L11. Integration of Deterministic Safety Assessment (DSA) and PSA into a Risk-informed Decision Making Process

Transcription

1 L11. Integration of Deterministic Safety Assessment (DSA) and PSA into a Risk-informed Decision Making Process John Fraser Preston john.preston@poyry.com ANSN Regional Workshop on Integrated Deterministic Safety Analysis (DSA) and Probabilistic Safety Assessment (PSA) for Risk Management of Nuclear Power Plant July, 2013 PNRI, Manila, Philippines

2 Outline of Presentation Combining DSA and PSA Approaches: Its Benefits Basic principles of the integrated approach and methodological basis for its application Risk criteria for decision making National risk criteria Summary 2 of 35

3 Deterministic Safety Assessment (DSA) Key Elements Defence-in-Depth Multiple Barriers Diversity and Redundancy within and among the Safety Systems Diverse means for implementing Safety Functions Safety Margins Regulatory Compliance Performance Monitoring Operating Experience Feedback Deterministic Approach provides answers for: Are Safety Systems meeting their Design Intent? What are the Consequences if Not? 3 of 35

4 Probabilistic Safety Assessment (PSA) Key Elements Comprehensive integrated analyses of potential accident scenarios Level 1 potential for core/fuel damage Level 2 potential for radiological release to environment Level 3 individual and societal impact Can handle an unrestricted number of potential components failures and human errors Probabilistic Approach provides answers for: What can go wrong? How likely is it? What are the consequences? 4 of 35

5 DSA and PSA DSA is a qualitative assessment of acceptable risk of undesired consequences If the DBA analysis confirms intended performance of safety measures and other deterministic requirements are met, safety is believed to be assured PSA is a quantitative assessment of risk from a broad spectrum of internal and external hazards, equipment failures and human errors DSA and PSA are not alternative types of assessment, they are complementary. The challenge is how best to integrate the insights each assessment provides. 5 of 35

6 Integrated Risk Informed Decision Making (IRIDM) Approach 8 of 35

7 INSAG-25 A Framework for an Integrated Risk-informed Decision-Making Process Objectives of the INSAG To promote a common understanding of how the concept of risk can be used in making safety decisions To establish framework for IRIDM aimed to Integrate the major aspects influencing nuclear power plant safety in a systematic manner Define decisions affecting nuclear safety that are coherent, balanced and optimised without unduly limiting the conduct of operation of NPPs Achieve consistency of nuclear safety decisions with the safety goals of the Member State 9 of 35

8 IRIDM Process The IRIDM process is a structured process in which all the insights and requirements relating to a safety or a regulatory issue are considered in reaching a decision IRIDM process is used to establish requirements that better focus licensee and regulatory attention on design and operational issues commensurate with their importance to public health and safety Ensure that a decision made in one area is not conflicting with other decisions (e.g. safety and security interfaces) Identify regulations, which warrant re-examination, either that need strengthening or as well as those that can be eliminated or softened The decision, once made, needs to be implemented and monitored to check for revisions, if any 10 of 35

9 IRIDM Benefits Improved safety by taking each factor influencing safety into account in a decision and its implementation Reduced radiation exposure by focusing maintenance on more risk-significant areas and reducing unnecessary activities in high radiation areas Increased installation performance, operational flexibility, cost effectiveness of operations Reduction of unjustified regulations Development of accident management measures and procedures aimed at ensuring that risk of accidents with undesirable consequences is extremely low 11 of 35

10 IRIDM Outcomes The outcome of IRIDM should satisfy the following principles Defence-in-depth is maintained Safety margins are maintained Engineering and organisational good practice are taken into account Insights from relevant operating experience, research and development, and state-of-the-art methodologies are taken into account An adequate integration of safety and security is established Relevant regulations are met 12 of 35

11 IRIDM Applications An integrated approach can be applied to making decisions on safety issues on the design or operation of a nuclear power plant These typically include Hardware Modifications & Procedural Changes Plant modifications and Backfittings Emergency operating procedures Accident management measures Changes to Tech Specs (Operation Limits and Conditions) Optimization of on-line maintenance practices Changes to allowed outage times Optimization of testing intervals & arrangements Plant configuration management Administrative directives & rules Exemptions from Tech Specs Analysis of operational events, etc. 13 of 35

12 IRIDM Framework and Key Elements 14 of 35

13 Key Element of IRIDM Process (1) Standards and Good Practices 15 of 35 The bedrock of any design and operational activity is good engineering and sound managerial procedures Deterministic Considerations IRIDM must be consistent with the basic deterministic safety principles which underlie the design and operation of the NPP Probabilistic Considerations Complement deterministic and other considerations to identify failure sequences that may have been otherwise overlooked Helps to develop designs and operating practices that provide an enhanced level of safety compared with the investigated alternatives The qualitative outputs from PSA should also be considered within IRIDM information from the logic structure can show weaknesses and lack of balance in the design or operation The quantitative measures particularly useful in IRIDM they allow the effects of changes to be evaluated as well as a comparison with safety targets

