STATE NUCLEAR POWER SAFETY INSPECTORATE Of THE REPUBLIC OF LITHUANIA (VATESI) REGULATIONS

Transcription

1 1 Translation from Russian STATE NUCLEAR POWER SAFETY INSPECTORATE Of THE REPUBLIC OF LITHUANIA (VATESI) REGULATIONS GENERAL REQUIREMENTS FOR THE EVENT REPORTING SYSTEM AT A NUCLEAR POWER PLANT VD-E

2 2 TABLE OF CONTENTS 1. Introduction 2. Terms and definitions 3. Event reporting criteria 4. Types of event reports and reporting requirements 4.1. Immediate verbal notifications 4.2. Event notification reports 4.3. Event analysis reports 5. Event documentation

3 3 1. INTRODUCTION 1.1. General requirements for the event reporting system at a nuclear power plant (hereinafter the Requirements) is the major regulatory document establishing requirements of the State Nuclear Power Safety Inspectorate (VATESI) for collection, analysis and reporting on abnormal events at a nuclear power plant (NPP) The Requirements have been developed on the basis of the General Safety Rules of an NPP (VD-B ), the Nuclear Safety Rules of NPP Reactor Facilities (VD-T ) with an account of recommendations of the US Nuclear Regulatory Commission (US NRC), the International Atomic Energy Agency (IAEA), Russian Federation (PNAE-G ), and of the International Ignalina NPP Safety Analysis Report (SAR/RSR) Early diagnostics of defects, identification of malfunctions in normal plant operations, and introduction of necessary measures to correct them and prevent their recurrence are one of the means to ensure operational safety of an NPP The Operating organization (hereinafter the Operator) shall report to Institutions of State Management and Supervision on all cases when limits and/or conditions of safe operation established for an NPP have been exceeded. Representatives of the Institutions shall have an unlimited access to the plant operating and event reporting documentation keeping records on plant normal operations and abnormal events Emergency situations and accidents occurring at an NPP shall be thoroughly investigated by teams of experts nominated in compliance with current safety rules and regulations. The Operator carries responsibility for the thoroughness and quality of event investigations, an early notification about an emergency situation or an accident and submission of an event report to the Institutions of State Management and Supervision and other appropriate organizations in due order, analysis of event investigation results with the plant operating personnel, development and implementation of corrective measures preventing recurrence of violations of normal operation and accidents due to similar causes For ensuring required level of NPP safety and its further enhancement the Operator shall establish a system to analyze both internal (in-house) and external (nuclear and other industries) operating experience. One of the basic components of the system are procedures establishing a process of collection, registration, notification and analysis of events occurring at the plant, and development and introduction of necessary corrective actions. The procedures shall be developed by the Operator in compliance with the Requirements, current national standards, rules and regulations, international commitments and recommendations The Requirements determine major criteria for the Operator to report to VATESI on events at an NPP, types of event notifications and reports and their scope In the process of plant operations data on equipment failures and personnel errors must be collected, processed, stored and analyzed. The Operator carries responsibility for timely

4 4 collection and quality analysis of the information, its classification and prompt submission to the Institutions of State Management and Supervision, and other concerned organizations The Requirements are mandatory for the NPP Operators from the time they become effective. The Operator shall determine, justify and agree with VATESI the period of time for bringing their current event reporting system at an NPP in compliance with the Requirements Safety analyses of events at an NPP shall be conducted with an account of the recommendations of IAEA guidelines on Information systems on abnormal events at NPPs (IRS) and International Nuclear Event Scale (INES).

5 5 2. TERMS AND DEFINITIONS ACCIDENT an abnormal operating event at an NPP characterized by a release of radioactive materials or ionizing radiation beyond boundaries established for normal operation in quantities exceeding the limits of safe operation. An accident features an initiating event, pathways (scenarios) and consequences COMPONENTS equipment, instrumentation, pipes, cables, constructional structures and other structural elements operating independently or as parts of systems; treated as structural units in design reliability and safety assessments CONDITIONS OF SAFE OPERATION design-established minimum conditions on the quantity, operability and maintenance of safety-related systems (components) ensuring compliance with limits of safe operation DIRECT CAUSE a cause, which initiates an event and results in a deviation from normal operation, failure of a safety system (component) channel, violation of limits and/or conditions of safe operation EMERGENCY PROTECTION (SCRAM) a safety function designed to promptly transfer and keep a reactor core in a sub-critical condin; a complex of safety systems carrying the emergency protection function EVENT (ABNORMAL) a violation of normal operation, an accident, incident or precursor, which is to be reported according to established criteria INCIDENT an abnormal event resulting in no substantial damage to the plant and people; incidents include violations of limits and/or conditions of safe operation, release of radioactivity, radioactive contamination or irradiation of people, unplanned reactor shutdowns, forced plant outages INDEPENDENT SYSTEMS (COMPONENTS) systems (components) for which a failure in one of them does not lead to a failure of the other INSTITUTIONS OF STATE MANAGEMENT AND SUPERVISION executive state authorities: Government, ministries and their departments, governmental organizations, local representatives of central authorities, executive bodies of local authorities LIMITS OF SAFE OPERATION parameters of the technological process established by design, the violation of which can result in accidents NPP SAFETY the engineered capability of an NPP to keep the impact of radiation on the personnel, population and the environment within established limits in normal operation and in accidents

