Operational Reactor Safety

22.091 /22.903

Professor Andrew C. Kadak Professor of the Practice

Safety Goals

Risk Informed Decision Making Lecture 12

Topics to be Covered

• Safety Goals

• Subsidiary Safety Goals

• Risk informed decision making

• Criteria for acceptance of design changes

• Risk informed framework

Quantitative Safety Goals

• Early and latent cancer mortality risks to an individual living near the plant should not exceed 0.1 % of the background accident or cancer mortality risk:

5 x 10 -7 per year for early death and, 2 x 10 -6 for death from cancer.

• The prompt fatal i t y goal appl ies to an aver age indi vi dual l i v i ng i n the region betw een the site boundary and 1 mile beyond this boundary.

• The latent cancer fatality g oal applies to an average i ndi vi dual livi n g in the region betw een the site boundary an d 10 mi l e s beyond this boundary.

Source unknown. All rights reserved. This content is excluded from our Creative Commons license. For more information, see http://ocw.mit.edu/fairuse .

Societal Risks

• Annual Individual Occupational Risks

• All industries 7x10 -5

• Coal Mining: 24x10 -5

• Fire Fighting: 40x10 -5

• Police: 32x10 -5

• US President 1 ,900x10 –5 (!)

• Annual Public Risks

• Total 870x10 -5

• Heart Disease 271x10 -5

• All cancers 200x10 -5

• Motor vehicles: 15x10 -5

Source unknown. All rights reserved. This content is excluded from our Creative Commons license. For more information, see http://ocw.mit.edu/fairuse .

De pa r t me nt of Nuc l ea r Sc ie nce & Engi nee r ing

Prof. Andrew C. Kadak, 2008 Page 4

From: Wilson & Crouch, Ri s k /Benefit Analysis, Harvard University Press, 2001.

Subsidiary Goals

• The average core damage frequency (CDF) should be less than 10 -4 /reactor year (once every 10,000 reactor years)

• The large early release frequency (LERF) should be less than 10 -5 /reactor year (once every 100,000 reactor years)

Source unknown. All rights reserved. This content is excluded from our Creative Commons license. For more information, see http://ocw.mit.edu/fairuse .

Large Early Release Frequency

 LERF is being used as a surrogate for the early fatalities.

 It is defined as the frequency of those accidents leading to significant, unmitigated releases from containment in a time frame prior to effective evacuation of the close-in population such that there is a potential for early health effects.

 Such accidents generally include unscrubbed rele ases associated with ear l y containment failur e at or shortly after ve ssel breach, containment bypass events, and loss of containment isolation.

Source unknown. All rights reserved. This content is excluded from our Creative Commons license. For more information, see http://ocw.mit.edu/fairuse .

PRA Model Overview and Subsidiary Objectives

Leve l I Leve l II Leve l III

QHO

PLAN T MODE

At-power Operation Shutdown / Trans ition Evolutions

SCOPE

Internal Events External Events

De pa r t me nt of Nuc l ea r Sc ie nce & Engi nee r ing

Prof. Andrew C. Kadak, 2008 Page 7

Risk-Informed Decision Making

for Licensing Basis Changes (RG 1.174, 1998)

10 -5

10 -6

Region I

Region II

Region III

R egi on I

- No changes R egi on II

- S mall Changes

- T rack Cum u lative Im pacts R egion III

- V ery Small Changes

- More flexibility with respect to Baseline

- T rack Cum u lative Impacts

10 -5

10 -4

CDF

Acceptance Guidelines for Core Damage Frequency

Important Note

“ The analysis will be subject to increas ed technical review and management attention as indicated by the darkness of the shading of the figure. In the context of the integrated decision-making, the boundaries between regions should not be interpreted as being definitive; the numerical values associated with defining the regions in the figure are to be interpreted as indicative values only.”

Regulatory Gui d e 1.174

Source unknown. All rights reserved. This content is excluded from our Creative Commons license. For more information, see http://ocw.mit.edu/fairuse .

Increased NRC Management Attention

Consider:

• The cumulative impact of previous chan ge s and the trend in CDF (the licensee’s risk management approach);

• The cumulat i ve impact of previous chan ges and the trend in L E R F (the licensee’s risk management approach);

• The impact of th e propos ed ch ange on op erational complexity, burd e n on the operating staff, and overall safety practices;

• Plant-specific performance and other factors, including, for example, siting factors, inspect ion findings, performance indicato rs, and op erational events; and Level 3 PRA information, if available ;

• The ben e fit of the ch ange in relation to its CDF/L E R F increase;

• The practicality of accomplishing the chan ge with a smaller CDF/L E R F impact; and

• The practicality of reducing CDF/L E R F, in circumstances wh ere th ere is reason to believe that the b a seline CDF/L E R F are abov e the guideline values (i.e., 10- 4 and 10- 5 per reactor year).

