IAEA Headquarters in Vienna, Austria 6 to 9 June 2017 Ref No.: CN-251. Ivica Bašić, Ivan Vrbanić APoSS d.o.o.

Similar documents
Considerations for the Practical Application of the Safety Requirements for Nuclear Power Plant Design

Review and Assessment of Engineering Factors

Safety Analysis: Event Classification

The «practical elimination» approach for pressurized water reactors

SAFETY APPROACHES. The practical elimination approach of accident situations for water-cooled nuclear power reactors

Workshop Information IAEA Workshop

Safety Classification of Structures, Systems and Components in Nuclear Power Plants

IAEA SAFETY STANDARDS for protecting people and the environment

CONTENTS OF THE PCSR CHAPTER 1 - INTRODUCTION AND GENERAL DESCRIPTION

DESIGN OF REACTOR CONTAINMENT STRUCTURE AND SYSTEMS FOR NUCLEAR POWER PLANTS

IAEA SAFETY STANDARDS for protecting people and the environment

DISTRIBUTION LIST. Preliminary Safety Report Chapter 19 Internal Hazards UK HPR1000 GDA. GNS Executive. GNS all staff. GNS and BRB all staff CGN EDF

DESIGN OF REACTOR CONTAINMENT STRUCTURE AND SYSTEMS FOR NUCLEAR POWER PLANTS

MDEP Common Position No AP

How to reinforce the defence-indepth in NPP by taking into account natural hazards?

Workshop Information IAEA Workshop

Severe Accident Management Programmes for Nuclear Power Plants

Nuclear Safety Regulation: Before and after Fukushima*

Enhancing NPP Safety through an Effective Dependability Management

HEALTH AND SAFETY EXECUTIVE HM NUCLEAR INSTALLATIONS INSPECTORATE

Assessment of Internal Hazards

DRAFT REGULATORY GUIDE DG-1074

-. 30ýv. Entergy ARKANSAS NUCLEAR ONE - UNIT I IMPROVED TECHNICAL SPECIFICATIONS SUBMITTAL. 05/01101 Supplement Volume 2 of 2. (Sections 3.7 and 3.

The Nitrogen Threat. The simple answer to a serious problem. 1. Why nitrogen is a risky threat to our reactors? 2. Current strategies to deal with it.

Assessing Combinations of Hazards in a Probabilistic Safety Analysis

FUNDAMENTAL SAFETY OVERVIEW VOLUME 2: DESIGN AND SAFETY CHAPTER P: REFERENCE OPERATING CONDITION STUDIES (PCC)

Loss of Normal Feedwater Analysis by RELAP5/MOD3.3 in Support to Human Reliability Analysis

Safety and efficiency go hand in hand at MVM Paks NPP

IEM on Severe Accident Management in the light of the accident at the Fukushima Daïchi NPP

Ranking of safety issues for

Engineering & Projects Organization

UKEPR Issue 01

STEP 3 INTERNAL HAZARDS ASSESSMENT OF THE EDF and AREVA UK EPR DIVISION 6 ASSESSMENT REPORT NO. AR 09/026-P

ONR GUIDE. Internal Hazards. Nuclear Safety Technical Assessment Guide. NS-TAST-GD-014 Revision 4

Complementarity between Safety and Physical Protection in the Protection against Acts of Sabotage of Nuclear Facilities

PROCEDURE. April 20, TOP dated 11/1/88

RISKAUDIT GRS - IRSN Safety assessment of the BELENE NPP

Effects of Delayed RCP Trip during SBLOCA in PWR

Every things under control High-Integrity Pressure Protection System (HIPPS)

Evaluation and Demonstration of Safety of Decommissioning of

Regulatory requirements with respect to Spent Fuel Pool Cooling

DISTRIBUTION LIST. Preliminary Safety Report Chapter 7 Safety Systems UK HPR1000 GDA. GNS Executive. GNS all staff. GNS and BRB all staff CGN EDF

10. SYSTEM ANALYSIS. The assessment consist of two elements: Safety Analysis Report and an independent Review of Safety Report.

