NUCLEARINSTALLATIONSAFETYTRAININGSUPPORTGROUP DISCLAIMER

Transcription

1 NUCLEARINSTALLATIONSAFETYTRAININGSUPPORTGROUP DISCLAIMER Theinformationcontainedinthisdocumentcannotbechangedormodifiedinanywayand shouldserveonlythepurposeofpromotingexchangeofexperience,knowledgedissemination andtraininginnuclearsafety. TheinformationpresenteddoesnotnecessarilyreflecttheviewsoftheIAEAorthegovernments ofiaeamemberstatesandassuchisnotanoficialrecord. TheIAEAmakesnowaranties,eitherexpressorimplied,concerningtheaccuracy,completeness,reliability,orsuitabilityoftheinformation.Neitherdoesitwarantthatuseoftheinformation isfreeofanyclaimsofcopyrightinfringement. Theuseofparticulardesignationsofcountriesorteritoriesdoesnotimplyanyjudgmentbythe IAEAastothelegalstatusofsuchcountriesorteritories,oftheirauthoritiesandinstitutionsorof thedelimitationoftheirboundaries.thementionofnamesofspecificcompaniesorproducts (whetherornotindicatedasregistered)doesnotimplyanyintentiontoinfringeproprietaryrights, norshoulditbeconstruedasanendorsementorrecommendationonthepartoftheiaea

2 L9.3 Operating Organization: Safety Assessment of Design and Verification of Design Objectives Jozef Mišák, Director for strategy Nuclear Research Institute Rez plc, Czech Republic IAEA/ANL Regional Workshop on Establishing a Nuclear Safety Infrastructure for a National Nuclear Power Programme 29 November - 10 December 2010, ANL, USA

3 Content of the presentation The purpose and role of the Safety Analysis Report Two broadly accepted formats of SAR: US RG 1.70 and IAEA GS-G-4.1 Comparison of the formats Description of individual chapters Formal aspects of Safety Analysis Report Stages of Safety Analysis Report The update of Safety Analysis Report

4 GRANTING OF AUTHORIZATION (LICENCE) FORMAT AND CONTENT OF SUBMISSION SET-UP BY THE REGULATOR COMMUNICATIONS WITH OTHER INVOL- VED ORGANIZATIONS DEMONSTRATION OF SAFETY BY THE APPLICANT REGULATORY REVIEW AND ASSESSMENT COMMUNICATIONS WITH THE VENDOR COMMUNICATIONS WITH EXTERNAL SUPPORT ORGANIZATIONS REGULATORY DECISION - granting of uthorization - authorization with conditions - refusal of authorization

5 Safety Reports Safety report is a communication tool between the regulatory body and operating organization. Safety reports present the assessment and the analyses that have been carried out for the purpose of demonstrating that the facility or activity is in compliance with the requirements as established in national laws and regulations Safety reports have to document the safety analysis in sufficient scope and detail to support the conclusion reached and to provide and adequate input into independent verification and regulatory review

6 The purpose and role of the SAR The purpose of SAR: Demonstration of compliance with the safety requirements an important part of the licensing basis reference material for the safe operation of the plant The SAR is the basic reference material of the plant: The SAR should present sufficient information on the plant that, for the purposes of nuclear and radiation safety assessment The SAR may refer to more detailed supplementary information (which should be however available for the review on request)

7 Two broadly accepted formats of SAR Regulatory Guide (Revision 3), Standard Format and Content of Safety Analysis Reports for Nuclear Power Plants, LWR Edition (first issued 1972, latest revision 1978) Download: This is the most widely accepted and applied format and most detailed description of the contents (cca. 400 pages) Format and Content of the Safety Analysis Report for Nuclear Power Plants, IAEA, GS-G-4.1 (2004) Download: This guide represents the minimum requirements about the SAR, as accepted by all IAEA member states (79 pages). WENRA Reference Levels, Issue N should be considered as well Recently published IAEA Safety Requirements GSR-4 also introduces SAR