6 6 OPERATING ORGANIZATION (OPERATOR) a legal entity established or appointed by a higher Institution of State Management and Supervision to perform activities with their own or contracted resources at any stage of an NPP life (incl., site selection, design, construction, commissioning, operation and decommissioning), having a license granted by the Institution to perform the activity, as well as material and financial resources to operate the plant, and responsible for its safety PERSONNEL ERROR a single inadvertent wrong action in controlling equipment or a single miss of required action, or a single inadvertent wrong action in doing maintenance of safetyrelated systems (components) PHYSICAL PROTECTION OF AN NPP engineered and organizational means to ensure security of fissile and radioactive materials and other valuables at the plant, as well as prevention of an unauthorized access to the plant and other controlled areas PRECURSOR - an abnormal event related to non-compliances or malfunctions identified during operation, maintenance or surveillance (e.g., in collecting operational data, conducting inspections and tests), which may result in an incident or an accident following a failure of an engineered feature or a human error REDUNDANCY - a design principle to improve reliability of systems by using structural, functional, information and time redundancy in comparison with the minimum required level sufficient for a system to perform its function ROOT CAUSE a cause underlying the direct cause (of an event) SAFETY BARRIERS the crux of the defense-in-depth principle; represent physical barriers preventing release of ionizing radiation and radioactive materials into the environment and include fuel matrix, fuel element cladding, primary pressure boundary and leak-tight confinement of localizing safety systems SAFETY FUNCTION - a specific purpose or actions ensuring its implementation and aimed at prevention and mitigation of accidents SAFETY SYSTEMS (COMPONENTS) systems (components) designed to perform safety functions SUB-CRITICAL CONDITION a condition of the core when the effective neutron multiplication factor is less than one, and there is no local sub-criticality SYSTEM a set of components designed to perform a function SYSTEM CHANNEL part of a system designed to perform the system s function TECHNICAL SPECIFICATIONS (TECHNOLOGICAL REGLAMENT) a document ensuring operational safety of an NPP and containing basic functions and methods of safe operation,

7 7 general procedures of doing works related to the plant safety, as well as limits and conditions of safe operation VIOLATION OF NORMAL OPERATION a reactor operational mode with exceeded operating limits and/or conditions

8 8 3. EVENT REPORTING CRITERIA 3.1. Event reporting criteria are based on the importance of events for the NPP safety. For events meeting the reporting criteria the Operator submits to VATESI immediate verbal notifications (IVNs, by phone), event notification reports (ENRs, within 24 hours from the identification of an event), and event analysis reports (EARs, within 30 days) The Operator shall inform VATESI about any event meeting reporting criteria listed below irrespective of the plant mode of operation or the level of power or the importance of the system (component) for plant safety Unplanned reactor shutdown in any operating mode or a reduction of power by 25% or more from the operating level Violation of limits and/or conditions of safe operation specified in the Technical Specifications Degradation of the plant or its safety barriers, or operation of the plant in a mode: (a) the safety of which is not justified in the design documentation and the safety analysis report, (b) not specified in operating and emergency procedures A threat to the plant safety or a hindrance for personnel to safely operate the plant as a result of natural phenomena or other external events, including fires, releases of radioactive materials and toxic gases Manual or automatic actuation of a safety system, including emergency protection systems, except for events when the actuation was: (a) a part of planned actions during tests or operation, (b) false, and happened following removal of the system from service, (c) false, and happened after execution of the safety function Failure to perform a safety function by systems or components required for: (a) reactor shutdown and maintaining it in the sub-critical condition, (b) residual heat removal, (c) localization and retention of radioactive releases, (d) accident mitigation. An IVN is not required when redundant equipment in the same system is sufficient for performing design safety function A single failure resulting in a failure of at least one independent channel in a system with combined functions, or two independent channels in a system designed for: (e) reactor shutdown and maintaining it in the sub-critical condition, (f) residual heat removal, (g) localization and retention of radioactive releases, (h) accident mitigation Unplanned radioactivity release into the environment exceeding established levels A threat to the plant safety or a hindrance for personnel to safely operate the plant Damage of fuel assemblies or shipping casks during reloading, storage and transportation of nuclear fuel Any event posing a threat to the physical protection of the plant, e.g., sabotage, unauthorized access of individuals to the plant site.