Safety Standards for Decommissioning Activities

Office for Nuclear Regulation

AP1000 European 19. Probabilistic Risk Assessment Design Control Document

Technical Specification Bases Update to the NRC for Period Dated

REGULATORY OBSERVATION

SHUTDOWN SYSTEMS: SDS1 AND SDS2

FUNDAMENTAL SAFETY OVERVIEW VOLUME 2: DESIGN AND SAFETY CHAPTER F: CONTAINMENT AND SAFEGUARD SYSTEMS 7. CONTAINMENT HEAT REMOVAL SYSTEM (EVU [CHRS])

Nuclear safety Lecture 4. The accident of the TMI-2 (1979)

UKEPR Issue 04

An Improved Modeling Method for ISLOCA for RI-ISI and Other Risk Informed Applications

SENSITIVITY ANALYSIS OF THE FIRST CIRCUIT OF COLD CHANNEL PIPELINE RUPTURE SIZE FOR WWER 440/270 REACTOR

DATA ITEM DESCRIPTION Title: Failure Modes, Effects, and Criticality Analysis Report

Recent Research on Hazards PSA

FUNDAMENTAL SAFETY OVERVIEW VOLUME 2: DESIGN AND SAFETY CHAPTER I: AUXILIARY SYSTEMS. A high-capacity EBA system [CSVS] [main purge]

Verification and validation of computer codes Exercise

Containment Isolation system analysis and its contribution to level 2 PSA results in Doel 3 unit

FUNDAMENTAL SAFETY OVERVIEW VOLUME 2: DESIGN AND SAFETY CHAPTER I: AUXILIARY SYSTEMS 2. VOLUME AND CHEMICAL CONTROL (RCV [CVCS])

UKEPR Issue 04

NUBIKI Nuclear Safety Research Institute, Budapest, Hungary

(C) Anton Setzer 2003 (except for pictures) A2. Hazard Analysis

GDA Issue GI-AP1000-ME-01 Squib valve concept and design substantiation

Safety Standards. of the Nuclear Safety Standards Commission (KTA)

ASVAD THE SIMPLE ANSWER TO A SERIOUS PROBLEM. Automatic Safety Valve for Accumulator Depressurization. (p.p.)

Ing. JOZEF BALÁŽ Ph.D. and Ing MILAN CVAN CSc

Understanding safety life cycles

Preliminary Failure Mode and Effect Analysis for CH HCSB TBM

TITLE. Proposed new text Reason Accepted Accepted, but modified as follows

IC67 - Pre-Instructional Survey

CNS In-Pool Assembly Mechanical Design for OYSTER Project

SAFETY DEMONSTRATION TESTS ON HTR-10

Safety assessments for Aerodromes (Chapter 3 of the PANS-Aerodromes, 1 st ed)

Inspection Credit for PWSCC Mitigation via Peening Surface Stress Improvement

TEPCO s Safety Assurance Philosophy on Nuclear Power Generation Plants

ACCIDENT MANAGEMENT AND EPR AT DUKOVANY NPP

Nuclear Safety. Module 3 DEFENSE IN DEPTH. Reacu03.ppt. Slide!

Eutectic Plug Valve. SIL Safety Manual. SIL SM.015 Rev 0. Compiled By : G. Elliott, Date: 19/10/2016. Innovative and Reliable Valve & Pump Solutions

Reliability of Safety-Critical Systems Chapter 4. Testing and Maintenance

This publication is no longer valid Please see Application of the Single Failure Criterion

LECTURE 3 MAINTENANCE DECISION MAKING STRATEGIES (RELIABILITY CENTERED MAINTENANCE)

FP15 Interface Valve. SIL Safety Manual. SIL SM.018 Rev 1. Compiled By : G. Elliott, Date: 30/10/2017. Innovative and Reliable Valve & Pump Solutions

Probabilistic safety assessment of fire hazards

NE 405/505 Exam 2 Spring 2015

NKS PODRIS project. Importance of inspection reliability assumptions on piping failure probability estimates

Dynamic Context Quantification for Design Basis Accidents List Extension and Timely Severe Accident Management

Classical Event Tree Analysis and Dynamic Event Tree Analysis for High Pressure Core Melt Accidents in a German PWR

RISK-INFORMED OPTIMIZATION OF SURVEILLANCE TEST INTERVALS. Sami Sirén 1, Kalle Jänkälä 2

