NOT PROTECTIVELY MARKED. REDACTED PUBLIC VERSION HPC PCSR3 Sub-chapter 17.4 Conclusions of the HPC ALARP Assessment NNB GENERATION COMPANY (HPC) LTD

Transcription

1 Page No.: i / iii NNB GENERATION COMPANY (HPC) LTD HPC PCSR3: CHAPTER 17 COMPLIANCE WITH ALARP SUB-CHAPTER 17.4 CONCLUSIONS OF THE HPC ALARP ASSESSMENT { PI Removed } uncontrolled Published in the United Kingdom by NNB Generation Company (HPC) Limited, 40 Grosvenor Place, Victoria, London SW1X 7EN. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, including photocopying and recording, without the written permission of the copyright holder NNB Generation Company (HPC) Limited, application for which should be addressed to the publisher. Such written permission must also be obtained before any part of this publication is stored in a retrieval system of any nature. Requests for copies of this document should be referred to NNB Generation Company (HPC) Limited, 40 Grosvenor Place, Victoria, London SW1X 7EN. The electronic copy is the current issue and printing renders this document

2 Page No.: ii / iii APPROVAL SIGN-OFF: DOCUMENT CONTROL REVISION HISTORY { PI Removed } { PI Removed } { PI Removed } Text within this document that is enclosed within brackets { } is Sensitive Nuclear Information, Sensitive Commercial Information or Personal Information and has been removed.

3 Page No.: iii / iii TABLE OF CONTENTS 1. CONCLUSIONS REFERENCES... 5

4 Page No.: 1 / 5 SUB-CHAPTER 17.4 CONCLUSIONS OF THE HPC ALARP ASSESSMENT 1. CONCLUSIONS UK Health and Safety Legislation [Ref. 1] requires that companies conduct their operations such that the risk to their workers and members of the public is reduced So Far As Is Reasonably Practicable (SFAIRP). In the context of new nuclear power plants, this duty requires that all measures are taken by designers and dutyholders to minimise radiation doses to workers and members of the public, providing that the cost (whether in money, time or difficulty) of such measures is not disproportionately large compared with the benefits achieved [Ref. 2] [Ref. 3]. This is the principle of As Low As Reasonably Practicable (ALARP) and demonstration that risks are reduced ALARP meets the legal duty as defined by SFAIRP. The Office for Nuclear Regulation (ONR) has issued guidance which sets out the expectations from the Licensee regarding the application of the ALARP principle for new civil nuclear reactor designs [Ref. 4]. In order to demonstrate that the ALARP principle is met for the Hinkley Point C (HPC) EPR design, the following main aspects have been considered, in accordance with ONR expectations: 1) A demonstration of Relevant Good Practice, including a review of the design against applicable international/national standards, and a review of the design against the NNB GenCo (HPC) Nuclear Safety Design Principles (NSDAPs). 2) A rationale for the evolution of the proposed design, demonstrating the improvements made over predecessor designs and explaining why the chosen design options were selected. 3) A presentation of the Probabilistic Safety (PSA) results to show, ideally, that the radiological risk levels from operating the facility meet the risk targets in the NSDAPs (and therefore the defined UK ONR guidelines). 4) Arguments that no further reasonably practicable improvements could be implemented to improve the design and that the risk has therefore been reduced to ALARP. Chapter 17 of the UK EPR Generic Design (GDA) Final Consolidated Pre-Construction Safety Report (PCSR) [Ref. 5] provided the demonstration that the design of a generic UK EPR complies with the overall requirements of the ALARP principle. This primarily qualitative demonstration provided a firm basis for the generic aspects of the design and is therefore applicable as part of the underpinning basis of the safety case for the HPC design. The HPC EPR design can practically be seen as having been developed in three main phases: EPR Conceptual Design (as summarised in Sub-chapter 17.2). UK Generic Design reported in GDA Final Consolidated PCSR [Ref. 5]. HPC permissioning/detailed design phase (i.e. post-gda ).

