Reactor Operations and Safety

Andrew C. Kadak Professor of the Practice

22.39

How is Nuclear Plant Safety Managed?

• T here is a close link between:

• C ore Design

• P l a n t D e s i g n

• S afety Analysis

• NRC Requirements

• O perating Requirements

• O rganizational Structure

• M anagement

• S afety Culture

Plant Design to Licensing to Operations

• Vendor proposes reactor plant design

• Vendor performs core and plant design analysis demonstrating power and safety

• Vendor summarizes all analyses in a Safety Analysis report which demonstrates compliance to NRC regulatory requirements – 1 0 CFR Part 50.

• Utility submits Safety Analysis and Environmental Report to NRC for review and acceptance.

• Possible adjudicatory licensing hearings before the Atomic Safety and Licensing Board

Contents of Safety Analysis Report

• G eneral Description

• Site Characteristics

• D esign Criteria SSC

• R eactor Design

• R eactor Coolant Sys.

• Engineered Safety Features.

• I nstrumentation & Controls

• Electric Power

• Auxiliary Systems

• Steam & Power Conversion System

• R adioactive Waste Management

• R adiation Protection

• C onduct of Operations

• I nitial Tests and Operations

• Accident Analyses

• T echnical Specifications

• Q uality Assurance

Roughly 15 - 3 inch thick Notebooks

Chapter 15 Accident Analyses

• B ased on Requirements of 10CFR Part 50 and all appendices – A ppendix K – LOCA

• Includes:

– N ormal Operation and Operational Transients

• L oss of feedwater

– Infrequent Faults

• Small pipe breaks

– Limiting Faults

• L oss of Coolant Accidents

Design Basis Accidents

• O vercooling – i ncrease in secondary side heat removal – steam line break – Pressurized thermal shock

• U ndercooling –decrease in above

• O verfilling – r eactor water

• L oss of flow

• L oss of cooling – L OCA (large and small) STGR

• R eactivity – r od ejection, power anomalies

• Anticipated Transients Without Scram (ATWS)

• External events – tornadoes, earthquakes, floods, etc.

• Beyond Design Basis – Class 9 > leading to meltdown

NRC Requirements

• D eterministic and prescriptive as to how to analyze accidents and allowed assumptions.

• N RC reviews and licenses computer codes used in analysis.

• T he results of the analyses identify operational limits, limiting conditions for operation, test and surveillance requirements - all of which are contained in the Technical Specifications

Key NRC Appendices to 10 CFR 50

• A – G eneral Design Criteria

• B – Q uality Assurance

• G – RV Fracture Toughness Requirements

• H – Reactor Vessel Surveillance Requiremts

• I – A llowed release limits from plant

• J – C ontainment leak rate testing

• K – E CCS rule

• R – F ire Protection

Other Requirements on Licenses

• G eneric Letters

• B ulletins and Orders

• Information Notices

• Maintaining Plant Design Basis current

• C onfirmatory Action Letters

• C ommitments made in response to the above

Design Basis – Licensing Basis

• Design Basis

– H ow the plant is actually designed and works.

• Licensing Basis

– A ll the collected commitments of the licensee to the NRC including the safety analysis reports, technical specifications, etc.

NRC Oversight

• NRC requires compliance to licensing basis:

– T wo resident inspectors per site (plant)

– S pecial inspections on key regulatory issues

– Licensee event reports (LERs)

– E nforcement actions based on performance

– R eactor Oversight Process – “risk informed – performance based”

– H ighly transparent – w eb based

R eacto r Oversight Pr ocess

sareiy

t Penta

Pcrlormance Indicators

Radiation

Most Sipntflcant Inspection Flndlngs

Additional Insp action & Assessment Information

d' Assessment Reports/lnspemion Plans:

3Q/2005

3Q&005

4Q/2004

+ Cross Reference Of Assessment Reports

Last Modifi'ed. November 8, 200fi'

6 List of Inspection Reports

•0' List of Assessment Letters/lnspection Plans

Managing Safety

• T echnical Specifications are the key operational criteria

• P rocedure Based

– O p e r a t i n g

– Abnormal Operating Procedures

– Emergency Operating Procedures

– M aintenance

– E ngineering

– S e c u r i t y

– R adiation Protection (As Low As Reasonably Achievable)

Requires Balance

Skills

Rules Knowledge

Objective

• Maintain Compliance to all NRC Regulations

• O perate within safety envelope

• Maintain Critical Safety Functions

– R eactivity Control

– C ore Heat Removal

– S econdary Heat Removal

– C ontainment Integrity

• Make Electricity !

Safety Envelope

Figure removed for copyright reasons.

Graph from IAEA Publication NS-G-2.2. "Figure A-1. Interrelationship between a safety limit, a safety system setting and an operational limit."

Control Room

Photo of control room removed for copyright reasons.

• T ools include

– A utomatic Trips

– S afety Parameter Display System of Critical Safety Functions

– Risk Monitors

– Key Process and control parameters

Risk Monitor

R eactor P rotectio n System

Tab l e 2:1. I

fir•c‘to r Protec t Fe e sxrt• • Tr a p satrtxgs

Four Beam ter E443anc ew f••

1,

7,

9.

TO.

Ht W Pre]]Wr1Fer

Thermal

y rat

LleJtr

&z 1 #0 oF D^Cod Pow#r

b m LDb p

"Eoo1 and T1o• at th

I F

’Um to

ka Lcr Legal

5D'" Dew aomal

Courtesy of U.S. NRC.

T MT

€0IfTA IIOIEHT PAE 99AE

TIME E}TEF BMF8[ • MO0nD8

Courtesy of U.S. NRC.