UKEPR Issue 05

Custom-Engineered Solutions for the Nuclear Power Industry from SOR

Lecture 04 ( ) Hazard Analysis. Systeme hoher Qualität und Sicherheit Universität Bremen WS 2015/2016

Advanced LOPA Topics

THE NITROGEN INJECTION THREAT IN PWR REACTORS

QUANTIFYING THE TOLERABILITY OF POTENTIAL IGNITION SOURCES FROM UNCERTIFIED MECHANICAL EQUIPMENT INSTALLED IN HAZARDOUS AREAS

Pressure Equipment Directive PED 2014/68/EU Commission's Working Group "Pressure"

Solenoid Valves used in Safety Instrumented Systems

DeZURIK Double Block & Bleed (DBB) Knife Gate Valve Safety Manual

Containment Structure Performance as Controlled by Penetrations and Extensions

Office for Nuclear Regulation

Transcription:

Overview And Comparison Of International Practices Concerning The Requirements On Single Failure Criterion With Emphasize On New Water-Cooled Reactor Designs Presentation on International Conference on Topical Issues in Nuclear Installation Safety: Safety Demonstration of Advanced Water Cooled Nuclear Power Plants IAEA Headquarters in Vienna, Austria 6 to 9 June 2017 Ref No.: CN-251 Ivica Bašić, Ivan Vrbanić APoSS d.o.o.

Single Failure Criteria? Similar definition through various regulatory framework (IAEA, USA NRC, WENRA, EUR, national regulation,...) IAEA SSR-2/1 rev.1: The single failure is a failure that results in the loss of capability of a system or component to perform its intended safety function(s) and any consequential failure(s) that result from it. 5.39. Spurious action shall be considered to be one mode of failure when applying the concept to a safety group or safety system. 5.40. The design shall take due account of the failure of a passive component, unless it has been justified in the single failure analysis with a high level of confidence that a failure of that component is very unlikely and that its function would remain unaffected by the postulated initiating event.

Single Failure Criteria? Different demonstration of SFC. Concerns? Applicability in Defense in Depth (DiD) Definition of SSC boundary Definition of SSC intended safety function Definition of required SSCs capability Demontration of capability with different DSA approcahes (conservative, BE, BE+uncertanity...) Definition consequential failure US NRC SECY-77-439 (1977!) among other things identified also potential problems have been encounted: additional passive failures (long term and accelerated wear), valve failures (passive failures of dropping a valve disc), electrical power (and I&C, now very actual due to lot digital I&C), operator error, etc.

Level of Defence in Depth (DiD) for the design of new NPPS Level of defense Level 1 Level 2 Level 3a Level 3b Level 4 Level 5 Objective Essential design means Essential operational means Prevention of abnormal operation and failures Control of abnormal operation and detection of failures Control of design basis accidents (postulated single initiating events) Control of design extension conditions to prevent core melt Control of design extension conditions to mitigate the consequences of severe accidents Mitigation of radiological consequences of significant releases of radioactive materials Conservative design and high quality in construction of normal operation systems, including monitoring and control systems Limitation and protection systems and other surveillance features Engineered safety features (safety systems) Safety features for design extension conditions without core melt Safety features for design extension conditions with core melt. Technical Support Centre On-site and off-site emergency response facilities Operational rules and normal operating procedures Abnormal operating procedures/emergency operating procedures Emergency operating procedures Emergency operating procedures Complementary emergency operating procedures/ severe accident management guidelines On-site and off-site emergency plans Based on INSAG-10, presents the current approach as derived from SSR-2/1 Rev. 1

Level of DiD 1 2 Level of Defence in Depth (DiD) vs PDC various approcahes IE Frq. / yr EUR WENRA STUK US-NRC ASME Service Levels f=1 f>10-1 3 10-1 <f<10-2 4a 10-2 <f<10-4 10-4 <f<10-6 DBC 1, Normal Operation DBC 2 Incidents DBC 3, Accidents of low Frequency DBC 4, Accidents of very low Frequency Complex Sequences Normal Operation Anticipated Operational Occurances Design Basis Accidents 3.a Postulated Single Initiating Events Design Basis Accidents 3.b Postulated Multiple Initiating events DEC A for which prevention of severe fuel damage in the core or in the spent fuel storage can be achieved; DBC 1, Normal Operation DBC 2, Anticipated Operational Occurances DBC 3, Class 1 postulated accidents 10-2 <f<10-3 DBC 4, Class 2 postulated accidents f<10-3 DEC A DEC B Normal Operation Anticipated Operational Occurances (AOO) Design Basis Accidents (DBA) (Limiting Faults) Beyond Design Basis Accidents A B C D 10-6 >f N/A 4b 5 Severe Accidents DEC B with postulated severe fuel damage. DEC C Severe Accidents