5 Page No.: 2 / 5 The HPC design has developed through a sequence of controlled Reference Configurations (RCs) and the specific PCSR3 content is broadly aligned with RC1.2, as described in Sub-chapter 1.1. These successive RCs (which are directly linked to the Flamanville 3 (FA3) design on which the HPC EPR is based) have been subject to the applicable NNB GenCo (HPC) / Responsible Designer (RD) configuration/modification control processes and procedures, including the appropriate consideration of relevant UK Context issues such as ALARP (see Sub-chapter 22.3). A specific impact analysis of the modifications in the RC1.1 has also been carried out and, where necessary, qualitative assessments of the change from RC1.1 to RC1.2 have been made. Prior to the full implementation of Licence Condition LC20 arrangements in NNB, configuration control was under the (offline) Interim Modification Control arrangements; this is now under the LC20 live control process. In readiness for the transition, (and within NNB, for the associated rollout of NNB ALARP Guidance [Ref. 6]), dedicated ALARP Awareness Training sessions have been carried out, in both NNB and the RD. An approved ALARP methodology [Ref. 7] was used in GDA and in the production of the GDA UK EPR PCSR and the final GDA UK EPR reference design [Ref. 8]. This methodology has continued to be applied to the assessment of modifications for the HPC EPR design by the RD. Modifications to the HPC EPR are controlled within the RD via a Project Instruction [Ref. 9] that ensures UK context aspects, including ALARP, are appropriately addressed. In addition, there are two further RD Project Instructions which cover ALARP aspects of design and modifications: Appropriate account of UK context issues, including ALARP, is summarised via the process covered in Implementation of UK Context in Design Work [Ref 11] (also identified in sub Chapter 22.3). Application of ALARP for the UK EPR Design and Modification [Ref 12], which embeds the ALARP strategy to ensure proportionality and fitness for purpose of ALARP assessments supporting decision making for design and modification tasks This chapter of PCSR3 has provided relevant information to address the four main points above as follows: Sub-chapter 17.1 sets out the approach to application of ALARP, including consideration of the Tolerability of Risk [Ref. 2] and Reducing Risks Protecting People [Ref. 3]. Sub-chapter 17.2 provides the required demonstration of Relevant Good Practice, application of relevant national and international codes and standards, and the reviews of the design options (optioneering) in the initial EPR design basis. It describes the comprehensive assessment process and R&D programmes used to underwrite the EPR design and confirm the use of well-established international design codes. It describes the EPR design optimisation process which was performed under the oversight of the French and German regulatory authorities, and explains the rationale for the design options chosen. It has confirmed that both public and worker risks are addressed in the safety design approach, including risks due to normal operation and accidents. Sub-chapter 17.3 reviews the application of the ALARP process within the HPC Project Engineering Sequence Activities, based on the RD ALARP guidance [Ref. 7]. This HPC Project guidance has taken cognisance of the ONR guidance [Ref. 4].

6 Page No.: 3 / 5 The optioneering examples presented in Sub-chapter 17.3 report those elements that are considered to be the most significant for the HPC EPR design. It should be noted that it is not intended to be a fully exhaustive list and that other specific ALARP assessments are directly referenced in other dedicated chapters/sub-chapters of HPC PCSR3 where appropriate, and those are not all explicitly summarised in Sub-chapter There are two sets of optioneering examples presented in Sub-chapter 17.3: The optioneering examples originally performed for the UK EPR in GDA, which considered the potential safety benefits of a number of additional modification options to the generic UK EPR design. It was confirmed that no further modifications were indicated as reasonably practicable according to the ALARP methodology, beyond those which were already identified for implementation. Therefore, in order to confirm the applicability of the quantitative evaluations of the optioneering examples to the HPC specific design, they have been re-evaluated using the latest available HPC PSA model and the updated results are presented in Sub-chapter Additional optioneering examples which have been included during the development of the site-specific design for HPC. In addition to the above, the PSA has been used to identify potential design improvements as part of the Risk-Informed Design (RID) process. Sub-chapter 16.2, section 4, details the programme of work undertaken as part of the RID process together with the results of the RID studies. Furthermore,to the demonstration of qualitative ALARP aspects in Sub-chapter 17.3, Chapter 16 has presented and reviewed results of the PSA for the HPC EPR. The PSA results provide the required demonstration that the NSDAP Safety Design Objective (SDO) targets for riskas well as the intermediate targets such as Core Damage Frequency (CDF) have been met. The demonstration of compliance with the SDO targets plays an important part in the overall demonstration that the ALARP principle is met for the proposed HPC facility. The specific PSA comparisons with the NSDAP targets are presented in Sub-chapter 16.2, section 3. The approach to the detailed assessment of worker risk is under development and the analysis will be reported in the NIC Report. The Twin Reactor Site report [Ref. 10] provides a review of GDA generic site aspects in the specific context of HPC, primarily with respect to hazards and has also reviewed the initiating faults for the context of twin units. This report concludes that, based on the level of design currently available, it is expected that there will be no significant increase in level of risk per unit, compared with the GDA baseline, associated with the twin-unit site configuration of HPC. For a single unit, the societal risk is in the ALARP region. In addition, it should be noted that there may be some specific advantages to safety that can be realised as a result of a twin-unit configuration with the units sharing some services and facilities. This, together with the application of the ALARP principle in the process of development of the HPC plot plan (as demonstrated in Sub-chapter 2.2) provides a basis for concluding that the HPC site configuration is ALARP and that if any gaps are identified, these will be appropriately justified. The Identification and Review of the Safety Implications of a Twin Reactor Design for HPC report [Ref. 10] identifies a number of open points for consideration in support of the Pre- Commissioning Safety Report (PCmSR), which are to be reported in the next update of that report. The closure of these open points is expected to confirm the position that there are no adverse factors affecting the safety of the twin unit configuration at HPC As part of the review of the HPC design against a Fukushima type event, additional modification options have been considered which could enhance the resilience of the design against such a beyond design basis occurrence. These modifications and associated options have also been subject to an ALARP assessment, and these are discussed in Sub-chapter 23.1.

