Risk-Informed Changes to the Licensing Basis - I

22.39 Elements of Reactor Design, Operations, and Safety Lecture 12

Fall 2006

George E. Apostolakis Massachusetts Institute of Technology

Department of Nuclea r S c ien ce and Engineering 1

Licensing Basis Changes

These are modifications to a plant’s design, operation, and other activities that require NRC approval.

Regulatory Guide 1.174 (General Guidance) was issued in 1998 and revised in 2002.

In-Service Testing (RG 1.175)

Graded Quality Assurance (RG 1.176)

Technical Specifications (RG 1.177)

In-Service Inspection (RG 1.178)

Department of Nuclea r S c ien ce and Engineering 2

The Integrated Decision-Making Process (RG 1.174)

Comply with Regulations

Maintain Defense-in- Depth Philosophy

Maintain Safety Margins

Integrated Decision Making

Risk Decrease, Neutral , or Small Increase

Monitor Performance

Department of Nuclea r S c ien ce and Engineering 3

Defense In Depth (RG 1.174)

A reason able balance is preserved among p revention of core damage, prevent i on of containment failure, and consequ e nce mitigation.

Over-reliance on programmatic activities to compensate for weaknesses i n plant design is avoided.

System redundancy, independenc e, and diversity are preser ved commensurate with the expected frequen c y, consequences of challe nges to the system, and u n certainties (e.g., no risk outliers).

Defenses against common-cause failures ar e preserved, and the potential for the introduct i on of new common-cause failure mechanisms is assessed.

Indepen d ence of barriers is not degraded.

Defenses against human errors are preserved.

The inte nt of the GDC in Appendix A to 10 CF R P a rt 50 is maintained.

Department of Nuclea r S c ien ce and Engineering 4

Region II

CDF

10 -5

10 -6

Region I

R egi on I

- N o changes

R egi on II

- S mall Changes

- T rack Cum u lative Im pacts

R egion III

- V ery Small Changes

- M ore flexibility with respect to Baseline

- T rack Cum u lative Impacts

Region III

10 -5

10 -4

CDF

Acceptance Guidelines for Core Damage Frequency

Department of Nuclea r S c ien ce and Engineering 5

Uncertainties

Aleatory uncertainty is built into the structure of the PRA model itself.

Epistemic uncertainties:

Paramete r uncertainties are those associated with the values of the fundamental parameters of the PRA model, such as equipment failure rates, initiating event frequencies, a nd human error probabilities that are used in the quantification of the accident sequence frequencies.

In many cases, understanding of certain processes or phenomena is incomplete, and there may be different opinions on how the models should be formulated. Examples: modeling human performance, common cause failures, and reactor coolant pump seal behavior upon loss of seal cooling. This gives rise to mode l uncertainty .

Completeness is not in itself an uncertainty, but a reflection of scope limitations. The problem with completenes s uncertainty is that, because it reflects an unanalyzed contribution, it is difficult (if not impossible) to estimate its magnitude. E xamples: the analysis of some external events and the low power and shutdown modes of operation, and influences of organizational performance.

Department of Nuclea r S c ien ce and Engineering 6

Comparison with Acceptance Guidelines

T he acceptance guidelines were established with the Commission’s Safety Goals and subsidiary objectives in mind, and these goals were intended to be compared with mean values. Therefore, the mean values of the distributions should be used.

F or the distributions generated in typical PRAs, the mean values typically corresponded to the region of the 70th to 80th percentiles, and coupled with a sensitivity analysis focused on the most important contributors to uncertainty, can be used for effective decision-making.

A pproach: Address parametric uncertainty and any explicit model uncertainties in the assessment of mean values; perform sensitivity studies to evaluate the impact of changes in key assumptions or the use of alternate models for the principal implicit m odel uncertainties; and use quantitative analyses or qualitative analyses as n ecessary to address incompleteness as appropriate to the decision and the acceptance guidelines.

Department of Nuclea r S c ien ce and Engineering 7

Important Note

The analysis will be subject to increased technical review and management attention as indicate d by the darkness of the shading of the figure. In the context of the integrated decision -mak ing, the boundaries between regions should not be interpreted as being definitive; the numerical values associated with defining the regions in the figure are to be interpreted as indicative values only.”