Safety Demonstration - Deterministic Approach Safety Limits and Limiting Conditions for Operation Peak cladding temperature (PCT) Departure of nucleate boiling (DNB) Negative Reactivity Coefficient Primary and secondary pressures Hydrogen production Adequate Safety Margins Safety Functions Reactor Trip Decay Heat Removal Subcriticality Single Failure Criteria Redundancy Diversity Reliability Human-Machine Interface Procedure Training (simulators)

Design of SSC The conditions generated by external and internal hazards and criteria for capability, layout, margins, reliability and availability, provide input to the design basis of the SSCs. Although the figure does not differentiate these conditions and criteria for the different families of equipment, it should be considered that the conditions and criteria depend on the safety classification of the specific plant equipment. For example, SSR-2/1 requires the application of the SFC for the design of safety systems for DBA it is not required for the design of safety features for DECs.

Traditional Safety Systems Concepts 8

SFC applications for new designs?

SFC applications for new passive SSCs? Standard PWR AP1000 IRWST PRHR HX CMT Accumulator 10 10

Regulatory Position SFC APPLICATION IN THE CONTEXT NEW WATER- COOLED REACTOR DESIGNS SFC applied to safety group or individual system What systems have to meet SFC? Is SFC applied during planned maintenance? Is SFC applied during a repair within AOT? IAEA Safety system General approach: systems which Not discussed directly in regulations. WENRA Safety system prevent radioactive releases in EUR Assembly of environment. The allowable periods of safety systems Equipment inoperability a nd the cumulative effects of (combina tion of Because of different designs, these periods should be assessed in order to systems and system names and description it ensure that any increase in risk is kept to components that can be related to: acceptable levels. perform a specific Reactor Protection System function) Engineering Safety US NRC Safety system Feature Actuation System Core Decay Heat Removal System Emergency Core Cooling Finish (STUK) Safety system System Containment decay heat Not discussed directly in regulations. removal system The PSA shall be used to determine the Containment Isolation surveillance test intervals and allowed System outage times of systems and components MCR Habitability System important to safety. Actually, it is simila r with Emergency AC/DC power above. Safety System Support System (Component Cooling Water, etc.) YVL B.1 discusses actually the two failure criteria: (N+1) and (N+2) Is SFC applied to passive components? Is SFC applied in addition to assuming failure of a non-tested component? General approach is that the fluid and electric systems are considered to be designed against an assumed single failure if neither (1) a single failure of any active component (assuming Passive Equipment functions properly) nor (2) a single failure of a Passive Equipment (assuming Active Equipment functions properly) results in a loss of capability of the system to perform its Safety Functions. Exemption for passive components exists if justification of high standa rd and quality design and maintenance is possible. Not discussed directly in regulations. See 4 th column on left side. In other words it means that if assessment of potential failure of any single component designed for the function in stand-by (non-tested) system shows the increase in risks above acceptable levels such test/maintena nce should be excluded. YVL B.1 discusses actually the two failure criteria as described in 4 th column on the left side for Finish (STUK). Some systems need to satisfy criteria (N+1) and some (N+2). UK Safety system See IAEA, WENRA, EUR, US NRC above. See IAEA, WENRA, EUR, US NRC above. Japan Structure, System and Components (SSCs) Korean Safety system Russian Safety features (safety systems elements) China Safety system Canadian Safety group/safety Actually, similar to text for IAEA, system A request for an exception during testing and maintenance should be supported by a satisfactory reliability argument covering the allowable outage time WENRA, EUR, US NRC above even that section 7.6.2 of REG-DOC-2.5.2 [54] refers to the old IAEA, Safety Series No. 50-P-1 [7] which was withdrawn without a pplicable replacement.

