Copyright 2016 ThinkReliability. How a Reactor Works

Transcription

1 Cause Mapping Problem Solving Incident Investigation Root Cause Analysis Risk Mitigation Root Cause Analysis Case Study Angela Griffith, P.E. Office Houston, TX Copyright 2016 ThinkReliability March 2016 How a Reactor Works Nuclear chain reaction produces heat, which makes steam and turns turbine Chain reaction stopped by inserting control rods Heat continues to be produced by decay of unstable isotopes Copyright ThinkReliability 1

2 Levels of containment PRIMARY: First: Fuel pellets & fuel rods Second: Reactor pressure vessel & primary system SECONDARY: Third: Reactor building/ components Reactor Cooling Normal cooling system: pumps driven by electric motors Auxiliary cooling system: Unit 1: Isolation condenser (large tank of water) Units 2-6: Reactor core isolation cooling (RCIC) system powered by steam/ battery Emergency core cooling system: seawater pumps Copyright ThinkReliability 2

3 Power Supply External power from grid Backup power from diesel generators Emergency power from batteries Timeline Day 1 (March 11, 2011) 14:46 Earthquake magnitude Reactors shut down automatically - Damaged equipment causes loss of all off-site electrical power - Diesel generators start up automatically in all 6 units Copyright ThinkReliability 3

4 Timeline Day 1 Units 2-3 pressure limited by automatic safety relief valves 14:50 Units 2-3 RCIC manually activated 15:17 Unit 1 isolation condenser manually started Unit 1 isolation condenser manually shut down due to pressure/ temperature decrease (consistent w/ procedure) Timeline Day 1 15:41 Tsunami (height at plant ~50 ) - Seawater pumps destroyed - Loss of power from ALL diesel generators for units damaged generators - damaged electrical dist. sys. - Unit 1 batteries flooded Copyright ThinkReliability 4

5 Timeline Day 2 (March 12) 15:36 Hydrogen explosion at unit 1 Timeline Day 4 (March 14) 11:01 Hydrogen explosion at unit 3 Timeline Day 5 (March 15) 6:00 Hydrogen explosion in unit 4 6:14 Hydrogen explosion at unit 2 Timeline Day 8 (March 18) Incident elevated to level 5 of 7 on IAEA scale (later raised to 7) Timeline Day 10 (March 20) Offsite power restored to units 1& 2 Timeline Day 16 (March 26) Offsite power restored to units 3 & 4 Copyright ThinkReliability 5

6 Step 1. Define the Problem What Problem(s) When Date Different, unusual, unique Where Unit, area, equipment Task being performed Impact to the Goals Public Safety Worker Safety Environmental Customer Service Regulatory Production/ Schedule Labor/ Time Frequency Earthquake, tsunami, hydrogen explosions See timeline 9.0 magnitude earthquake, 50 tsunami nuclear power station Units 1-3 producing power; 4-6 shut down No radiological health effects ~1,600 deaths attributed to evacuation 2 operators drowned; 16 injured Release of 940,000 terrabq radiation ~150,000 evacuated (20-30 km evac zone) Rolling blackouts IAEA level 7 disaster Complete loss of power from nuclear plants Response, cleanup, investigation This incident Only one other level 7 disaster in history $60B $200B $15B $>275B Step 2. Analysis (Cause Map) Public Safety Goal Impacted ~1,600 deaths 150,000 evacuated Release of radiation to environment Loss of containment Copyright ThinkReliability 6

7 Levels of containment PRIMARY: First: Fuel pellets & fuel rods Second: Reactor pressure vessel & primary system SECONDARY: Third: Reactor building/ components Cause Mapping Loss of containment (structures) Hydrogen explosions Buildup of hydrogen Damage to fuel Release of radiation to environment AND Loss of containment (fuel) Damage to fuel Increased heat of reactor fuel Copyright ThinkReliability 7

8 Cause Mapping Residual (decay) heat Consequence of normal plant operation Increased heat of reactor fuel AND Lack of cooling for reactor Reactor Cooling Normal cooling system: pumps driven by electric motors Auxiliary cooling system: Unit 1: Isolation condenser (large tank of water) Units 2-6: Reactor core isolation cooling (RCIC) system powered by steam/ battery Emergency core cooling system: seawater pumps Copyright ThinkReliability 8

9 Power Supply External power from grid Backup power from diesel generators Emergency power from batteries Cause Mapping Normal cooling lost Off-site power lost Damage from earthquake Lack of cooling for reactor AND Auxiliary cooling lost Diesel generators shut down AND Loss of batteries Flooded by tsunami Limited life AND Emergency cooling lost Off-site power lost AND Seawater pumps not working Damage from earthquake Flooded by tsunami Copyright ThinkReliability 9

10 From the National Diet of Japan Report the accident at the Fukushima Daiichi Nuclear Power Plant cannot be regarded as a natural disaster. It was a profoundly manmade disaster that could and should have been foreseen and prevented. From the IAEA Report A major factor that contributed to the accident was the widespread assumption in Japan that its nuclear power plants were so safe that an accident of this magnitude was simply unthinkable. Copyright ThinkReliability 10

11 Design Basis Accidents Accident scenarios designed to represent the most severe credible accident Fukushima design basis earthquake = 8.0 Design basis tsunami = 5.7 meters ANS Report A risk-informed regulatory approach would have identified the existing design bases as deficient. Although addressing low-probability events is very difficult, a riskinformed treatment for naturalphenomenon hazards is necessary. Copyright ThinkReliability 11

12 Lessons Learned A severe event anywhere in an industry has severe consequences everywhere in that industry. Dr. William Corcoran, Ph.D., P.E. Lessons Learned Assessment of natural hazards: - Sufficiently conservative - Re-evaluated periodically - Must consider potential for occurrence in combination - Use national & international experience Copyright ThinkReliability 12

13 Lessons Learned Defense in depth: - Remains valid - Must be strengthened at all levels - Focus on prevention AND mitigation - Instrumentation/ control systems MUST remain operable Lessons Learned Beyond Design Basis Accidents: - Cooling systems must function - Containment must be reliable - Management provisions must be comprehensive, well-designed, and up to date - Include training, exercises & drills Copyright ThinkReliability 13

14 Current Status Temp & radioactive release stable (cold shutdown) Containment: Equipment to install ice wall in place Inflow of water limited to 150 tons/ day 770 m wall between facility & ocean Removal: ~10% of cleanup work done Robots searching site failing due to exposure Decontamination: 10M yd3 soil & debris removed Outdoor radiation <2mSv/year Cause Mapping Problem Solving Incident Investigation Root Cause Analysis Risk Mitigation Root Cause Analysis Case Study Angela Griffith, P.E. webinars@thinkreliability.com Office Houston, TX Copyright 2016 ThinkReliability March 2016 Copyright ThinkReliability 14