9 Impacts on the environment, health and safety of the personnel or population to be reported to other Institutions of State Management and Supervision and international organizations VATESI is recommended to be also informed about events not directly related to the plant safety (e.g., industrial safety injuries with severe consequences, radiological incidents below levels requiring immediate notification, false actuation of the site audio communication and emergency alarm systems, strikes and demonstrations).

10 10 4. TYPES OF EVENT REPORTS AND REPORTING REQUIREMENTS 4.1. Immediate verbal notifications (IVN) The Operator shall verbally notify VATESI on all events meeting criteria specified in item 3.2. of the Requirements as soon as the event has been discovered. A short notification shall provide the Unit number, the date and time of the event, a short description of the event and the Unit condition at the moment of notification The procedure of immediate verbal notification of VATESI is defined in the document Order of notifying VATESI officer on duty about abnormal events at the INPP Event notification reports (ENR) The Operator shall develop a written ENR on all events meeting criteria specified in item 3.2. of the Requirements and submit it to VATESI as soon as possible, but not later than in 24 hours on discovering the event A standard format of the ENR shall be developed by the Operator, agreed with VATESI and include, as a minimum, the following: a) Unit of occurrence, b) The date and time, c) Unit condition prior to the event, d) Short characterization of the event, e) Consequences for the plant operations, f) Importance of the event for the plant safety, g) Preliminary causes, h) Planned corrective actions, time and individuals responsible for their execution On submitting an ENR, if necessary or on VATESI demand, the Operator must additionally inform VATESI about the event development, in particular about: a) any further degradation of the plant safety level or deterioration of its condition, b) preliminary results of the assessments and the investigation, c) effectiveness of implemented corrective actions, d) plant characteristics/conditions not clearly understood at the moment of event discovery Event analysis reports (EAR) The Operator shall set up a team of experts to investigate the event. Investigation of any event meeting criteria specified in item 3.2. of the Requirements shall end up with an EAR to be submitted within 30 days A standard format of the EAR shall be developed by the Operator, agreed with VATESI, and include, as a minimum, the following investigation results: A short summary describing the event and its consequences for the plant safety.

11 Concise description of the event history giving the event dynamics and personnel actions, all failures of systems and components contributed to the event, and corrective actions adopted or planned to prevent recurrence of similar events in future Plant operating modes prior to the event Condition of systems and their components inoperable as of the event discovery and contributing to its initiation and development Event development chronology (dates and time) Causes of failures of each system (component) or personnel errors Failure mechanism, condition and the role of failed systems (components) List of systems or secondary functions, which were also degraded (for failures of components with combined functions) Period of time from the discovery of a failure till the recovery of related safety system channel (for failures resulting in inoperable safety system channels) Methods used to discover failures of each failed component or system, or personnel non-compliance with requirements of instructions Personnel actions effected the course of event development, including operators errors and/or deficiencies of instructions Automatic or manual actuation of safety systems Manufacturing plant and other identifications of each failed component Root causes, direct causes and factors contributed to the event, technique used for their determination Evaluation of the event consequences for the plant safety, including availability of other systems (components) to perform the function of failed systems (components) Corrective actions developed as a result of the event analysis, introduced or planned to prevent the recurrence of similar events in future References to similar events occurred at the plant or other plants Contact numbers of the Operator s individuals well informed of the event and capable of submitting additional information on the event and the plant data VATESI reviews EARs and decides within 15 days on the correctness of event classification On reviewing an EAR VATESI can request from the Operator to submit additional information needed for a complete understanding of the event. The Operator shall respond on written requests within 15 days with an attachment to the original report.

12 12 5. EVENT DOCUMENTATION 5.1. The Operator shall store event reports and related documentation till the decommissioning of the plant The event report management system shall enable easy sorting of the documentation and retrieval of needed data The Operator shall develop procedures to control the introduction of corrective actions developed as a result of event analyses.