7 Page No.: 4 / 5 A review of the HPC EPR design against Revision 2 of the NNB GenCo NSDAPs has been carried out for PCSR3 and this is reported in Sub-chapter 1.3. Any identified gaps or shortfalls from this review are justified where appropriate by specific ALARP assessments, which will be reported in the next issue of the HPC safety report (PCmSR). In conclusion, Chapter 17 has presented and summarised the overall basis of the ALARP assessment for the twin reactor site at HPC. The UK EPR, together with the associated GDA modifications, was demonstrated to be ALARP in the GDA and the HPC specific PSA results provided in Chapter 16 demonstrate that the HPC design is ALARP with respect to Level 3 PSA aspects. The assessed level of risk to the public is calculated in the HPC Level 3 PSA and the calculational basis is reported in Sub-chapter 16.2, section 3. The risk of individual death from HPC as a twin unit site is calculated as 4.9 x 10-7 per year. Hence the HPC site risk meets the target of 1.0 x 10-6 per year set by Safety Design Objective SDO-7. ALARP assessments have been and continue to be carried out for HPC specific design aspects to ensure that the HPC design remains ALARP. The design and modifications to the HPC design are appropriately procedurally controlled and specific ALARP assessments are carried out as necessary. Hence, on the following basis that: 1) Good practice and review of the design against international standards are demonstrated by Sub-chapters 1.4 and17.2, and the assessment against NSDAPs reported in Sub-chapter 1.3, 2) Rationale and optioneering for design changes are evidenced by (previous interim) and now live LC20 process and Sub-chapters 17.2 and 17.3, 3) PSA conclusions that the design meets the risks levels/targets are evidenced in Sub-chapter 16.2 comparison with SDOs, and 4) Arguments that the design could not be improved and that the risk is therefore ALARP: The GDA design was considered to be ALARP, whilst recognising the Findings needed to be appropriately addressed and associated modifications implemented and, where appropriate, further resilience enhancements have also been identified, and each design change has undergone appropriate ALARP assessment. Further dedicated assessments of safety justification and design carried out since GDA e.g. Electrical Systems diversity review and Global ALARP report (see Chapter 8). It is therefore reasonable to conclude that the design of the HPC EPR complies with the overall requirements of ensuring risk is reduced to ALARP, which is a key safety design objective.

8 Page No.: 5 / 5 2. REFERENCES [1] Health and Safety at Work Act, 1974, ISBN , October 1974, The Stationery Office Ltd. [2] UK Health and Safety Executive (HSE), The Tolerability of Risk from Nuclear Power Stations, ISBN , 1992, The Stationery Office Ltd. [3] Reducing Risks, Protecting People, Health and Safety Executive (HSE), ISBN , 2001, The Stationery Office Ltd. [4] Nuclear Safety Technical Guide - Guidance on the Demonstration of ALARP (As Low As Reasonably Practicable), NS-TAST-GD-005, Revision 7, December 2015, Office for Nuclear Regulation. [5] UK EPR GDA Final Consolidated Pre-Construction Safety Report, UKEPR-0002, November 2012, EDF and AREVA. [6] ALARP Decision Making for Safety Cases and Modifications to the Plant Design, NNB- 202-GUI , Version 2, August 2014, NNB GenCo. [7] UK EPR ALARP Methodology to Support the Design Modification Process, ENSNDR100088, Revision C, July 2016, EDF SEPTEN. [8] UK EPR Reference Design Configuration, UKEPR-I-002, Revision 15, December [9] Management of Design Changes and Technical Consistency with Other EPR Projects, INS-UKEPR-313 (ECUK110248), Revision D, March 2015, EDF CNEN. [10] Identification and Review of the Safety Implications of a Twin Reactor Design for Hinkley Point C, HPC-NNBOSL-U0-000-RET , Version 2.0, August 2016, NNB GenCo (HPC). [11] UK EPR Implementation of UK Context in Design Work, INS-UKEPR-504, ECUK100136, HPC-ECUKXX-XX-ALL-PRO-00158, Revision C, October 2013, RD. [12] Application of ALARP for the UK EPR Design and Modification, INS-UKEPR-320, UKX- UK1421-XX-ALL-INS , Revision B, April 2016, RD.