Defense In Depth (RG 1.174)

• A reasonable balance is preserved among preventi on of core damage, prevention of containment failu re, and consequence mitigation.

• Over-reliance on programmatic activitie s to compensate for weaknesses in plant design is avoi ded.

• System redundancy, independence, and diversity are preserved commensurate with the expected fre quency, consequences of challenges to the system, and uncertainti es (e.g., no risk outliers).

• Defenses against common-cause failure s are preserved, and the potential for the introduction of new c o mmon -cause failure mechanisms is assessed.

• Independence of barriers is not degraded.

• Defenses against human errors are preserved.

• The intent of the GDC in Appendi x A to 10 CFR Part 50 is maintained.

Uncertainties

• Aleatory uncertainty is built into the st ructure of the P RA model itself. (random uncertainty – w h e n pump fails)

• Epistemic uncert ainties:

 Paramete r uncertaint ies are th ose ass o ciated with the values of the fundamental parameters of the PRA mode l, such as equipment fa ilure rates, init iating event frequencies, and human er ror prob abilities that are used in the quantif ication of the accident sequence frequencies.

 In many cases, understanding of certain processes or phenomena is incomplete, and there may be different opinions on ho w the models should be formulated. E xamples: modeling human performance, common cause failures, and reactor coolant pump seal be h avior up on loss of seal cooling. This gives rise to mode l uncertainty .

 Completeness is not in itself an un certainty, but a reflection of scop e limitatio ns. The problem with completenes s uncertainty is that, because it reflects an un an alyzed contribution, it is difficult (if not impossible) to estimate its magnitude. E xamples: the anal ysis of some external even ts and the low power and shutdown modes of operat ion, and inf l uences of organizat ional performance.

Comparison wit h Acceptance Guidelines

• The acceptance gui delines w e re es tablished w ith the Commission’s Safety Goals and subsidiary objectives in mi nd, and these goal s w e re intended to be compared with mean val ues. Therefore, the mean val ues of the dist ributions should be used.

• For the di stributi ons generated i n typical PRAs , the mean val u es typi ca lly corresponded to the region of the 70th to 80th percent iles, and coupled w ith a sensitivi t y analysis focused on the most important contributors to uncertainty, can be used for effective d eci s ion-making.

• Approach: Address parametric uncertainty and any explicit model u ncertainties in the assessment of mean val ues; perfor m sensitivity studies to evaluate the impact of changes in k e y assumptions or the use of alternate models for th e principal im plicit mode l uncertainties; and use quanti tati ve analyses or qual i t ative anal yses as necessary to addres s incompleteness as appropriate to the decision and the acceptance guideli n es.

Source unknown. All rights reserved. This content is excluded from our Creative Commons license. For more information, see http://ocw.mit.edu/fairuse .

The Significance Determination Process

• Characterizes the significance of inspection findi ngs using risk insights

• Provides framework for communicating potential safety- significant findings

• Provides basis for assessment and/or enforcement actions

Levels of Significance Associated with Performance Indicators and Inspection Findings

• Green - v ery low risk significance (for PIs: Within peer performance)

• White - low to moderate risk significance

• Y e llo w - s ub stanti ve ri sk significance

• Red - h igh risk significance

Phased Approach to PRA Quality

• In the 12/18/03 Staff Requirements Memorandum, the Commis sion approved the implementation of a phased approach to PRA quality.

• The phases are differentiated by the availability of standards.

• Phase 3 should be achieved by December 31, 2008. Guidance documents will be available to support all anticipated applications.

• Standard for PRA for Nuclear Power Plant Applications , ASME RA-S- 2002.

• “ An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities ,” RG 1.200, February 2004

Source unknown. All rights reserved. This content is excluded from our Creative Commons license. For more information, see http://ocw.mit.edu/fairuse .

Risk-Informed Framework

Traditional “Deterministic” Approaches

• Unquantified Probabilities

• Design-Basis Accidents

• Structuralist Defense in Depth

Risk- Informed Approach

• Combination of traditional and

risk-based

Risk-Based Approach

• Quantified Probabilities

• Scenario Based

• Realistic

• Can impose heavy regulatory burden

• Incomplete

approaches

• Rationalist Defense in Depth

• Incomplete

• Quality is an issue

Safety Monitor

MIT OpenCourseWare http://ocw.mit.edu

22.091 Nuclear Reactor Safety

Spring 200 8

For information about citing these materials or our Terms of Use, visit: http://ocw.mit.edu/terms .