14 Organisational Considerations 16 of 35 Management for safety Leadership, control, competence, communication and co-operation between staff Clear planning function with a system of review and audit Comprehensive training of all parties involved in the process Feedback of operational experience Learning from the events that have occurred at the plant itself, at similar plants and at other industrial complexes Security Considerations IRIDM should ensures proper integration of the safety and security requirements Security measures can in some instances support safety, while in other instances they may have a negative safety impact Other Considerations Key Element of IRIDM Process (2) Radiation doses to workers and the public Economic effects None of these IRIDM key elements are new it is the process of integrating them in a systematic manner that is not widely practised

15 IRIDM is the iterative process Quantitative and qualitative aspects are both important in IRIDM process Concept of Integration Process Decision-making process should be clear on how the balancing of different risks is achieved The uncertainties of the numerical results of analyses, deterministic and probabilistic need to be addressed IRIDM is a structured process 17 of 35 Due to the large number of applications of IRIDM, it is not feasible to depict a general process For example, in the design of a NPP The starting point is the Defence in Depth principle and engineering standards The resulting SSCs are checked by deterministic assessment for their ability to execute the required safety functions by required margins, both for normal operation and accidents; and PSA looks for balance and weakness The quantitative targets are checked If they are not achieved the design should be improved by removing the highest-risk weaknesses identified in the PSA analysis

16 Integration of Deterministic and Probabilistic Elements 18 of 35

17 IRIDM: Other Important Issues Establish appropriate IRIDM process management 19 of 35 Performance monitoring: The consequences of IRIDM decisions affecting safety should be monitored Feedback: Feedback on the effectiveness of IRIDM decisions should be monitored, documented and communicated in a clear and consistent manner to all relevant stakeholders at the earliest opportunity Training in IRIDM Sufficient budget and staff need to be allocated to the various tasks and staff need to be trained in the process so they can fulfil the IRIDM tasks Training on the IRIDM should be shared among all parties involved in the decision making process (e.g. operator, designer and regulator) Documentation & Communication IRIDM decisions should be documented, reviewed, approved, and communicated in a clear and consistent manner The methodology, including the way the results of the process are obtained and presented, should be discussed among all parties involved in IRIDM

18 Risk Criteria for Decision Making 20 of 35

19 INSAG-12 Basic Safety Principles for Nuclear Power Plants Probabilistic Safety Criteria (PSC) Core damage frequency: INSAG has proposed the following objectives: 10 4 per reactor-year for existing plants 10 5 per reactor-year for future plants Probabilistic safety criteria have also been proposed by INSAG for a large radioactive release: 10 5 per reactor-year for existing plants 10 6 per reactor-year for future plants Basic Safety Principles for Nuclear Power Plants,INSAG-12, A report by the International Nuclear Safety Advisory Group, IAEA, Vienna, 1999 Health effects to members of the public: INSAG has given no guidance on the targets for health effects for members of the public In some countries the target for the risk of a death of a member of the public is taken to be 10 6 per reactor-year 21 of 35

20 National Risk Criteria (1) Netherlands (defined by law) Death of 10 people in short term <10-5 per year Individual risk of death (all sources) <10-5 per year Individual risk of death (single source) <10-6 per year. France (proposed) Sweden Unacceptable consequences <10-6 per year Beyond design basis sequences <10-7 per year Target for the EPR; CDF <10-6 per year CDF <10-5 per year Large release (>0.1% of inventory) <10-7 per year United Kingdom (defined by the regulator) Individual risk of death for a member of the public Maximum tolerable: 10-4 per year Benchmark for new plants: 10-5 per year 22 of 35

21 National Risk Criteria (2) UK Numerical Risk Criteria (lower level criteria) DB1 DB2 DB3 DB4 DB5 >1 Sv Non-Accepted BASIC SAFETY LEVEL DB-dose bands Accepted BASIC SAFETY OBJECTIVE 23 of Dose to the public (msv)

22 Changes in Risk Arise from changes in the design or the operation of the plant Risk decreases always allowed Risk increases allowed by some regulatory authorities but not by others NRC Acceptance Guidelines given in RG1.174 Risk-informed decisions on changes to plant licensing basis Guidelines defined for CDF and LERF both should be used Intended for comparison with a full-scope PSA includes all initiating events and hazards, and all modes of operation 24 of 35

23 Changes in Risk: NRC Guidelines - CDF REGION I - Changes not normally allowed REGION I REGION II REGION III REGION II Changes allowed only if CDF is shown <10-4 /yr REGION III Changes allowed unless CDF >>10-4 /yr when aim should be on risk reduction CDF 25 of 35