Regulatory Guide 1.174

Department of Nuclea r S c ien ce and Engineering 8

Increased Management Attention

Consider:

T he cumulative impact of previous change s and the trend in C D F (the licensee’s risk management approach);

T he cumulative impact of previous changes and the trend in L E RF (the licensee’s risk management approach);

T he impact of the proposed change on opera tional complexity, burd en on the operating staff, and overall safety practices;

P lant-specific performance and other factor s, including, for example, siting f actors, inspection findings, performance indicators, and oper a tional events; and L e vel 3 PR A informa tion, if available ;

T he benefit of the change in relation to its CDF/LE R F increase;

T he practicality of accomplishing the chan ge with a s m aller CDF/LE R F impact; and

T he practicality of reducing C D F/LE RF, in circumstances where there is reason to believe that the baseline C D F/LE R F are ab ove the guideline values (i.e ., 10-4 and 10-5 per reactor year).

Department of Nuclea r S c ien ce and Engineering 9

South Texas Project Experience with Allowed Outage Times

AOTs extended from 3 days to 14 days for emergency AC power and 7 days for Essential Cooling Water and Essential Chilled Water systems.

Actual experience: L ess than 5 days.

Department of Nuclea r S c ien ce and Engineering 10

1

Example: 1-out-of-2 System

Q 1

3

2 T 2



2 CCF T

0 1

standby failure rate

T S urveillance Test Interval

Allowed Outage Time

CCF common-cause failure rate

0 unconditional human error rate

1 conditional human error rate

CDF and LERF can be calculated from the PRA.

Department of Nuclea r S c ien ce and Engineering 11

Phased Approach to PRA Quality

In the 12/18/03 Staff Requirements Memorandum, the Commission approved the imp l ementation of a phased approach to PRA quality.

The phases are differentiated by the availability of standards.

Phase 3 shou ld be achieved by December 31, 2008. Guidance documents will be available to s upport all anticipated applications.

Standard for PRA for Nuclear Power Plant Applications , ASME RA-S-2002.

An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Resu lts for Risk-Informed Activities ,” RG 1.200, February 2004

Department of Nuclea r S c ien ce and Engineering 12

ACRS Interpretations of DiD

Structuralist : DiD i s embodied in the structure of regulations and in the design of the facilities built to comply with those regulations. What if this barrier or safety feature fails?”

Rationalist : DiD i s the aggregate of provisions made to compensate for uncertainty in our knowledge of accident initiation and progression.

Sorens en, J.N., Apos tolakis, G. E., Kress , T.S., and Powers, D.A., O n the Role of Defense in Depth in Risk-Informed Regulation,” Proceedings of PSA ‘99, Internat iona l Topi cal Meeting on Probabil i stic Safety Assessment , pp. 408-413, Washington, DC, August 22 - 26, 1999, American Nu clear Society, La Grang e Park, Illinois.

Department of Nuclea r S c ien ce and Engineering 13

The Concerns

Arbitrary appeals to the structuralist interpretation of defense-in-depth might diminish the benefits of risk- informed regulation.

Strict implementation of risk-based regulation (the rationalist interpretation of defense-in-depth) without appropriate consideration of the structuralist defense-in- depth could undermine the historical benefits.

Department of Nuclea r S c ien ce and Engineering 14

We continue to be surprised

Recent events have shaken our confidence in our assumptions.

“The NRC and DBNPS failed to adequately review, assess, and followup o n relevant operating experience.”

“DBNPS failed to assure that plant safety issues would receive appropriate attention.”

“The NRC failed to integrate known or available information into its assessments of DBNPS’s s afety performance.”

[Davis Besse NPS Lessons-Learned Re port, US NR C , September 30, 2002]

Department of Nuclea r S c ien ce and Engineering 15

The ACRS Pragmatic Approach

Apply defense-in-depth (the structuralist approach) at a high level, e.g., the ROP cornerstones (e.g., IEs, Safety Functions).

Implement the rationalist approach at lower levels, except when PSA models are incomplete. Revert to the structuralist approach in these cases.

