Design Requirements – S afety and Critical Safety Functions

22.39 Elements of Reactor Design, Operations, and Safety Lecture 6

Fall 2006

George E. Apostolakis Massachusetts Institute of Technology

The Hazard (some fission-product isotopes)

Isotope Half-Life Volatility Healt h Hazard

131 I

89 Sr

106 Ru

137 Cs

Decay Heat

10 -1

10 -2

10 -3

10 -4

10 -1 1

10 10 2

10 3

10 4

10 5

10 6

10 7

10 8

T ime After Shutdown(s)

1- hour 1-day 1-week 1-month 1-year

seconds

Department of Nuclea r S c ien ce and Engineering 3

Source: Todreas & Kazi mi, Vol. 1

CRITICAL SAFETY FUNCTIONS HARDWARE / TRAINING / PROCEDURES / CULTURE

KEEP FISSION P R ODUCTS WITHIN THE FUE L

• Control Reactor Power Control reactivit y additions Shutdown reliabl y

• C ool the Reactor and Spent Fuel Maintain coolant inventory Maintain coolant flow Maintain coolant heat sinks

KEEP RADIOACT IVE MATERIAL OUT OF THE BIOSPHERE

• Maintain Containment Integrity Prevent over-pressuri zation Prevent over-heating Prevent containment b ypass

• Capture Material Within Contain m ent Scrubbing

Deposition Chemi cal capture

SHIELD PERSONNEL FROM RADIATION

Department of Nuclea r S c ien ce and Engineering 4

Emergency Safety Functions

Reactor Safety Stu d y,

WASH-1400

(U.S. A t omic Ene r gy Agency)

Department of Nuclea r S c ien ce and Engineering 5

PWR SYSTEMS USED TO PERFORM EMERGENCY FUNCTIONS: ECI

Reactor Safety Study, WASH-1400

Department of Nuclea r S c ien ce and Engineering 6

PWR SYSTEMS USED TO PERFORM EMERGENCY FUNCTIONS: ECR

Department of Nuclea r S c ien ce and Engineering

Reactor Safety Study, WASH- 1 7 400

PWR SYSTEMS USED TO PERFORM EMERGENCY FUNCTIONS: PARR

Reactor Safety Study, WASH-1400

Department of Nuclea r S c ien ce and Engineering 8

PWR SYSTEMS USED TO PERFORM EMERGENCY FUNCTIONS: PAHR

Reactor Safety Study, WASH-1400

Department of Nuclea r S c ien ce and Engineering 9

TIMING OF MAJOR EVENTS FROM 1940s TO PRESENT (1 of 2), NUREG/CR-6042, 1994

TIMING OF MAJOR EVENTS FROM 1940s TO PRESENT (2 of 2) ) , NUREG/CR-6042, 1994

Siting Criteria (10 CFR 100)

• Consideration of:

 Ch aract eristics of reactor design

 Population ch aracteristics, exclusion area , low p o p u lation zone, p op ulation center dis tance

 Assume a bounding fiss io n product release base d on a major accident

 Define an exclusion area of such s i ze th at an individual located a t any p o int on its boundary for two hours imme diate l y following the accident would not receive a total radiation dose to th e wh ole body in excess of 25 rem (250 mSv) or a total radiation d o se in excess of 300 rem (3000 mSv) to the thyroid from iodine exposure.

 Define a low p o p u lation zone of su ch size that an individual located at any point on its outer bound ary wh o is exp o se d to the radioactive cloud d u ring the entire period of its passage would not recei ve a total radiation d ose t o the wh ole body in excess of 25 rem (250 mSv) or a total radiation dose in excess of 300 rem (3000 mSv) to the thyroid from iodine exp o sure.

 A pop u lation center distance of at least 1.33 times the distance from the reactor to the ou ter boun dary of the pop u lation center distance

 Seismology, meteorology, geology, hydrology.

General Design Criteria (10 CFR 50 Appendix A)

http:// w ww.nrc.gov/reading-rm/doc-coll ections/cfr/part050/

• The principal design criteria establish the necessary design, fabrication, construction, testing, and performance requirements for structures, systems, and components importan t t o safety ; that is, structures, systems, and components that provide reasonable assurance that the facility can be operated withou t undu e ris k t o the healt h an d safet y o f th e public .

