by - international atomic energy agency · “radiological limits in no / aoo for the public ”....
TRANSCRIPT
ByNéstor Masriera
GRADED APPROACH IN REGULATORY ACTIVITIES IN ARGENTINA
Regulatory Classification of Facilities, Safety classification of SSCs in reactors
Presentation ContentCLASSIFICATION OF FACILITIES
REFERENCE SAFETY CLASSIFICATION PROCESS
ENGINEERING RULES SELECTION APPLICABLES TO SSCRequirements related to the Safety Deterministic Analysis
Functional Capability RequirementsRobustness Requirements
Graded Approach
Requirements related to the Safety Probabilistic Analysis Reliability Requirements
Graded Approach
Use of industrial codes and standards in compliance of SR
Conclusions
CLASSIFICATION OF FACILITIESARN Basic Standard for Radiation Safety (AR-10.1.1-R3)
Takes into account a graded approach in the licensing requirements of different type of facilities (Class 1 to 3).
The classification of facilities considers • radiological risk of the inventories of radioactive/nuclear material, • the radiological environmental impact, • potential exposures to members of the public and to workers, and • technological complexity of the facilities.
Therefore, the scope of the licensing process of facilities is graduated according its classification.
CLASSIFIED FACILITIES
A group of facilities are licensed in one step, • by an Operation License in Class II• by a Registration in Class III
The Responsible Entity of the facility (a legal person)
• Must designate a natural person as the Responsible for the Radiological Protection of the operation of the Facility.
• Must ensure the operating organization chart (covered by duly trained workers, some with individual permits).
CLASSIFIED FACILITIES class IClass I are licensed in steps, with specific milestones and licenses:• Construction • Commissioning• Operation (*)• LTO• Decommissioning
The Responsible Entity of the facility (a legal person) • Must designate a natural person as the Primary Responsible of
the operation stage, for all the regulatory areas – Nuclear Safety, - Radiological Safety, - Physical Protection and - Safeguards
• Must ensure the operating organization chart (duly trained workers, some with individual license and specific authorization).
So, the graded approach to licensing is regarding licensing steps, and regarding the requirements and controls on personnel.
Graded approach in reactors
Now, a closer look at a graded approach of Regulatory Requirements in nuclear reactors.
The graded approach for nuclear safety is applied within a reactor according to the safety classification of structures, systems and components.
Generic safety classification methodologyBased on SSG-30, IAEA´s Guide, “Safety Classification of Structures, Systems and Components in Nuclear Power Plants”,applicable to small power reactors and conceptually, to research reactors.
THE KEY:category based on
“WHAT IF the function XXFAILS TO PERFORM”
Generic safety classification methodology
Functions Categorization step 1
These aspects are equivalent with a consolidated deterministic Safety Analyses.In early stages, category is defined by functions in the DiD scheme. I.e. which specific safety functions handle operational states
which ones are necessary for handling successfully DBA scenarios etc.
Severity of failure
ConsequencesBy Acceptance Criteria By Defense in
Depth Level
By Operational Limits and Conditions
By aspects ofMonitoring
HIGH (cat 1)
Exceeds acceptable limits for DBA: radiological limits forpublic/workers,or engineering limits
Goes to L4 Exceeds Safety Limit
Stops performing the monitoring of a Fundamental Safety Function
MEDIUM (cat 2)
Exceeds acceptable radiological limits in NO / AOO forPublic, or engineering limits for DEC
Goes to L3 Exceeds Safety System Setting
Stops performing the monitoring of a SSF Cat 2 or of a SSC Class 1
LOW (cat 3)
Exceeds acceptable radiological limits in NO / AOO forWorkers or has some radiological
impact on the Public
Goes to L2Requiringintervention o Stops mitigating L4
Exceeds Limiting Condition for Safe Operation
Stops performing the monitoring of a SSF Cat 3 or of a SSC Class 2
L1: Ample design & operation margins
L2: Soft control of maneuvers / events
L3: Detect accid seq / protect the Plant
L4: Protect the public
L5: keepconsequences ALARA
DiD NO / AOO / DBA / DEC
NO& AOO
Accident
DBA:DesignBasisScenario/Accident
DECAccidentexceedingDBA
Confine
Emergency
3 Funct:Shut downCool downConfine
L1
L2
L3
L4
L5
Preliminary Categorization of Safety: SC 1
NormalOperation/ AOO
Accident
DBA:DesignBasisScenarios
DECAccidentexceedingDBA
FSF:Shut dCool dConfine
Categorization by Radiological Criteria
For Cat. 3 “radiological limits in NO / AOO for Workers”. Effective dose limit is 50 mSv/year and 20 mSv/year as average for 5 consecutive years
Acceptable radiological limits are an alternative for categorization criteria. Seeking numerical values in Argentine framework:
“some radiological impact on the Public” linked to exemption and dispense
For Cat. 2 “radiological limits in NO / AOO for the public”. Effective dose limit 1 mSv/year and equivalent dose 15 for crystalline / 50 for skin. Constraint of ~ 0.3 mSv/year for effluents in a facility could be taken, or 0.5 mSv/year for a multi-unit plant.