8 Safety Guide on Format and Content of Safety Analysis Report for NPPs (IAEA GS-G-4.1, 2004) New aspects addressed in the IAEA Safety Guide as compared with original RG 1.70: Defence in depth principles (not systematically described in RG 1.70) Management of safety, including safety culture More details on operational aspects Decommissioning phase of NPPs covered Environmental aspects covered Emergency preparedness covered Analysis of beyond design basis accidents and severe accidents Probabilistic Safety Analysis Different structure of safety report All safety analyses (from normal operation up to severe accidents, TH, PTS, containment, radiological aspects) presented in one chapter

9 Missing chapters in RG context Emergency preparedness Environmental aspects Decommissioning and end of life aspects The environmental aspects are often taken care of in a separate document. Besides the above listed chapters, the two approaches are similar. Typically the national legislation prescribes some form for the SAR, which is based either on the RG or on the GS-G-4.1 (the majority is using the former)

10 Updates of RG Regulatory Guide Combined License Applications for Nuclear Power Plants, June 2007, applicable for new LWRs RG includes in comparison of RG 1.70 two additional chapters 18. Human Factors Engineering; it shall be demonstrated that acceptable HFE practices and guidelines are incorporated into the plant s design. 19. Probabilistic Risk Assessment and Severe Accidents; contains summary of design-specific or plant-specific PRA as well as deterministic evaluation of design features for the prevention or mitigation of severe accidents. Detailed contents of the SAR can be verified for all chapters, including 18 and 19, using US NRC Standard Review Plan, NUREG 0800, Rev.2, June

11 Documentation of safety assessment in SAR IAEA GSR SAR: demonstrating that the facility or activity is in compliance with the fundamental safety principles, this Safety Requirements, and any national laws and regulations 4.63.The quantitative and qualitative outcomes of the safety assessment form the basis for the safety report, supplemented by supporting evidence for and reasoning about the robustness and reliability of the safety assessment and its assumptions, including information on the performance of individual components of systems as appropriate The safety report has to document the safety assessment in sufficient scope and detail to support the conclusions reached and to provide an adequate input into independent verification and regulatory review

12 Documentation of safety assessment in SAR IAEA GSR The safety report includes: A justification for the selection of the anticipated operational occurrences and accidents considered in the analysis; An overview and necessary details of the collection of data, the modelling, the computer codes and the assumptions made; Criteria used for the evaluation of the modelling results; Results of the analysis covering the performance of the facility or activity, the radiation risks incurred and a discussion of the underlying uncertainties; Conclusions on the acceptability of the level of safety achieved and the identification of necessary improvements and additional measures The safety report is to be updated as necessary

13 Examples of the SAR structure available RG-1. 70/1.206 (US-NRC) GS-G-4.1 (IAEA) WENRA Reference Levels, Issue N AP 1000 Westinghouse (UK) EPR AREVA, Pre-Construction Safety Report (UK) EPR-Olkiluoto, Finland VVER Skoda Alliance Offer, Belene, (Mochovce) VVER 92 Atomstroyexport, Belene APR 1400 Korea Hydro & Nuclear, (Generic)

14 Volume of the SAR AP 1000 (UK): ~5900 pages EPR AREVA- (UK): N/A, big part of SAR (safety analysis restricted) VVER 92 ASE- Belene: ~7400 pages APR 1400 (Generic): ~7950 pages

15 Preliminary safety analysis report

16 Basic design documentation

17 RG 1.70 Application of the formats Mostly followed in SAR for AP 1000 (UK), APR 1400 (generic), VVER 92 (Belene), EPR (Olkiluoto) Partially followed in EPR (UK) Followed to large extent in a Standard Review Plan under development by IAEA GS-G-4.1 Basis for WENRA Reference Levels, Issue N Basis for the relevant guidance document of UJD SR SAR for VVER 1000-Belene, Skoda Alliance SAR for Mochovce 3&

18 RG (US-NRC) Comparison of the formats GS-G-4.1 (IAEA) 1. Introduction and general description of the plant 1. Introduction 2. Site Characteristics 2. General Plant Description 3. Design of Structures, Components, Equipment and Systems 3. Management of Safety 4. Reactor 4. Site Evaluation 5. RCS and Connected Systems 5. General Design Aspects 6. Engineered Safety Features 6. Description and conformance to the design of plant systems 7. Instrumentation and Controls 7. Safety analyses 8. Electric Power 8. Commissioning 9. Auxiliary Systems 9. Operational aspects 10. Steam and Power Conversion 10. Operational limits and conditions 11. Radioactive Waste Management 11. Radiation protection 12. Radiation Protection 12. Emergency preparedness 13. Conduct of Operations 13. Environmental aspects 14. Initial Test Program 14. Radioactive waste management 15. Accident Analyses 15. Decommissioning and end of life aspects 16. Technical Specifications The NRC guide is more detailed, 17. Quality Assurance the IAEA guide is more up-to-date

19 GS-G-4.1 (IAEA) WENRA Reference Levels (January 2008), Issue N 1. Introduction WENRA reflects the structure of the IAEA Standard 2. General Plant Description The SAR shall describe the site, the plant layout and normal operation; and demonstrate how safety is achieved. 3. Management of Safety The SAR shall describe the relevant aspects of the plant organization and the management of safety. 4. Site Evaluation The SAR shall contain the evaluation of the safety aspects related to the site. 5. General Design Aspects The SAR shall outline the general design concept and the approach adopted to meet the fundamental safety objectives. The SAR shall identify applicable regulations codes and standards. 6. Description and conformance to the design of plant systems Comparison of the formats The SAR shall contain detailed descriptions of the safety functions; all safety systems and safety-related structures, systems and components; their design basis and functioning in all operational states, including shut down and accident conditions. 7. Safety analyses The SAR shall describe the safety analyses performed to assess the safety of the plant in response to postulated initiating events against safety criteria and radiological release limits. 8. Commissioning 9. Operational aspects The SAR shall describe the emergency operation procedures and accident management guidelines, the inspection and testing provisions, the qualification, and training of personnel, the operational experience feedback programme, and the management of ageing. 10. Operational limits and conditions The SAR shall contain the technical bases for the OLCs. 11. Radiation protection The SAR shall describe the policy, strategy, methods, and provisions for radiation protection. 12. Emergency preparedness The SAR shall describe the on-site emergency preparedness arrangements and the liaison and co-ordination with off-site organizations involved in the response to an emergency. 13. Environmental aspects 14. Radioactive waste management The SAR shall describe the on-site radioactive waste management provisions. 15. Decommissioning, end of life The SAR shall describe how the relevant decommissioning and end-of-life aspects are taken into account during operation

20 Introductory chapters (1-2) (Ch. 1 in RG 1.70) The introductory chapter should identify the purpose of the SAR, the designer, vendor, constructor and operating organization of the NPP. It also describes the structure of the report with the objectives and scopes of the sections. The General Plant Description should list the applicable (applied) standards and regulations along with deviations with proper justification; the basic technical characteristics and the operating modes /30

21 Comparison of individual chapters Ch.3. Management of Safety, IAEA GS-G-4.1 (Skoda/UJV, Belene) Ch.17, Quality Assurance, RG General considerations 17.1 Quality Assurance During Design and Construction 3.2 Specific aspects of the management processes Organization Statement of safety policy (including Quality Assurance Program standards, resources and targets) Management structures, responsibilities and Design Control accountabilities Planning (including risk assessment) Procurement Document Control Control of safety related activities Instructions, Procedures, and Drawings Ensuring competence Document Control Communication and team support Control of Purchased Equipment, and Services Supervision Identification/Control of Materials and Components Measuring performance Control of Special Processes Audit and review Inspection Corrective action and improvements Test Control 3.3 Monitoring and review of safety performance Control of Measuring and Test Equipment 3.4 CONSIDERATION OF SAFETY CULTURE Handling, Storage, and Shipping 3.5 QUALITY ASSURANCE Inspection, Test, and Operating Status QA system of the owner Nonconforming Materials, Parts, or Components QA system of the contractor Corrective Action QA system of the operating organization Quality Assurance Records The Management of Safety incorporates the QA and also all safety specific aspects of the management; the arrangements to enhance the Safety Culture Audits 17.2 Quality Assurance During the Operations Phase

