 5200-SDG 1, Governor control Rack Bearing 6M
nor 2 rack
Lub oil 5282- PM 1, 2 Motor driven lub oil Motor Bearing 1Y
pump
Lub oil 5282- P208 Lub oil keep warm Coupling 1Y
pump
APPENDIX III
Failure history of SDGs of Wolsong Unit 1
Start and running failure records of Wolsong Unit 1 during 9 years

(85 - 93) are shown in Tables A.3 and A.4.
A. Start failure history
The most dominant failure modes are overspeed and underspeed trip
signals in engine. The causes of these trip signals are due to fault
setpoint in time delay relay, fault speed transmitter, wear sarting air
solenoid valve, etc.
The other failure modes are low pressure trip due to fuel line valve
leakages and low flow trip at air compressors.
B. Running failure history
The most dominant failure modes of running failures are leakages in

gaskets, valves, and tubes of fuel oil, jacket water, and lub oil
subsystems. These failures resulted in high temperature in engine and
high leakages in jacket water subsystems, loss of seal in pump, etc.
The next dominant failure modes are syncronization failures due to

breaker failure and safety bus failures after auto start. Some of these
failures may not belong to DG failures, but may belong to the
component group of bus or breaker.
Table A.3: Start Failure Records of SDGs of Wolsong Unit 1
Date # Run Repair Contents

Hours Hours
85.01.14 1 ? 1 Under speed trip at 480 RPM during startup. Control
circuit checked but no problem identified.
85.01.15 2 ? 11.37 Start failure occurred that starting block and lock out
relay checked. Magnetic contactor and cable at jacket
water heater (5281-htrO2) degradation identified,
replaced. Leakage at fuel oil line valve that
V7215, 7216, 7225, 7226, 7227 replaced.
85.12.17 2 0.24 230.66 Triped by lub oil low pressure signal
86.07.07 2 0.25 103.00 No POWER assession (DR#2103), after startup.
87.03.22 1 1.68 144.5 Overspeed trip immediately after startup for the
154/345KV transfer operation.
88.02.02 1 0.1 18 Triped by low water flow trip signal at motor driven air
compressor.
88.02.27 2 0.1 2 Leakage at fuel oil return line. Inservice after plugging
tightening.
88.02.29 1 0.1 18 Triped by low water flow signal at lub oil pressure and
motor driven air compressor. Fault setpoint in lub oil
pressure low trip TD timer is identified.
90.12.10 2 0 2.42 Overspeed trip immediately after startup. Wear found
in internals of STARTING AIR SOLENOID VALVE,
replaced.
91.06.26 2 0 12.3 Generator to be started automatically when 345KV
breaker (61022 H-1) triped, but not started
automatically. SPEED TRANSMITTER replaced.
91.06.27 2 0 21.12 Overspeed trip immediately after startup by LOCA
signal. SPEED TRANSMITTER checked.
91.07.08 2 0.02 54.35 Due to abnormal indication of frequency, voltage,
engine speed, etc., after startup, stoped mannually.
93.08.16 2 0 8.25 Triped by no good material in cylinder and no good
condition of O-Ring.
93.09.13 2 0.12 1.5 Triped by Under frequency and over voltage (UFOV)
signal.
93.10.18 1 0 11.18 Overspeed and engine lockout alarm occurred and
ENGINE SPEED reduced from 530RPM to 100RPM,
manual stop.
93.10.22 2 ? ? Generator output incerease to maximum.
93.11.29 2 ? ? Generator output incerease to maximum due to fault
in timer.
Table A.4: Running Failure Records of SDGs of Wolsong Unit 1
Date # Run Repair Contents