For Cat 1 “Acceptable radiological limits in DBA for public/workers”, is not straightforward in application. In DBA scenarios confinement barriers are kept and there would be no increase in releases or doses to the public.
APPLICABLE ENGINEERING REQUIREMENTS
Safety Requirements are related ONLY to three aspects:• Functional Capability.• Robustness to ensure functional capability with loads in “real” working
condition.• Reliability for performing with a low-enough failure-probability.
For each Safety Class there are engineering requirements and rules for making the Safety Analysis successful. I.e. Safety requirements.
We’ll look further on the derivation of engineering safety requirementsfrom the Safety Analysis (D and P) as a demonstration of safety by design, in its three aspects,And a particular situation of the engineering requirements: the need of a graded approach to requirements on small reactors.
Requirements derived DSA and DiD
The Defence in Depth concept + functional Deterministic SA imposes design requirements at the PLANT / SYSTEMS LEVEL:
• Design provisions for each level.• List all and order PIEs• No PIEs jumping or surpassing several levels.• Identify level of DiD for actuation of each system (main).• Only SS are relied on to actuate on demand of level 3
Plus certain “features” of the analysis that act as assumptions of the design:SS are to be triggered automaticallyCoping for the short time after the PIE, grace periodAnd after, operator diagnosis and intervention
Functional Capability Requirements
SS are required to keep Functional Capability even with a failure on any of its components / elements (namely “Single Failure Resistance” )
→ requirement at a “system level”Redundancieswith independence and diversity.
Component level: Given a component of certain class, there are C/S allowing to qualify the compliance of requirements capab. and robustness req.C/S help in producing specifications for COTS (pumps, valves, etc.) and design criteria for fabrication (core supports, RPV internals, etc.).
LOCAs in NPPs are particularly demanding in terms of the environment and by producing “consequential failures”.
Environmental Robustness is demonstrated (qualified) by use of industrial standards or Test Programs
Consequential failures, assessing the effect of high energy breaks (jets and whipping) by well settled practices, although not by code / standards
Single Failure Resistance: Mechanical loads of accidental scenarios must be assessed for the SS design (piping, components, supports, etc.) as within their design range. The definition and treatment of load cases of piping with safety functions have well known practices and industrial standards.
Robustness Requirements
Graded Approach on deterministic requirementsThere are requirements coming from the Deterministic Safety Analysis, the safety classification method, Single Failure Criteria and from DiD. of functional capability and robustness.
There is an indirect grading in robustness requirements on terms of resistance to consequential failures:• LOCA loads in NPPs impose very demanding requirements.• In reactors of few kW, accidental loads ~ operational ones.
Safety Systems are required to actuate on demand of level 3coping with DB scenarios during the grace periodI&C systems are required to allow diagnosing Design provision to allow operator interventionOperational Limits and Conditions in 5 or 6 levels.
It is not spontaneous how to “graduate” the deterministic requirements, and of functional capability and robustness.
Requirements from the Probabilistic AnalysisPSAs assess IEs that may have consequences, implying all SSCs affecting SSFs directly or not, in short or long term.
The probabilistic goals for a nuclear reactor:• Core damage probability• Large Early Release Frequency• The “location” of accidental sequences (DBA and DEC) in a curve of probability of
occurrence vs. radiological effect.