• Six major categories:

 Overal l requirements

 Protection by multiple fission product barriers

 Protection and reactivity control systems

 Fluid systems

 Reactor containment

 Fuel and reactivity control

The Single-Failure Criterion

• “Fluid and electric systems are considered to be designed against an assumed single failu re if neither (1) a sin g le fail ure of any active component (assumin g passive components function properly) nor (2) a single failure of a passive component (assum ing active components function properly), results in a loss of the capability of the system to perform its safety functions.”

• The intent is to achieve high relia bility (probability of success) without quantifying it.

• Looking for the worst possible single fail ure leads to better system understanding.

GDC 10 and 11

• Criteri on 10--Reactor design . The reactor core and associated coolant, control, and protection systems sh all be designed with appropriate margin to assure that specified acceptable fuel design limits are not exceeded during any condition of normal operation, including the effects of anticipated operational occurrences.

• Criteri on 11--Reactor inherent protection . The reactor core and associated coolant systems shall be designed so that in the power operating range the net effect of the prompt inherent nuclear feedback characteristics tends to compensate for a rapid increase in reactivity.

GDC 35

• An ECCS must be designed to withstand the following postulated LOCA: a double-ended break of the largest reactor coolant line, the concurrent loss of offsite power, and a single failure of an active ECCS component in the worst possible place.

Defense in Depth

“Defense-in-Depth is an element of the Nuclear Regulatory Commission’s safety philosophy that employs successive compensatory measures to prevent accidents or mitigate damage if a malfunction, accident, or naturally caused event occurs at a nuclear facility.”

[Commi ssion’s White Paper, USNRC, 1999]

DEFENSE-IN-DEPTH MU LTILAYER PROTECTION FROM FISSION PRODUCTS

NUREG/CR-6042, 1994. 18

DEFE NSE-IN-DEP TH, SAFET Y STRATEGIES

NUREG/CR-6042, USN RC, 1994.

NRC’s Overall Safety Missio n

Strategic Performan c e Areas

Reactor Oversight Process

Public Health and Safety as a Result of Civilian Nuclear Reactor Operation

Cornerstones

Cross-cutting Issu es

Human Perfor m a nce

Safety Consciou s Work Environment

Problem Identification and Reso lu tion

Data Sources

Pe r f or m a nce I n dicat or s , NR C I n spect i ons , Ot he r Sour c es

CHAPTER TITLES FROM RG 1.70 REV. 3 STANDARD F O RMAT AND CONTENT OF SAFETY ANALYSIS

REPORTS FOR NUCLEAR POWER PLANTS

Chap ter 1 I n t roduction an d General Descr i ption of Plant Chap ter 2 S ite Characteristics

Chap ter 3 D esign of Structures, Componen ts, Equipmen t,

and Systems

Chap ter 4 R eactor

Chap ter 5 R eactor Coolant Sy stems a nd Con n ected Sys t ems Chap ter 6 E ngineered Safety Feat ures

Chap ter 7 In s trumentation an d C ontrols

Chap ter 8 E lectri c Pow e r

Chap ter 9 A uxiliary System s

Chap ter 10 Steam an d Pow e r Conversion Sy s t em Chap ter 11 Radioactive Waste Management Chap ter 12 Radiation Protection

Chap ter 13 Cond uct of Operations

Chap ter 14 Initial Test Program

Chap ter 15 Accident Analysis

Chap ter 16 Technical Specifications

Chap ter 17 Quality Assurance

NUREG/CR-6042, USN RC, 1994.

Design Basis Accidents

• A DBA is a postulated accident that a facility is designed and built to withstand without exceeding the offsite exposure guidelines of the NRC’s siting regulation (10 CFR Part 100).

• Each DBA includes at least one significant failure of a component. In general, fail ures beyond those consistent with the single-failure criterion are not required (unlike in PRAs).

NUREG/CR-6042, USN RC, 1994.

REACTOR FACILITY CLASSIFICATION OF P OSTULATED ACCIDENTS AND OCCURRENCES

Department of Nuclea r S c ien ce and Engineering 23

U.S. Atomic Energ y Commission, 1973.