Traditional SFC application A number of particular considerations may be summarized via the following two main points regarding traditional SFC application, which can be very frequently encountered in the discussions: traditional application of the SFC has, apparently, sometimes led to redundant system components, which contribute to adequate and acceptable safety margins, but may have only minimal impact on risk, based on conventional risk assessment studies. While maintaining adequate safety margins is a major safety objective, the application of the worst single-failure assumption for all DBAs may, in some cases, result in unnecessary constraints on licensees. traditional implementation of the SFC does not consider potentially risksignificant sequences involving multiple (rather than single) failures as part of the DBA analysis. Common-cause failures, some support system failures, multiple independent failures, and multiple failures caused by spatial dependencies and multiple human errors, are phenomena that impact system reliability, which may not be mitigated by redundant system design alone. Some risk-informed alternatives might consider such failures in DBA analyses if they were more likely than postulated single-failure events.

FMEA I&C

Safety Demonstration - Deterministic Approach RG 1.70 FSAR Hierarchy:

Safety Demonstration - Deterministic Approach Accident: Main Steam Line Break (MSLB) FSAR: Chapter 15.1.5 and 6.2 6.3.1 SLB (Core Response) 6.3.2 (CNT Response) 17 (EQ) Calcnotes 617-1 NPSH from RWST to CI pump 617-2 CI pump NPSH from CNT sump 643-1 CI minimal measure flow CN-SA-98-029 SLB MER Review of results and possible deviations from: Limiting Conditions for Operation Surveillance Requirements Precautions and Limiting Setpoints (PLS) Preventive Maintenance 15

Safety Demonstration - Deterministic Approach MSLB - ANS Condition IV - Limiting Faults - USAR 15.1.5 Necessary protection against a MSLB: ECCS actuation PRZR Press Low Set-points, delay, CNT Press High allowable values SL Press Low RTS SI, PRZR press low, OTDT, OPDT, High neutron flux, High Neutron Flux rate, Low-low SG NR LVL Redundant isolation of the main feedwater lines Main steam isolation Set-points, delay, Codes and methodology: LOFTRAN allowable and values THINC (DNBR criteria) Table 15.0.6-1 Trip points and time delays to trip assumed in accident analyses Table 15.0.8-1 Plant systems and equipment available for transient and accident (15.1.5 - ESFAS: AF + SI) Table 15.0.13-1 Single failures assumed in accident analyses (worst failure: one SI train) Table 15.1.5-5 Equipment Most Likely to be used following a MSLB Table 6.2-50 Containment Isolation Valves Application Dynamic Accident Effects: 3B.3 Incident Analysis for the effects of pipe whip, jet spray and missiles on shutdown and ESFAS 3B.4 Incident Analysis for the environmental pipe break effects of pressure, temperature, humidity on electrical and ventilation Review of results and possible deviations from: Limiting Conditions for Operation Surveillance Requirements Precautions and Limiting Set-points (PLS) Preventive Maintenance 16

Safety Demonstration - Deterministic Approach O&M Programs?

Safety Demonstration - Deterministic Approach Environmental qualification Potential HELBs outside containment Environmental qualification Leakages from containment to sourounding rooms 18

Conclusions The nuclear industry and regulation applications either to SFC or/and DiD are not very well harmonized in the international practice. Additional effort is advisable to be made in order to establish more strict and harmonized design requirements with regard to either SFC or DiD to improve safety of nuclear installations in future. (e.g. it is necessity for standard/guideline for SFC demontration assessment - IAEA GSR Part 4 does not discuss SFC) Past experience with application of SFC which was gained over the period of time stretching over half of a century points out to some weaknesses in rigid application of traditional SFC rules. Those include failing to establish reliability of the functions important to safety which would be commensurate with frequencies of challenges to them.

Conclusions It has been many times repeated that traditional design basis analyses (DBA) are conservative because they assume failure of single train. It has been rarely pointed out that the same analyses may be optimistic because they assume that complementary train will succeed for granted. It seems to be advisable to reconsider and adjust the SFC approach for application to the new water-cooled (or other) reactor designs.

END THANKS FOR YOUR ATTENTION! HVALA NA PAŽNJI!

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback