ByNéstor Masriera

GRADED APPROACH IN REGULATORY ACTIVITIES IN ARGENTINA

Regulatory Classification of Facilities, Safety classification of SSCs in reactors

Presentation ContentCLASSIFICATION OF FACILITIES

REFERENCE SAFETY CLASSIFICATION PROCESS

ENGINEERING RULES SELECTION APPLICABLES TO SSCRequirements related to the Safety Deterministic Analysis

Functional Capability RequirementsRobustness Requirements

Graded Approach

Requirements related to the Safety Probabilistic Analysis Reliability Requirements

Graded Approach

Use of industrial codes and standards in compliance of SR

Conclusions

CLASSIFICATION OF FACILITIESARN Basic Standard for Radiation Safety (AR-10.1.1-R3)

Takes into account a graded approach in the licensing requirements of different type of facilities (Class 1 to 3).

The classification of facilities considers • radiological risk of the inventories of radioactive/nuclear material, • the radiological environmental impact, • potential exposures to members of the public and to workers, and • technological complexity of the facilities.

Therefore, the scope of the licensing process of facilities is graduated according its classification.

CLASSIFIED FACILITIES

A group of facilities are licensed in one step, • by an Operation License in Class II• by a Registration in Class III

The Responsible Entity of the facility (a legal person)

• Must designate a natural person as the Responsible for the Radiological Protection of the operation of the Facility.

• Must ensure the operating organization chart (covered by duly trained workers, some with individual permits).

CLASSIFIED FACILITIES class IClass I are licensed in steps, with specific milestones and licenses:• Construction • Commissioning• Operation (*)• LTO• Decommissioning

The Responsible Entity of the facility (a legal person) • Must designate a natural person as the Primary Responsible of

the operation stage, for all the regulatory areas – Nuclear Safety, - Radiological Safety, - Physical Protection and - Safeguards

• Must ensure the operating organization chart (duly trained workers, some with individual license and specific authorization).

So, the graded approach to licensing is regarding licensing steps, and regarding the requirements and controls on personnel.

Graded approach in reactors

Now, a closer look at a graded approach of Regulatory Requirements in nuclear reactors.

The graded approach for nuclear safety is applied within a reactor according to the safety classification of structures, systems and components.

Generic safety classification methodologyBased on SSG-30, IAEA´s Guide, “Safety Classification of Structures, Systems and Components in Nuclear Power Plants”,applicable to small power reactors and conceptually, to research reactors.

THE KEY:category based on

“WHAT IF the function XXFAILS TO PERFORM”

Generic safety classification methodology

Functions Categorization step 1

These aspects are equivalent with a consolidated deterministic Safety Analyses.In early stages, category is defined by functions in the DiD scheme. I.e. which specific safety functions handle operational states

which ones are necessary for handling successfully DBA scenarios etc.

Severity of failure

ConsequencesBy Acceptance Criteria By Defense in

Depth Level

By Operational Limits and Conditions

By aspects ofMonitoring

HIGH (cat 1)

Exceeds acceptable limits for DBA: radiological limits forpublic/workers,or engineering limits

Goes to L4 Exceeds Safety Limit

Stops performing the monitoring of a Fundamental Safety Function

MEDIUM (cat 2)

Exceeds acceptable radiological limits in NO / AOO forPublic, or engineering limits for DEC

Goes to L3 Exceeds Safety System Setting

Stops performing the monitoring of a SSF Cat 2 or of a SSC Class 1

LOW (cat 3)

Exceeds acceptable radiological limits in NO / AOO forWorkers or has some radiological

impact on the Public

Goes to L2Requiringintervention o Stops mitigating L4

Exceeds Limiting Condition for Safe Operation

Stops performing the monitoring of a SSF Cat 3 or of a SSC Class 2

L1: Ample design & operation margins

L2: Soft control of maneuvers / events

L3: Detect accid seq / protect the Plant

L4: Protect the public

L5: keepconsequences ALARA

DiD NO / AOO / DBA / DEC

NO& AOO

Accident

DBA:DesignBasisScenario/Accident

DECAccidentexceedingDBA

Confine

Emergency

3 Funct:Shut downCool downConfine

L1

L2

L3

L4

L5

Preliminary Categorization of Safety: SC 1

NormalOperation/ AOO

Accident

DBA:DesignBasisScenarios

DECAccidentexceedingDBA

FSF:Shut dCool dConfine

Categorization by Radiological Criteria

For Cat. 3 “radiological limits in NO / AOO for Workers”. Effective dose limit is 50 mSv/year and 20 mSv/year as average for 5 consecutive years

Acceptable radiological limits are an alternative for categorization criteria. Seeking numerical values in Argentine framework:

“some radiological impact on the Public” linked to exemption and dispense

For Cat. 2 “radiological limits in NO / AOO for the public”. Effective dose limit 1 mSv/year and equivalent dose 15 for crystalline / 50 for skin. Constraint of ~ 0.3 mSv/year for effluents in a facility could be taken, or 0.5 mSv/year for a multi-unit plant.

For Cat 1 “Acceptable radiological limits in DBA for public/workers”, is not straightforward in application. In DBA scenarios confinement barriers are kept and there would be no increase in releases or doses to the public.

APPLICABLE ENGINEERING REQUIREMENTS

Safety Requirements are related ONLY to three aspects:• Functional Capability.• Robustness to ensure functional capability with loads in “real” working

condition.• Reliability for performing with a low-enough failure-probability.

For each Safety Class there are engineering requirements and rules for making the Safety Analysis successful. I.e. Safety requirements.

We’ll look further on the derivation of engineering safety requirementsfrom the Safety Analysis (D and P) as a demonstration of safety by design, in its three aspects,And a particular situation of the engineering requirements: the need of a graded approach to requirements on small reactors.

Requirements derived DSA and DiD

The Defence in Depth concept + functional Deterministic SA imposes design requirements at the PLANT / SYSTEMS LEVEL:

• Design provisions for each level.• List all and order PIEs• No PIEs jumping or surpassing several levels.• Identify level of DiD for actuation of each system (main).• Only SS are relied on to actuate on demand of level 3

Plus certain “features” of the analysis that act as assumptions of the design:SS are to be triggered automaticallyCoping for the short time after the PIE, grace periodAnd after, operator diagnosis and intervention

Functional Capability Requirements

SS are required to keep Functional Capability even with a failure on any of its components / elements (namely “Single Failure Resistance” )

→ requirement at a “system level”Redundancieswith independence and diversity.

Component level: Given a component of certain class, there are C/S allowing to qualify the compliance of requirements capab. and robustness req.C/S help in producing specifications for COTS (pumps, valves, etc.) and design criteria for fabrication (core supports, RPV internals, etc.).

LOCAs in NPPs are particularly demanding in terms of the environment and by producing “consequential failures”.

Environmental Robustness is demonstrated (qualified) by use of industrial standards or Test Programs

Consequential failures, assessing the effect of high energy breaks (jets and whipping) by well settled practices, although not by code / standards

Single Failure Resistance: Mechanical loads of accidental scenarios must be assessed for the SS design (piping, components, supports, etc.) as within their design range. The definition and treatment of load cases of piping with safety functions have well known practices and industrial standards.

Robustness Requirements

Graded Approach on deterministic requirementsThere are requirements coming from the Deterministic Safety Analysis, the safety classification method, Single Failure Criteria and from DiD. of functional capability and robustness.

There is an indirect grading in robustness requirements on terms of resistance to consequential failures:• LOCA loads in NPPs impose very demanding requirements.• In reactors of few kW, accidental loads ~ operational ones.

Safety Systems are required to actuate on demand of level 3coping with DB scenarios during the grace periodI&C systems are required to allow diagnosing Design provision to allow operator interventionOperational Limits and Conditions in 5 or 6 levels.

It is not spontaneous how to “graduate” the deterministic requirements, and of functional capability and robustness.

Requirements from the Probabilistic AnalysisPSAs assess IEs that may have consequences, implying all SSCs affecting SSFs directly or not, in short or long term.

The probabilistic goals for a nuclear reactor:• Core damage probability• Large Early Release Frequency• The “location” of accidental sequences (DBA and DEC) in a curve of probability of

occurrence vs. radiological effect.