REPRESENTATIVE INITIATING EVENTS

TO BE ANALYZED IN SECTION 15.X.X OF THE SAR

1. In c r e a s e i n H e a t Remova l b y th e S e c o nd a r y System

1.1 F e e d wa t e r syst em m a lfu n c t i o n s t h a t re su l t s i n a de c r e a se i n fe e d wa t e r t e m p e r a t u r e .

1.2 F e e d wa t e r syst em m a lfu n c t i o n s t h a t re su l t i n a n i n c r e a s e i n fe e d wa t e r f l o w .

1. 3 S t e a m pre s sure r e g u l a t o r m a lf u n c t i on or fa i l u re t h a t resu l t s i n i n c r ea s i ng st e a m fl o w .

1 . 4 I nadv e r ten t open i n g o f a s t e am gene r a to r r eli e f o r sa f ety valv e .

1 . 5 S pec t r um o f s t e a m s y s t e m p i ping f a ilu r e s in s i de and out s i de o f c onta i nmen t in a P W R .

2 . D ec r ea s e i n He a t R e m ova l b y t h e S e c on d ar y S ys t e m

2 . 1 S te a m p r e s s u r e s r e gula t o r m a l f u n c tion o r f a i l u r e th a t r e su l t s i n de c r ea s i ng st ea m f l o w .

2 . 2 L o s s o f ext e r nal el e ct r i c l oad.

2. 3 T u r bi n e tr i p ( s t op v a l v e c l o s ure).

2 . 4 I nadv e r ten t c l osu r e o f ma i n s t e a m i s olat i o n v a lve s .

2 . 5 L o s s o f conden s e r vacuu m .

2. 6 C o i n c i d e n t l o ss o f o n s i t e a n d e x t e r n a l ( o ffs i t e ) a. c. p o wer t o t h e st a t i o n .

2. 7 L o ss o f norm a l fee d wa t e r f l o w .

2 . 8 F eed w a t e r p i ping b r eak .

3. De cr e a s e i n Re a c to r C o o l a n t Sy ste m F l o w Rate

3 . 1 S ingl e and mu l tip l e r e ac t o r coo l ant pump t r ip s .

3 . 2 BWR r ec i r cul a tion loop cont r o l l e r ma l f unct i ons tha t r e su l t i n d e c r ea s i ng f l o w r a te .

3 . 3 Re a cto r coo l ant pump sh a f t s e i zu r e .

3 . 4 Re a cto r cool a nt p u m p s ha f t b r e a k.

Department of Nuclea r S c ien ce and Engineering 24

NUREG/CR-6042, USN RC, 1994.

REPRESENTATIVE INITIATING EVENTS

TO BE ANALYZED IN SECTION 15.X.X OF THE SAR (cont.)

4. Re a c ti v i t y a n d P o we r Distr i b u ti o n A noma l i e s

4. 1 U n cont r o l led cont r o l r o d a s se mbly w i thd r a w s f r o m a s ubc r i t ic a l o r lo w po w e r st a r tup cond i t i o n ( a s s u m ing the m o s t u n f a vo r a bl e r e a c t i vi ty c o nd i t i o n s o f t h e c o r e a n d r e a c t o r cool a n t s y st e m ), i n c l u d i ng c o n tr o l r o d o r t e m p o rar y c o n t ro l d e v i c e re m o v a l error duri n g r e fu e l i n g .

4. 2 U n cont r o l led cont r o l r o d a s se mbly w i thd r a w s a t t h e p a rt i c u l a r pow e r l e v e l (ass u m i n g t h e m o s t u n f a vo r a ble r e a c tiv i ty c o ndit i ons o f t h e c o r e and r e ac t o r coo l ant sy s t e m ) tha t yi e l d s t h e m o s t s e v e re re s u l t s (l o w p o wer t o f u l l p o w er) .

4. 3 C o n t r o l r o d m a lo pe r a tion ( s y s t e m m a l f u n c t io n o r op e r ato r e r r o r ) , in c l uding m a lope r a tion o f pa r t l e ngth c o nt r o l r o d s .