22 Chapter 4 Site evaluation (Ch. 2 in RG 1.70) Collection of site reference data for the plant design (geotechnical, seismological, volcanic, hydrological and meteorological) From safety standpoint, the focus is on the external hazards : Natural hazards (earthquake, flooding, extreme weather, etc.) Man-made hazards (traffic roads, air, waterways; nearby industry; security related issues) Clear definition for the design basis for the external hazards Arrangements for the monitoring of site related parameters throughout the lifetime of the plant Further aspect: the population distribution in the area with special attention to sensitive establishments, e. g.: schools, hospitals etc /30

23 Ch. 5 General Design Aspects (Ch. 3 in RG 1.70) Safety objectives and design principles: defense in depth (DiD), fundamental safety functions (RC, HR, C (plus Limitation of releases), establishing the deterministic design principles and criteria, single failure criterion, probabilistic design criteria (if applicable), radiation protection (ALARA) Safety classification of SSCs principles Civil engineering works and structures incl. containment Human factors engineering All operational states, all plant locations

24 Ch.5. General Design Aspects, IAEA GS-G Ch.3, Design of Structures, Components, Equipment, and Systems, RG GENERAL CONSIDERATIONS 3.1 Conformance with NRC General Design Criteria 5.2 SAFETY OBJECTIVES AND DESIGN PRINCIPLES 3.2 Classification of Structures, Components, and Systems Defence in depth 3.3 Wind and Tornado Loadings Safety functions 3.4 Water Level (Flood) Design Deterministic principles and design criteria 3.5 Missile Protection Single Failure criterion 3.6 Protection against Dynamic Effects associated with Piping Probabilistic quantitative design targets 3.7 Seismic Design Radiation protection targets and criteria 3.8 Design of Category I Structures 5.3 CONFORMANCE WITH DESIGN PRINCIPLES/CRITERIA 3.9 Mechanical Systems and Components 5.4 CLASSIFICATION OF SSCs 3.10 Seismic Qualification of Seismic Category I I&C Approach to safety classifications of SSCs 3.11 Environmental Design of Mechanical and Electrical Equipment 5.5 CIVIL ENGENEERING WORKS AND STRUCTURES Building Design Principles and Criteria Structure and Building Loads Seismic classification of buildings and structures 5.6 SYSTEM QUALIFICATION AND ENVIRONMENT FACTORS Description of the qualification procedure for systems Seismic qualification Environmental qualification EMC Qualification 5.7 HUMAN FACTOR ENGENEERING 5.8 INTERNAL AND EXTERNAL RISK Protection against External Natural Hazards Protection against man-made external hazards Protection against internal hazards Comparison of the formats

25 Ch. 6 Description and Conformance to the Design of Plant Systems (1) (Ch-s in RG 1.70) Systematic and detailed specification and description of all safety relevant plant systems System requirements and description Engineering evaluation reference to applicable standards, regulatory requirements, assessment of single failure and common cause failure sensitivity, reliability, environmental qualification etc. Safety assessment: summary of statements and relevant information about the sufficient capacities, fault tolerances, separation etc. of SSCs

26 Ch. 6 Description and Conformance to the Design of Plant Systems (2) (Ch-s in RG 1.70) List of SSCs: Reactor including the fuel Primary circuit and related systems Engineered safety features (for handling DBAs) Instrumentation and control (I&C) reactor trip system Electrical systems Auxiliary systems Power conversion systems; Fire protection; Fuel handling and storage; Radioactive waste treatment and storing; other In RG 1.70 several chapters are devoted to these systems and the requirements are more closely specified Safety analysis associated with the systems is also included in chapters 4-10 of RG 1.70)

27 The key chapter: Chapter 7 in GS-G-4.1 From safety analysis point of view, the central chapter is Ch. 7 in GS-G-4.1 (or Ch. 15 in RG 1.070), as the SAR stands for Safety Analysis Report. Ch. 7 of the SAR is closely related to several other chapters, e.g.: Chapters 5-6 without the knowledge of plant systems, it can not be judged whether the assumptions in the safety analyses are adequate and/or conservative. Chapter 10 the knowledge of the OLC is necessary to judge the proper selection of initial conditions in the analyses To review the assumed hazards, the knowledge of other chapters is also necessary (e. g. Site specification)