It is normal impose reliability requirements on SSCs in order to comply with the PSA goals. Requirements on MTBF / Failure Rate on Demand

A few engineering fields handle reliability in terms of frequency. In general reliability is dealt as inferred probability, conjecture, bayesian guess, best/expert judgment, elicitation, etc.Or simply taken from a reference document…

Reliability Values

For mechanical components of NPPs there are design and construction standards with no reliability figures / data

For I&C Systems there are standards for design, construction and qualifications of equipment, providing reliability values (e.g. SIL indicator).These probabilities are frequencies (objective)

For electrical equipment, the situation of standards is similar.There are generic data basis, with MTBF and failure rates for nearly any kind of SSC. Generally presented as of empirical origin:• Nuclear Power Plants (IAEA-TECDOC-478), • Research Reactor (IAEA-TECDOC-930) • Industrial Facilities (El. & Mech. Component Reliability Handbook or IEEE 493).These probabilities are accepted values, but not necessarily Frequencies.

Reliability numerical values used in PSAs DO NOT come from the industrial standards applied in the design and construction.The probabilities used in many cases are conjectures (bayesian)

, but known to be compatible with successful PSAs.

Reliability requirements and graded approach

• In L1 CDF, reactors with milder physical phenomena on failure mechanisms on barriers (e.g. low power density)… Could be allowed to have Safety Systems with a lower reliability

Considering reliability requirements derived from PSA goals for PSA L1 (CDF < 10-6) y or impact on public for PSA L3

• In L3 releases risk assessment, if the potential radiological consequences on the public are smaller… the reliability of systems preventing releases could be lower

A graded approach could allow lower reliability requirements without increasing the risk.

How can we handle a decrease in reliability requirements using the current approach to the use of industrial standards?

Reliability requirements and use of standardsAre there ways to graduate requirements in small NPPS or RR?• There are design and construction standards for “big” NPPs (namely

“nuclear standards”) that are known to be compatible with a successful PSA of a certified design (in the frame of those c/s), but do not actually provide reliability values.

• There is a trend to use these “nuclear standards” in small reactors prototypes and research reactors (and may be OK).

• There is no “well settled” practice of applying specific industrial standards to small NPPs o research reactors (or clearly related to producing a successful PSA).

The use of NPPs standards in commercial reactors with smaller power, power-density or radioactive inventory may lead to excessive requirements and over-qualification.

Managing Graduated RequirementsWe may need to clarify the concrete relationships between the compliance of deterministic Safety Requirements and the use of industrial standards for design and construction.

Less restrictive standards may still be valid for qualifying robustness and functional capability.

We need to clarify relationships between reliability numerical values (as safety requirements) and industrial standards.Perhaps we can grade requirements by standards if they provide reliability values qualified as frequencies.It is not straightforward how to grade requirements if reliability numbers are probabilities of other kind.

Alternatives for grading

If a graded approach is linked to the concept of “risk”, considered as Effect (consequence) * prob. of occurrenceWe may grade by the factor “consequences of the event” , instead of through “downgrading” reliability requirements… eg“equivalence” by radiological risk (consequence)If the failure of a SC 1 component of a “small reactor” could imply a radiological consequence ≤ than the failure of a NPP component SC 2 (as a purification resins tank), Then: Class 2 NPP standards could be used to satisfy the requirements of the Class 1 Systems of that small reactor?

Are there other ways to grade safety requirements coming from the Deterministic Safety Analysis?

Alternatives for deterministic grading

If the previous isn’t the way to a graded approach, how to grade requirements for a Small reactor or a SMRs?• Should we consider changing the definition of DiD?• Should the single failure criteria be relaxed?• Can we change the definition of Safety Systems?• Give a waiver on the operational requirement coming from

OLCs? Less demanding LCOs. Operation with fewer or less reliable operators.

• Change the safety assessment methodology?• Go back to multiple - diverse and “un-translatable” safety

classification?

Conclusions

When we say there is space for improving our view on the relation between safety requirements and industrial standardswe are not criticizing IAEA’s safety standards and requirements, nor the current industrial standards.

They are the cornerstone of a reliable industry

We say we need this improved view to produce a mature evolution towards a graded approach in order to handle commercial SMRs

Thank you for your attention

nmasriera@arn.gob.ar