4. 4 A m a l f unc t i on o r f a i l u r e o f t h e f l ow cont r o l le r in BW R lo op tha t r e s u l t s in an inco r r e c t te m p e r a t u re.

4. 5 A m a l f unc t i on o r f a i l u r e o f t h e f l ow cont r o l le r in BW R lo op tha t r e s u l t s in an inc r e a s e d re a c t o r c o o l a n t fl o w r a t e .

4. 6 C h e m i c a l a nd vol u m e c o n t rol s y st e m m a l f u n c t i o n t h a t re s u l t s i n a de c r e a s e i n t h e boron con c ent r a t ion in the r eac t o r c o olan t o f a P W R .

4 . 7 I n a d v e rt e n t l o ad i n g an d o p e ra t io n o f a f u el as s e mb l y i n an i m p r o p e r p o sit i o n .

4 . 8 S pe c t r u m o f r o d e j e c ti on ac c i de n t s i n a P W R .

4 . 9 S pe c t r u m o f r o d d r o p a c c i de n t s in a BW R .

5 . I n c r ea s e i n R ea c t o r C o ol a n t In ve n t ory

5. 1 I n a d v er t e n t o p e r a t i o n of E C C S duri n g p o we r o p e r a t i o n s .

5. 2 C h e m i c al an d v o lu m e c o n t r o l sy s t e m m a l f u n c t i o n ( o r o p e r a t o r er r o r ) t h at in cr e a s e s r e act o r coo l ant inven t o r y

5. 3 A n u m b e r o f B W R t r a n s i e n t s , i n c l u d i n g i t e m s 2 . 1 t h rough 2 . 6 a n d i t e m 1. 2 .

Department of Nuclea r S c ien ce and Engineering 25

NUREG/CR-6042, USN RC, 1994.

REPRESENTATIVE INITIATING EVENTS

TO BE ANALYZED IN SECTION 15.X.X OF THE SAR (cont.)

6 . D e c r ea s e i n R e ac t o r C ool a n t I nv e nt o r y

6. 1 In a d v er t e n t o p e n i ng of a press uri z er safet y or r e l i ef v a l v e i n a PW R or a s af e t y or re l i ef v a lv e in a B W R .

6 . 2 B r e a k in in s t r u m ent lin e o r othe r lin e s f r om r ea c to r c oolan t p r e s s u r e bounda r y t h at pen e t r a t e c onta i nmen t .

6 . 3 S te a m g e ne r a t o r tub e f a ilu r e .

6 . 4 S pec t r um o f BWR st eam s ys t em piping f a i l u r e s ou t s i de of con t ain m ent .

6 . 5 L o s s - o f - cool a nt a cc i dent s r e su l ting f r om the sp e ct r u m o f pos t ula t ed p i ping b r eak s w i t hin th e r e a cto r cool a nt p r e s su r e bounda r y , i nclud i n g s t e a m line b r e a ks in s i de o f c onta i nmen t in a B W R .

6 . 6 A nu m be r o f BWR t r an s i e nt s , inc l uding it e m s 2 . 7, 2.8 , and 1.3 .

7 . R ad i oac t i v e R e l e as e f r o m a S u b sy s t e m o r C o m p o n e n t

7.1 R a d i o a c t i v e g a s wa st e s y st e m l e a k or fa i l u re .

7. 2 R a d i o a c t i v e l i q u i d w a st e s y st e m l e a k or f a i l ure .

7 . 3 P os t ula t ed r a dioa c tiv e r e l ea s e s due t o l i quid tank f ai l u r e s .

7 . 4 D e s ign b a si s f ue l hand l i ng acc i dent s in t he conta i nmen t a n d s pent f ue l s t o r ag e bui l ding s .

7 . 5 S pent f uel c a sk d r op a c cid e nt s .

Department of Nuclea r S c ien ce and Engineering 26

NUREG/CR-6042, USN RC, 1994.

Emergency Core Cooling System (ECCS) (January 1974, 10 CFR 50.46)

• Postulate several LOCAs of differen t sizes and locations to provide assurance that the most severe LOCAs are considered.

• Postulate concurrent loss of offsit e or onsite power and the most damaging single failure of ECCS equipment (GDC 3 5 ).