Organizational Structure

A Typical Non-Outage Day

• M orning call – w hat happened yesterday, overnight – i ssues – operability status – days since last human error - LCOs

• Risk monitor status – P lant vulnerabilities

• P lan for the day shift – maintenance, tests surveillances

• E lectric Generation

Plant Oversight Processes

• Corrective Action Program

– C orrective Action Review Board

• Q uality Assurance Department Plant Operations Review Committee

• Nuclear Safety Advisory Review Com.

• External Review Boards

• Institute of Nuclear Power Operations

Key Success Safety and Performance Factors

• S afety Culture

• B asic Design of Plant – F ault tolerant

• T raining – O perations, Engineering, Mgt.

• Q uality Assurance – S elf Assessment

• O rganizational Factors – S ustain Safety

• Regulations – Motivate Safety (Risk Informed Regulations)

Culture

• “ The totality of socially transmitted behavior patterns, arts, beliefs, institutions and all other products of human work and thought characteristics of a community or population.”

– D ictionary

Application in a Nuclear Plant - Safety Culture

• N eed to create a “community” that has socially transmitted behaviors, beliefs and work ethics that focus on safety.

• Management must create this community by transmitting behavior patterns that support the safety mission with clarity and without confusion. (production vs safety)

Safety Culture

• V ital ingredient of successful nuclear operations

• Essential to protect plant investment

• If you have it, you know it

• If you don’t have it, everyone knows it !

Attributes of A Good Safety Culture

• T rust People to:

– O perate conservatively

– Make the right technical decisions

– P erform preventive maintenance

– M ake design and operational improvements not because someone ordered you to do it, but because it was the right thing to do.

Basic Attributes

• 1. A prevailing state of mind...

– A lways looking for ways to improve safety

– C onstantly aware of what can go wrong

– S trong feeling of personal accountability

– S ense of pride and ownership in the plant

T. Murley 1989 30

• 2. Disciplined and crisp approach to operations

– C onfident and highly trained staff that is not

complacent

– G ood team work

– C risp communications (clear)

31

• 3. Insistence on sound technical basis for actions.

– P rocedures, design basis and technical documentation is up-to-date.

– P lant design basis well understood by all

– P lant operated within the design basis

• 4 . Rigorous Self- Assessment

– O rganization should be open to problem

finding and facing

– Management should be capable of dealing with bad and good news

– P roblems should be dealt with immediately and not put off

Example: Plant A

• S taff rigorously follows procedures

• Little overtime

• U nplanned shutdowns rare

• P lant shutdown to fix safety problems even though tech specs permit operations

• P rofessional decorum exist in control room

• P lant clean

• Low maintenance backlog

Example Plant B

• P rocedures are viewed as guidelines

• Many management and staff vacancies exist

• F requent scrams

• E quipment allowed to run until it breaks

• H igh maintenance backlog

• P lant runs routinely under LCO

• E quipment out of service for a long time

• P lant has many high radiation areas.

Recent Examples of Failures of Safety Culture

• Davis Besse

– U nwillingness to find out what was going on

– F ocus on Production - not safety

– M anagement set wrong tone

– C omplacency - thought they were good

– O versight groups internal to utility, INPO,

NRC failed to question

– P lant staff didn’t push concerns

Davis Besse Pictures

Photos removed for copyright reasons.

April 17, 1998 February 2002

• Millstone Nuclear Power Station

– T hought they were good

– M anagement focus on reducing costs

– S ignificant staff reductions without a plan

– M any slogans but actions not consistent

– E mployee concerns raised but dismissed

– N o trust in management

– E mployees thought is was just a “job”

Nuclear Plants are Businesses

• P olicies and directions established by the Board of Directors and implemented by CEO.

• C hief Nuclear Officer is the field person

• P ressures of competition and cost are real

• B udgets need to be maintained - i nvestments

• P lants need to operate well

• If not, they will be shut down

• P ublic support is needed

How do you get a good safety culture ?

• D eveloped over time

• C annot be regulated, mandated or delegated

• A wareness of the importance of each and every job

• A wareness of dependency on other to do the right thing

• K een understanding that you are personally responsible for the people who work at the plant and the public

Role of Top Management

• S et tone and example

• K now what is going on

• D o not delegate safety

• A ttention to detail

• S taff must believe in and respect top management

• H ire people who have good work ethic

• C ommitment to safety that goes beyond slogans and posters and meetings.

How to Keep a Safety Culture ?

• Avoid complacency - hard to do..

• S afety culture is fragile - delegate balance of people, problems and pressures

– Requires strong internal communications

• F oster identification and resolution of problems - no shooting messenger !

• M aintenance of trust in the organization and its value system

• Motivate people to do the right thing

Maintenance of Safety Culture

• P eople are an important “safety system”

• O rganizational behavior issues are as important as plant components in assuring safety

• M anagers and supervisors must be trained in dealing with people and open communications.

• P eople should understand the importance of their job in the overall success of the plant.

Summary

• N uclear plants are complex man-machines.

• N RC regulations do not ensure safety – they establish requirements which if met will help.

• T he utility determines whether the plant is safe or not.

• T he management of the utility is part of the plant’s safety system as are all the employees.

• S afety culture as set by senior management will determine the plant’s economic and safety success.

Homework Assignment

• R eview NRC Bulletin 2002-01 to identify the events that lead to the Davis Besse reactor vessel head degradation.

• R esearch the studies performed following the discovery of the degradation and provide a summary of the breakdowns by the utility, INPO and the NRC that could have avoided this situation.

• P repare a short summary highlighting the failures of each organization.

• P rovide a rough estimate of the cost to FENOC of this lapse in both lost revenue and cost.