Hours Hours
85.05.07 2 0.7 4.43 Start for surveillace test, jacket water leakage
in cylinder, so stoped.
87.08.17 2 ? 101 Lub oil cooler tube leak due to corrosion by sea
water.
87.07.27 1 ? 27.3 Stoped because bearing temperature in main
shaft increasing. Overhaul and clean the lub oil
cooler and jacket water cooler.
87.11.21 2 0.03 414.7 Loss of seal in engine-driven pump. Replace
seal and gasket, rework for pump shaft at out
site.
87.12.21 1 1.5 117.4 At the linking of flange of engine-driven lub oil
pump exit, lot of lub oil leaked, gasket replaced.
88.01.29 2 1 3 Leak at the link of vent cock in cylinder.
91.06.28 2 0.18 Failure during loss of Class IV power test.
92.07.27 1 1 96.17 Irregular noise in engine.
92.09.07 1 0.25 242.7 Not automatically syncronized due to some
problem in AVR.
92.09.07 1 0.25 Not syncronized again after some check.
92.10.29 1 0.38 2.42 Start for the design load test, but breaker
(BUE/02) tripped.
92.10.29 1 0.42 12.12 After check of the breaker, restart, but oil
leakge in fuel supply line to cylinder.
92.10.30 1 ? ? Started automaticcally during loss of Class IV
power test, but triped by HIGH SPEED RELAY.
93.11.22 2 0.43 15.05 Start for the test, but breaker (BUE/02) tripped,
not syncronized. manual stop.
Table 1. FMECA of Air Start Subsystem
Component Part Failure Impact Failure Effect on How to Failure Current Recommendation
Mode Cause other detect Probability
component
or system
1. Air l.Oil low temp II Yes Change in 1 temperature sensor
compressor or high Yr. needed
temp
2.Bearing II dirt oil or No Change in 6
lack of oil months
3. leak ageing,
discharge seat wear,
valve carbon
buildup
4. motor fail to II dirt or water
operate in the
system will
cause wear
of motor
2. Air start 1 .Leaking Safety (1) No No PM, Change every ~
solenoid maintenance, - month
valve only replace TDT
2. Stuck Safety dirt and/or No Every six
open water month
PM
26
Table 2: FMECA of Lube Oil Subsystem
Component Failure Mode Class of Failure Cause Effect on How to Failure Current Recommendation
Failure other detect Probability
Mode componen
t or system
l.Lube oil pump Pump damage II Lack of Yes Noise Change in 1 PM based on
Lubrication Yr. operating time.
in Bearing Vibration check
2.Lube oil cooler Leakage in II High Yes Visual No Change the
cooler tube pressure, check Maintenance Material. Analysis
corrosion by of mererial of tube
sea water required.
3.Lube oil heater Burn out of II Carbon Yes Surveillance No Preventive
coil buidup on test Maintenance maintenance
coil (some kind of
inspections are
needed)
4.Tank of oil Leakage in oil PM
cooler tube,
oil level
27
Table 3: FMECA of Jacket Water Subsystem
Component Failure Mode Class of Failure Effect on How to detect Failure Current Recommendation
Failure Cause other Probabilit
Mode component y
or system
1. Heater damage II carbon Yes During the
buildup, surveillance
corrosion test
2.Heat Exchanger leakage II corrosion No Change cooling
by sea source by C.C.W.
water system
3.Radiator tube leakage II corrosion
4.Gasket, O-rings leakage II No Change based on
operating time
28
Table 4: FMECA of Governor Subsystem
Component Failure Mode Class of Failure Effect on How to detect Failure Current Recommendation
Failure Mode Cause other Probability
component
or system
1 .Governor Dirt oil II During
Maintenance
Low oil pressure II
Low level of oil II Seurveillance 1 year TDT
Speed II Sensor
29
Table 5: FMECA of Engine Subsystem
Component Failure Mode Class of Failure Effect on How to Failure Current Recommendation
Failure Cause other detect Probability
Mode component or
system
1. O-rings leakage II
2. Piston
3. Engine Bearing loss of
deterioration
of lubricating
oil
30
Table 6: FMECA of Fuel Subsystem
Component Failure Mode Class of Failure Effect on How to Failure Current Recommendation
Failure Cause other detect Probability
Mode component or
system
1. Gasket leakage II
2. O-ring leakage
3. Pipes leakage in
pipe
4. Fuel Injector Low pressure
Pump failed or lack of fuel
oil
31
BIBLIOGRAPHIC INFORMATION SHEET
Performing Org. Sponsoring Organization Standard Report INIS Subject Code

Report No. Report No. No.
KAERI/TR-000/96
Title/Subtitle Failure Mode, Effect, and Criticality Analysis (FMECA) on Mechanical