• Acceptance Criteria

 Peak claddin g temperature cannot exceed 2200 ºF (1204 ºC)

 Oxidation cannot exceed 17% of cladding thickness

 Hydrogen generation from hot cladding-steam interaction cannot exceed 1% of its potential

 Core geometry must be coolab le

 Long-term cooling must be provided

Seismic Design Basis

• Operating Basis Earthquake (OBE) : the largest EQ that could reasonably be expected to affect the plant site during the operating life of the plant and for which the plant is designed to continue operating without undue risk to the health and safety of the public.

• Safe Shutdown Earthquake (SSE): the maximum potential EQ considering local conditions and history. The plant may be damaged but it can be safely shut down.

What is License Renewal?

• Atomic Energy Act

– 40-year license to operate

– Allows for renewal

• License will expire for four plants in 2009 and for an additional 25 plants by 2015.

• 10 CFR Part 54 allows a new licen se to be issued to operate for up to 20 years beyond the current term

• Application submittal not earlier than 20 years before expiration of current license

Principles of License Renewal

• The regulatory process is ade quate to ensure the safety of all currently operating plants, with the possible exception of the detrimental effects of aging on certain SSCs.

• 10 CFR 54 focuses on managing the adverse effects of aging.

• Plant-specific licensing basis must be maintained during the renewal term in the same manner and to the same extent as during the original licensing term.

Renewal Process

Re g i o n Re p o r t

AC R S

Re v i e w

A CRS

Re p o r t

R e v i e w s a f e ty im p a c t s i n a c co r d an ce w i t h

Pa r t 5 4

Sa f e ty Ev a l u a t i o n

Re p o r t

Hea r i n g s *

Ag en cy D e c i s i on on A p p l ic a tio n

R e vi e w e n v i r o nme n t a l i m p a c t s i n a c c o r da nc e w ith Pa r t 5 1

Sc o p i n g

Dr a f t

Su p p l e m e n t to G E I S

C o mme n t s on D r a f t

Fin a l

Su p p le m e n t to G E I S

F o r m a l P u b l i c P a r tic ip a ti o n * I f a r e q u e s t f o r he ar i n g i s g r a n t e d .

License Renewal Application (1)

• Integrated plant safety assessment

– Identify “passive” a nd “long-lived” SSCs i mportant to safety, e.g., vessel, RCS pipi ng, SGs, pump casings, valve bodies. (Aging effects on “active” SSCs are readily detected and corrected by existing programs.)

– Describe and justify scoping and screening methodology

– Demonstrate aging effects will be managed either by existing or new programs

License Renewal Application (2)

• Evaluate time-limited aging analyses and exemptions (assumptions made during design of plant about its lifetime must be revisited and shown to be valid for extended operation)

• Final safety analysis report supplement

• Technical specification changes

• Environmental report

License Renewal Program Status

• Renewed licenses issued for 26 units at 15 plants

• Applications for 18 units at 9 plants under review

• Applications for additional 8 units at 6 plants forecasted through 2005

10 CFR Part 52

Future Licensing Process

O pt i ona l P r e - A p p lic a tio n

Re v i e w

Comb i n e d

L i cen s e R e v i ew , H e a r i ng, a nd

D eci s i o n *

St an da r d D e s i gn C er t i f i c at i on Or

E qu i val e nt D e s i gn I nf o r m a t i on*

* A c o m bi ned l i cens e a ppl i cat i on ca n re fe re n c e a n e a rl y si t e p e r m i t , a s t a n d a r d d e s i g n c e r ti f i c a ti o n , b o th , o r

ne i t her . I f an e ar l y s i t e perm i t an d/ o r a s t andar d des i g n cer t i f i c at i o n i s no t

r ef er en ced, t h e ap pl i cant mus t pr ov i d e a n e q u i v a le n t le v e l o f i n f o r m a t i o n in t h e co m b i n ed l i cens e a ppl i cat i o n

Goals for Part 52 Process

• Stable and predictable licensing process

• Resolve safety and environmental issues before authorizing construction

• Reduce financial risks to licensees (COL)

• Enhance safety and reliability through standardization of nuclear plant designs