Department of Nuclea r S c ien ce and Engineering 16

Risk-Informed Framework

Traditional “Deterministic” Approaches

Unquantified Probabilities

Design-Basis Accidents

Structuralist Defense in Depth

Can impose heavy regulatory burden

Incomplete

Risk- Informed Approach

Combination of traditional and

risk-based approaches

Risk-Based Approach

Quantified Probabilities

Scenario Based

Realistic

Rationalist Defense in Depth

Incomplete

Quality is an issue

Department of Nuclea r S c ien ce and Engineering 17

Benefits (NRC)

Risk-informing regulatory activities have enhanced and extended the traditional, deterministic, by:

Allowing consideration of a broader set of potential challenges to safety,

Providing a logical means for prioritizing these challenges based on risk significance, and

Allowing consideration of a broader set of resources to defend against these challenges

G. Holahan, RIODM Lecture, MIT, 2006

Department of Nuclea r S c ien ce and Engineering 18

Remarks (NRC)

Risk-informed initiatives have enhanced every aspect of reactor regulations

Steady progress is being made to continue the implementation of the Commission PRA policy and direction

Enhanced public safety and a reduction of regulatory burden is resulting in redirection of resources to areas of greater benefit

G. Holahan, RIODM Lecture, MIT, 2006

Department of Nuclea r S c ien ce and Engineering 19

Special Treatment Requirement s

R equirements imposed on structures, systems, and components (SSCs) that go beyond industry-established requirements for commercial SSCs.

Safety-related SSCs are subject to special treatment, including quality assurance, testing, inspection, condition monitoring, assessment, evaluation and resolution of deviations.

Non-safety-related SSCs a re not.

The categorization of SSCs a s s afety-related and non- safety-related does not have a rational basis.

These requirements are very expensive.

The impact of special treatment on SSC performance is not known.

Department of Nuclea r S c ien ce and Engineering 20

Traditional SSC Categorization

Non-Safety Related

Safety-Related

Department of Nuclea r S c ien ce and Engineering 21

SSC Categorization (10 CFR 50.69

RISC - 1

Safety-Related, Safety Significant FV>0.005 and RAW>2

Maintai n C urrent

Requirements

STP: 3,971 (6.0%)

RISC - 2

Non-Safety Related , Safety Significant FV>0.005 or RAW>2

Impose Current

Requirements

STP: 456 (0.7%)

RISC - 3

RISC - 4

Safety-Related , Low Safety Significant FV<0.005 and RAW<2

Maintain Design Basis

Requirements

Non-Safety Related, Low Safety Significant FV<0.005 and RAW<2

No Special Treatment

STP: 13,755 (20.8%)

STP: 47,876 (72.5%)

Importance Measures

Department of Nuclea r S c ien ce and Engineering 22

Traditional

Reactor Oversight Process: Objectives

M ake the oversight process more objec tive, predictable, consistent, and risk-informed.

R educe unnecessary regulatory burden.

I ntegrate inspection, assessme nt, and enforcement processes.

U tilize objecti v e indi cators of performance.

U tilize inspections focused on key safety areas.

A pply greater regulatory attentio n to facilities with performance problems while maintaining a base le vel of regulatory attention on plants that perform well.

R espond to violations in a predictabl e and consistent manner that reflects the safety significance of the violations.

Department of Nuclea r S c ien ce and Engineering 23

NRC’s Overall Safety Missio n

Regulatory Framework

Public Health and Safety as a Result of Civilian Nuclear Reactor Operation

Safeguards

Radiation Safety

Reactor Safety

Strategic Performan c e Areas

Phy s i c al Prote c tion

Publi c Rad i ation Sa fe t y

Occ u pa tio n al Rad i ation Sa fe t y

Em ergency Pr ep a r edn e s s

Ba rri e r Integrity

Mitigating Sy stem s

Initiating Ev ents

Cornerstones

Human

Safety Consciou s

Problem

Perfor m a nce

Work Environment

Identification and

Reso lu tion

Cross-cutting Issu es

Data Sources

Pe r f or m a nce I n dicat or s, NRC Insp ectio n s ,

Other Infor mation Sources

Department of Nuclea r S c ien ce and Engineering 24

Plant Assessment Process

Licensee Action

NRC Inspec tion

Regulatory Action Assessment Report

Public Assessment Meeting

Action Matrix

Enforce m ent

Cornerstones

Cornerstone Assessment

(7 total)