24 Changes in Risk: NRC Guidelines - LERF REGION I - Changes not normally allowed REGION I REGION II REGION III REGION II Changes allowed only if LERF shown <10-5 /yr REGION III Changes allowed unless LERF >>10-5 /yr when aim should be on risk reduction LERF 26 of 35

25 Changes in Risk: Slovak Republic The concept of neutral risk is preferred A small increase in risk is permissible If there are other essential benefits, and If a cumulative value of risk additions over a longer time interval is compensated by an overall increase in safety of the NPP Probabilistic safety criteria (for existing plants) Mean value of CDF (LERF) 1x10-4 /year (1x10-5 /year) Probabilistic safety criteria (for new plants) Mean value of CDF (LERF) 1x10-5 /year (1x10-6 /year) Safety criteria for IRIDM: Maximum acceptable increase of the basic risk Mean values of additions to CDF and LERF CDF (LERF) Maximum cumulative change (sum of all additions with respect to the current state) 2.5x10-6 (2.0x10-7 ) within 10 years of operation or within the time interval for PSR An individual addition 1.0x10-6 (1.0x10-7 ) 27 of 35

26 Changes in Risk: Finland No total risk increase (neither CDF nor LRF) is allowed Changes could be introduced in bundles For example: some STIs must be extended while others are shortened To maintain the basic risk level 28 of 35

27 Difficulties in Applying IRIDM Legal implications in different countries With different laws and different regulatory systems Definition/use/acceptability of risk criteria Quality and limitations of PSA Bulk of regulations to be considered for a change Resources needed Organizational issues Regulatory body infrastructure Cultural differences between the staff of regulatory bodies and NPPs Training of non-psa staff to understand the inputs from the PSA Technical issues Difficult to combine the insights from different inputs of different nature Difficulties in applying a new approach Formation of multi-disciplinary teams Communication/Documentation issues Risk communication/incorporating risk information into the process Communication of the results of the risk informed process Documentation of the results of the risk informed process. 30 of 35

28 Summary Integrated decision making process combines the insights from different inputs Increased maturity of PSA provides a more rigorous way for the use of risk information in safety decision-making and regulatory processes The risk criteria specified for various aspects may differ from country to country Even though there are many difficulties in applying IRIDM, it is a very useful approach; helpful to regulatory bodies 31 of 35

29 References (1) 32 of 35 IAEA, Safety of Nuclear Power Plants: Design, IAEA Safety Standards Series No. NS-R-1, IAEA, Vienna (2000) IAEA, Safety of Nuclear Power Plants: Operation, IAEA Safety Standards Series No. NS-R-2, IAEA, Vienna (2000) IAEA, Safety Assessment for Facilities and Activities, IAEA Safety Standards Series, IAEA, Vienna, GSR-part 4 (2010). IAEA, SSG-3 Development and Application of Level-1 PSA, 2010 IAEA, SSG-4 Development and Application of Level-2 PSA, 2010 IAEA, TECDOC-1436 Risk informed regulation of nuclear facilities: Overview of the current status (2005) IAEA, TECDOC-1511 Determining PSA Quality for Various Applications, 2006 IAEA, TECDOC-1200, Applications of Probabilistic Safety Assessment (PSA) for Nuclear Power Plants, Vienna (2001) Basic Safety Principles for Nuclear Power Plants, 75-INSAG-3 Rev. 1, INSAG-12, IAEA, Vienna (1999) IAEA, The Role of Probabilistic Safety Assessment and Probabilistic Safety Criteria in Nuclear Power Plant Safety, Safety Series No. 106, IAEA, Vienna (1992)

30 References (2) O O O O O O 33 of 35 IAEA, OECD NEA, Risk Monitors: The State of the Art in their Development and Use at Nuclear Power Plants, WGGRisk, NEA/CSNI/R(2004)20, OECD/NEA, Paris, (2004) IAEA-TECDOC-1135 Regulatory review of probabilistic safety assessment (PSA) Level 1, 2000 IAEA-TECDOC-1229 Regulatory review of probabilistic safety assessment (PSA) Level 2, 2001 Regulatory Guide 1.200, An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities. ADAMS No. ML NUREG-800, Section 19.1, Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities. ADAMS No. ML NUREG-800, Section 19.2, Review of Risk Information Used to Support Permanent Plant-Specific Changes to the Licensing Basis: General Guidance. ADAMS No. ML "Low Power and Shutdown PRA Methodology", ANS Standard (Draft; Final not expected until late 2009) Standard for Probabilistic Risk Assessment for Nuclear Power Plant Applications, ASME RA-S-2002, ASME, New York (2002) US NRC, An approach for using probabilistic risk assessment in risk-informed decisions on plant-specific changes to the licensing basis, Regulatory Guide 1.174, Revision 1, November 2002

31 Thank you for your attention Any questions? 34 of 35 34