It is normal impose reliability requirements on SSCs in order to comply with the PSA goals. Requirements on MTBF / Failure Rate on Demand
A few engineering fields handle reliability in terms of frequency. In general reliability is dealt as inferred probability, conjecture, bayesian guess, best/expert judgment, elicitation, etc.Or simply taken from a reference document…
Reliability Values
For mechanical components of NPPs there are design and construction standards with no reliability figures / data
For I&C Systems there are standards for design, construction and qualifications of equipment, providing reliability values (e.g. SIL indicator).These probabilities are frequencies (objective)
For electrical equipment, the situation of standards is similar.There are generic data basis, with MTBF and failure rates for nearly any kind of SSC. Generally presented as of empirical origin:• Nuclear Power Plants (IAEA-TECDOC-478), • Research Reactor (IAEA-TECDOC-930) • Industrial Facilities (El. & Mech. Component Reliability Handbook or IEEE 493).These probabilities are accepted values, but not necessarily Frequencies.
Reliability numerical values used in PSAs DO NOT come from the industrial standards applied in the design and construction.The probabilities used in many cases are conjectures (bayesian)
, but known to be compatible with successful PSAs.
Reliability requirements and graded approach
• In L1 CDF, reactors with milder physical phenomena on failure mechanisms on barriers (e.g. low power density)… Could be allowed to have Safety Systems with a lower reliability
Considering reliability requirements derived from PSA goals for PSA L1 (CDF < 10-6) y or impact on public for PSA L3
• In L3 releases risk assessment, if the potential radiological consequences on the public are smaller… the reliability of systems preventing releases could be lower
A graded approach could allow lower reliability requirements without increasing the risk.
How can we handle a decrease in reliability requirements using the current approach to the use of industrial standards?
Reliability requirements and use of standardsAre there ways to graduate requirements in small NPPS or RR?• There are design and construction standards for “big” NPPs (namely
“nuclear standards”) that are known to be compatible with a successful PSA of a certified design (in the frame of those c/s), but do not actually provide reliability values.
• There is a trend to use these “nuclear standards” in small reactors prototypes and research reactors (and may be OK).
• There is no “well settled” practice of applying specific industrial standards to small NPPs o research reactors (or clearly related to producing a successful PSA).
The use of NPPs standards in commercial reactors with smaller power, power-density or radioactive inventory may lead to excessive requirements and over-qualification.
Managing Graduated RequirementsWe may need to clarify the concrete relationships between the compliance of deterministic Safety Requirements and the use of industrial standards for design and construction.
Less restrictive standards may still be valid for qualifying robustness and functional capability.
We need to clarify relationships between reliability numerical values (as safety requirements) and industrial standards.Perhaps we can grade requirements by standards if they provide reliability values qualified as frequencies.It is not straightforward how to grade requirements if reliability numbers are probabilities of other kind.
Alternatives for grading
If a graded approach is linked to the concept of “risk”, considered as Effect (consequence) * prob. of occurrenceWe may grade by the factor “consequences of the event” , instead of through “downgrading” reliability requirements… eg“equivalence” by radiological risk (consequence)If the failure of a SC 1 component of a “small reactor” could imply a radiological consequence ≤ than the failure of a NPP component SC 2 (as a purification resins tank), Then: Class 2 NPP standards could be used to satisfy the requirements of the Class 1 Systems of that small reactor?
Are there other ways to grade safety requirements coming from the Deterministic Safety Analysis?
Alternatives for deterministic grading
If the previous isn’t the way to a graded approach, how to grade requirements for a Small reactor or a SMRs?• Should we consider changing the definition of DiD?• Should the single failure criteria be relaxed?• Can we change the definition of Safety Systems?• Give a waiver on the operational requirement coming from
OLCs? Less demanding LCOs. Operation with fewer or less reliable operators.
• Change the safety assessment methodology?• Go back to multiple - diverse and “un-translatable” safety
classification?
Conclusions
When we say there is space for improving our view on the relation between safety requirements and industrial standardswe are not criticizing IAEA’s safety standards and requirements, nor the current industrial standards.
They are the cornerstone of a reliable industry
We say we need this improved view to produce a mature evolution towards a graded approach in order to handle commercial SMRs
Thank you for your attention