Significance

Determination Process

Inspection

Reactive

Risk Informed Baseline Inspection

C o mplementary , Supplementary , Verification

Performance Indicator

Department of Nuclea r S c ien ce and Engineering 25

Levels of Significance Associated with Performance Indicators and Inspection Findings

CDF < 1E-6

1E-6 < CDF < 1E-5

1E-5 < CDF < 1E-4

CDF > 1E-4

G reen - v ery low risk significance (for PIs: Within peer performance)

W hite - l ow to moderate risk significance

Y ellow - s ubstantive risk significance

R ed - h igh risk significance

Department of Nuclea r S c ien ce and Engineering 26

Lic ens ee R es pons e Co lu mn

R egulat or y R es pons e Co lu mn

D egr ad ed C or n er s t one Co lu mn

M u ltiple Repetitive

D egr ad ed C or n er s t one Co lu mn

U nac c e pt able

Per f or m a nc e Co lu mn

Re su l t s

All as s e s s m ent input s ( per f or m anc e I ndic a t o r s ( P I ) and ins pec t i on f i ndings ) G r een; c or ner s t one o b j e c t iv e s fu lly m e t

O ne or t w o W h it e input s ( i n dif f er ent c or ner s t ones ) in a s t r at egic per f or m anc e ar ea; C or ner s t one ob j ec t ives f ully me t

O ne de gr ad ed c or ner s t one ( 2 W h i t e input s or 1 Yellow input ) or any 3 W hi t e input s in a s t r at egic per f or m anc e ar ea;

c or ner s t one objec t i ves m et w i t h m i nim a l r educ t i on in s a fe ty m a rg in

R epet i t i ve de gr ad ed c o rners t one, m u ltiple degr a ded c or ner s t ones , m u ltiple Yellow inputs , or 1 Re d in p u t 1 ;

c or ner s t one objec t i ves m et w i t h longs t anding is s u es or s i gnif i c a nt r educ t ion in s a fe ty m a rg in

O v er all unac c e pt able per f or m anc e; plant s not p e rm itte d to o p e r a te with in t h is band, unac c e pt able m a rg in to s a fe ty

R e sp on se

R egulat or y C onf er enc e

R out ine Se nior R es i dent I ns pec t or (SRI) in te ra c tio n

Br anc h C h ief ( B C ) or D i vis i on D i r ec t or ( D D ) m eet w i t h Lic ens ee

D D or R egion al Ad min i s t ra to r (RA) me e t w i t h Lic ens ee

EDO (o r Co mmis s io n ) m e et w i t h Senior Lic e ns ee M ana gem e nt

Co mmi ssi o n me e t i n g wi t h Senior Lic ens ee Ma n a g e men t

Lic ens ee Ac t i on

Lic ens ee C or r ec t ive Ac tion

Lic ens ee c or r ec t ive ac t i on with NRC o v e r s i g h t

Lic ens ee s e lf ass e s s m ent with NRC o v e r s i g h t

Lic ens ee per f or m anc e im pr ovem e n t plan w i t h NRC o v e r s i g h t

NRC

I ns pec t i on

R i s k - i nf or m ed bas eline ins pec t i on pr ogr am

Bas e line an d s upplem e n t a l ins pec t i on

950 01

Bas e line an d s upplem e n t a l ins pec t i on

950 02

Bas e line an d s upplem e n t a l ins p ec t i on 950 03

R egulat or y Ac t i ons

N one

D oc um ent r es pons e t o degr a d ing ar e a in as s ess m ent let t er

D oc um ent r es pons e t o degr a d ing c ondit i on in as s ess m ent let t er

1 0 CFR 2 .2 0 4 DFI

1 0 CFR 5 0 .5 4 ( f) le tte r C A L/ O r der

O r der t o m odif y , s us pend, or r e vok e lic ens e d a c tiv i tie s

Comm unicat io n s

A sse s s me n t R epor t

BC o r DD re v i e w / s i gn as s ess m ent r epor t

( w / ins pec t i on plan)