Subsystems of Diesel Generator at NPP
Project Mgr. Dr. Tae Woon Kim (Head, Reliability Analysis,
Advanced Research Group, KAERI)
Researchers Dr. Brijendra Singh (Post-Doc Fellow from India),
Mr. Tae Yong Sung, Mr. Jin Hee Park, Mr. Yoon Hwan Lee
Pub. Place Taejon Pub. Org. KAERI Pub. Date June 1996
Page 40 Fig. & Tab. Yes(0),No( ) Size 4X6
Note
Classified Open (0), Outside ( ), Class Report Type Technical Report
Sponsoring Org. MOST Contract No. 53117-95
Abstract
Largely, the RCM approach can be divided in three phases; (1) Functional failure analysis
(FFA) on the selected system or subsystem, (2) Failure mode, effect and criticality analysis
(FMECA) to identify the impact of failure to plant safety or economics, (3) Logic tree analysis
(LTA) to select appropriate preventive maintenance and surveillance tasks.
This report presents FMECA results for six mechanical subsystems of the diesel generators
of nuclear power plants. The six mechanical subsystems are Starting air, Lub oil, Governor,
Jacket water cooling, Fuel, and Engine subsystems. Generic and plant-specific failure and
maintenance records are reviewed to identify critical components/ failure modes. FMECA was
performed for these critical component/ failure modes. After reviewing current preventive
maintenance activities of Wolsong Unit 1, draft RCM recommendations are developed.
Subject Diesel Generator, RCM, FMECA, Failure Mode, Surveillance Test,

Keywords Preventive Maintenance, Nuclear Power Plant
KAERI/TR-000/96
(FMECA)
40 4X6
53117-95
cfl i ^ a] -g-
M)
741-f- 71 ^ J L ^ - ^ - ^ (FFA), (2)
(FMECA), ^ s ^ J l (3)
s . - ^ (LTA) 5L
67fl (FMECA)
2:^71,
FMECA S - | -
Failure Mode. Effect and Criticality Analysis
Diesel Generator at NPP.
1996*? IE 9 B EPfi'J
1996 7 n 1] B tf
WilK & W *
150

FMEA - Diesel Generator

Uploaded by

Copyright:

Available Formats

FMEA - Diesel Generator

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

FMEA - Diesel Generator

Uploaded by

Copyright:

Available Formats

KAERI/TR-728/96 KR9600263

Failure Mode, Effect and Criticality Analysis

Reliability Analysis, Advanced Research Group

Failure Mode, Effect and Criticality Analysis

Reliability Analysis, Advanced Research Group

Authors are thankful to the members of Advanced Research

Failure Mode. Effect and Criticality Analysis

Tae Woon Kim, Brijendra Singh,

Advanced Research Group

For the implementation of RCM in nuclear power plant, three steps

^- (RCM) 7 l ^ # ^fl^^U $14- RCM

71 H H711 (1) 71^-Jl^-^-^ (FFA), (2) j7^-s.H, S.4 ^

^ (1) ^ 7 l A l ^ , (2) <g-^-, (3) 3 : ^ 7 1 , (4) ^ 3 1 ^ , (5)

1^71 i til Cl^^-^l 71^1 ^ ^ 1 ^ ^

Subject Page Number

Table 1: FMECA Worksheet of Air start subsystem 26

There are two kinds of activities to maintain the reliability of safety

To improve the reliability of disel generators at nuclear power plants,

This report presents FMECA results for six mechanical subsystems

Failure records of USA (NUREG/CR-2989), French plants (EdF

To give help to understand major failure mechanisms and

II. FMECA Methodology

1. Selection of Critical Components

At first, a few of critical components in diesel generator are identified

Yes Impact on Cost of

Figure I: Logical Diagram for Critical Component Selection

2. Failure Mode and Effect Analysis

Failure modes of each component are identified using appropriate risk

Failure modes and effects analysis (FMEA) is used to analyze system

3. Classification of Failure Mode

The criticality, i.e., the effect of any failure mode on component, is

Classification of Impact on Component Example

4. Failure Probability of Components

III. FMECA on Diesel Generator Subsystems

1. Air start subsystem

1. Air start subsystem

Strainer ft Starting Air Header

Compressor/ Air Dryer

Diesel Generator Engine

Figure 1: Air Start Subsystem

Critical components/ failure modes of air start subsystem

FMECA worksheet for air start subsystem is given in Table 1.

Air start subsystem

Air start subsystem

Air compressor Air start

Air start solenoid valve

The two primary failure modes of air compressor are insufficient

Air compressor motor

2. Lub oil subsystem

The life of lubricating oil is the period of time (based on operating

during which the oil provides optimum lubrication. If the engine is

Lub oil subsystem

Lube oil subsystem

Lube oil Lube oil Lube oil

Critical components /failure modes of lub oil subsystem

* Low lub oil temperature, because heater failed

Lub oil pump

lubricating oil priming pumps are provided. If the flow of lubricating

Lub oil cooler