28 Ch. 7 Safety Analyses (Ch. 15 in RG 1.70) The analyses shall include the normal operation, the anticipated operational occurrences, the design basis accidents The analyses should also include the PSA studies (Levels not specified), beyond design basis accidents, some selected severe accidents It is stated that The analyses typically focus on neutronics and thermal-hydraulic, structural and radiological aspects, but no clear statement that all aspects should be analysed in this chapter Additional guidance is in the IAEA guide: Safety Assessment and Verification for Nuclear Power Plants, Safety Standards Series No. NS-G-1.2, Vienna (2001), but not valid any more

29 Safety assessment Deterministic safety analysis Predicts the response to postulated events with predetermined assumptions; checks fulfilment of acceptance criteria Safety analysis Two complementary methods Probabilistic safety analysis Combines the likelihood of initiating events, potential scenarios and their consequences into estimation of CFD, source term or overall risk Evaluation of engineering factors important to safety Proven engineering practices Defence in depth Radiation protection Safety classification Protection against internal and external hazards Combination of loads Selection of materials Single failure criterion Redundancy, diversity Equipment qualification Ageing Man-machine interface,

30 Chapter 7, Belene, Skoda/UJV, structure of chapter on safety analysis 7.1. General considerations and reference documents 7.2. Safety objectives and acceptance criteria 7.3. Identification and classification of initiating events 7.4. Human actions considered Structure of the Safety Analysis Chapter GS-G Deterministic analyses General description of the approach (conservatism, codes, models, database) Safety in normal operation Analysis of core cooling and system pressure for reactivity induced accidents Analysis of core cooling and system pressure for a decrease of reactor coolant flow Analysis of system pressure for increase of rector coolant inventory Analysis of core cooling and system pressure for increase of heat removal by the secondary circuit Analysis of core cooling and system pressure for decrease of heat removal by the secondary circuit Analysis of loss of electrical power supply Analysis of core cooling for LOCAs Analysis of primary to secondary LOCA Analysis of pressurized thermal shock Analysis of pressure temperature transients in the containment Analysis of radioactivity release during DBAs Analysis of fuel handling events Analysis of internal hazards Analysis of natural external hazards Analysis of man made external hazards Analysis of radioactive releases from a subsystem or component Analysis of ATWS (complex sequences) Analysis of BDBAs other than ATWS (complex sequences) Analysis of severe accidents 7.6. Probabilistic analyses 7.7. Summary of results of the safety analyses Comprehensive and consistent chapter on safety analysis

31 Distribution of safety analyses in various parts of SAR according RG 1.70) Chapter 3: External hazards Chapter 5: Pressurized thermal shock Chapter 6 Containment pressure response for various LOCAs Analysis of passive core cooling in case for various transients and accidents Releases and distribution of fission products in the containment Chapter 11: Releases from the radwaste treatment systems up to the level of doses Chapter 12: Estimation of on-site and off-site doses during normal operation Chapter 15: Design basis accidents, including ATWS and radiological effects Chapter 19: PSA severe accident phenomena hydrogen generation and mixing low power and shutdown PRA analysis internal hazards analysis deterministic analysis of accidents occurring at shutdown operational modes including radiological consequences (in appendix to Chapter 19)

32 Ch. 8 Commissioning (Ch. 14 in RG 1.70) Goal: proving that the plant is ready to enter operational phase, i.e. the safety performance of each SSC is corresponding to the design requirements In addition to the commissioning program and the detailed results of the tests, the chapter should include evidences about the applicability of the procedures and also about the proper qualification of the operating personnel

33 Ch. 9 Operational aspects (Ch. 13 in RG 1.70) The key sub-chapters are: Organization administrative procedures Operating procedures (incl. EOPs and SAMG) Maintenance, surveillance, inspection and testing procedures Core management and fuel handling (incl. spent fuel) Ageing management Modifications control Qualification and training of personnel Human factors Operational experience feedback program Documents and records Outage arrangements /30