D D r eview / s i gn as s ess m ent r epor t ( w / ins pec t i on plan)

R A r eview / s i gn as s ess m ent r epor t ( w / ins pec t i on plan)

R A r eview / s i gn as s ess m ent r epor t ( w / ins p ec t i on plan)

C o m m i s s i on inf o r m ed

Public A sse s s me n t M eet ing

SRI o r BC m e e t with Lic ens ee

BC or D D m eet w i t h Lic ens ee

R A dis c uss per f or m anc e w i t h Lic ens ee

EDO (o r Co mmis s io n ) dis c uss per f or m anc e w i t h Senior Lic ens ee M ana gem e nt

Co mmi ssi o n me e t i n g wi t h Senior Lic e ns ee M ana gem e nt

I n c r eas ing Saf e t y Signif i c anc e

1 It i s ex p e c t ed in a few lim ited s i tuations that an ins pec tion finding of this s i gnifi c anc e will be identified that i s not indi c a t i ve of over all li c e ns ee per f o r m anc e. The s t af f w ill c ons ider t r eat ing t hes e ins pec t i on f i ndings as ex c e pt ions f or t he pur pos e of det er m i ning ap pr opr iat e ac t i ons .

Department of Nuclea r S c ien ce and Engineering 27

Performance Indicators (1)

Initiating Events

Unplanned Scrams

Scrams with Loss of Normal Heat Removal

Unplanned Power Changes

Mitigating Systems

Safety System Unavailability

Safety System Functional Failures

Barriers

Fuel Cladding (Reactor Coolant System)

Reactor Coolant System (Leak Rate)

Department of Nuclea r S c ien ce and Engineering 28

Performance Indicators (2)

E mergency Preparedness

D rill/Exercise Performance

E mergency Response Organization Drill Participation

A lert and Notification System Reliability

O ccupational Radiati on Safety

O ccupational Exposure Control Effectiveness

P ublic Radiati on Safety

R adiological Effluent Occurrences

P hysical Protection

P rotected Areas Security Equipment Performance Index

P ersonnel Screening Program Performance

F itness-for-Duty/Personnel Reli ability Program Performance

Department of Nuclea r S c ien ce and Engineering 29

Performance Indicators (3)

E mergency Preparedness

D rill/Exercise Performance

E RO D r ill Participation

A lert and Notification System Reliability

O ccupational Radiati on Safety

O ccupational Exposure Control Effectiveness

P ublic Radiati on Safety

R ETS/ODCM Radiological Effluent Occurrence

P hysical Protection

P rotected Areas Security Equipment Performance Index

P ersonnel Screening Program Performance

F itness-for-Duty/Personnel Reli ability Program Performance

Department of Nuclea r S c ien ce and Engineering 30

Examples of Thresholds for PIs

G/W

W/Y

Y/R

Reacto r Safety Unplanned Scrams

3

6

2 5

AFW Unavailability

0.02

0.06

0.12

Publi c Radiatio n Safety Radiological Effluent

7 or more

14 or more

N/A

Occurrences

events in 3 yrs (rolling average);

4 or more in 1 yr

events in 3 yrs (rolling average);

8 or more in 1 yr

Department of Nuclea r S c ien ce and Engineering 31

Objectives of the Significance Determination Process

C haracterize the significance of inspection findings using risk insights

P rovide a framework for communicating potential safety significant findings

P rovide a basis for assessment and/or enforcement actions

Department of Nuclea r S c ien ce and Engineering 32

Significance Determination Process

Specifi c Finding Identified

Stated Concern is Screened for Potential Impact on Risk

Phase I Screenin g

Phase 2

Risk Characterization

Identify the Remaining Mitigation Capability

Determine Likelihood of Scenario Initiating Event vs.

Exposure Tim e

Determine Ri s k As so ciated w ith Most Limiting Scenario

Engage Licensee and NRC Risk Analysts to Refine Results

Department of Nuclea r S c ien ce and Engineering 33

Phase 3 Risk Refinement

(as required)