34 Ch. 10 Operational limits and conditions (Ch. 16 in RG 1.70) The OLC specifies the boundaries of normal operation It is a result of a special iteration: it comes from the results of the safety analyses, and also the initial and boundary conditions for the analyses are specified here. (The OLC is also referred as: Technical Specification) /30

35 Chapter 11. Radiation protection Chapters 11 to 15 (GS-G-4.1) Shall cover the normal operational arrangements and equipment for radiation protection (program, organization, equipment, procedures etc.) Chapter 12. Emergency preparedness Shall cover the arrangements ensuring that in case of an emergency the necessary and proportional actions will be carried out to minimize the harmful effects on the workers and on the population Chapter 13. Environmental aspects Radiological and non-radiological impacts on the environment under normal operating conditions (incl. construction and decommissioning) (May be covered in a separate document.) Chapter 14. Radioactive waste management Arrangements for collecting, handling, storing, conditioning and disposing rad-waste Chapter 15. Decommissioning and end-of-life aspects Conceptual planning for end-of-life arrangements /30

36 Formal aspects: User friendly format At present the SAR should be available in electronic form to enhance its use and review In electronic form the internal reference links are very useful Though the IAEA guide only encourages the external references, their extended use is almost inevitable (detailed design documents, references to standards, detailed safety analysis reports, etc.) References to lower level documents are also useful (e. g. operational and emergency procedures)

37 Formal aspects: Depth of description It is basically determined by the requirement that the SAR is a reference material, thus the report shall be understandable by itself. Since it is the most detailed safety document, every safety related aspect shall be described, e. g.: External hazards Internal hazards Engineered safety features Operational arrangements Maintenance aspects Clear boundaries of the design basis etc

38 Formal aspects: Supporting materials The most important supporting materials, drawings, safety analysis reports, code validation reports, source material for PSA input data, etc. should be supplemented to the SAR. These materials are enhancing the review process and the later usability of the SAR. Some, less essential external references are usually not submitted together with the SAR, but they should be made available on request

39 Stages of Safety Analysis Report In the CR, in accordance with common practice, several SARs shall be developed for different licensing stages: Initial Safety Analysis Report (ISAR), which is the basis for site approval, Preliminary Safety Analysis Report (PSAR), which is the basis for construction permit, Pre-operational Safety Analysis Report (PoSAR), which is the basis for authorization of NPP commissioning and operation. During the NPP operation the PoSAR can be further complemented by additional information, so forming operational or Final Safety Analysis Report (FSAR). It may be preferable to maintain the same structure of the SAR, taking into account availability of information

40 Stages of Safety Analysis Report ISAR: information about the site should be reasonably complete, but information about the plant is limited. Effects of the NPP on the environment should be based on an estimate, using e.g. bounding (approach. ISAR should describe relevant safety requirements and to specify, how these requirements will be complied with. PSAR: should contain sufficiently detailed information including analysis allowing to assess whether the plant can be constructed and operated in acceptably safe manner. PoSAR: should provide more specific information on the topics outlined in PSAR, taking into account modifications made during the detailed design and construction and to provide details on the commissioning and operation

41 The update of FSAR The Final SAR (FSAR) is not for ever, it shall correspond to the actual status of the plant throughout the lifetime of the plant (UFSAR) living FSAR The Regulator may specify the requirement for the periodicity of the update of the FSAR Typical: yearly update or (no later than) at every PSR The regulator may or may not review every update Reasons for update: Plant modifications (technology or operation) New results, methods in safety analyses Analysis of operational events or experiences from other similar plants, Requirements by the regulatory body

42 Conclusions There are two formats available to be followed: RG 1.70 with updates, and IAEA GS-G-4.1 NRC guide is more detailed, IAEA guide is more up-to-date and in general terms more comprehensive The main issue: the vendors of new reactors still follow RG 1.70 Unified format preferred: broader consensus needed for future; RG 1.70 has better chance to succeed, with modifications using IAEA GS-G-4.1 Current SAR formats developed by the major vendors should be taken into account Update of IAEA Safety Standards is needed