master of science thesis ³ alarm handling in the control ...512063/fulltext01.pdf · the handling...
TRANSCRIPT
TRITA-FYS 2012:12 ISSN 0280-316X
ISRN KTH/FYS/--12:12--SE
Master of Science Thesis
“Alarm handling in the control room of a Nuclear
Power Plant”
by
Maxime Villemin
Stockholm, Sweden, 2012
A Thesis Submitted in Partial Fulfillment
of the Requirements for the Double Degree
at
KTH Royal Institute of Technology (Sweden)
Master of Science
Department of Reactor Physics
&
Phelma Grenoble INP (France)
Diplôme d’ingénieur
Génie énergétique et nucléaire
M.Sc performed
at
EDF
Golfech Nuclear Power Plant
Operations Department
3
ABSTRACT
This master thesis was performed at Golfech Nuclear Power Plant located in France. The Reactor used is a Pressurized Water Reactor from the P’4 design. The subject of the master thesis is dealing with the handling of the alarms in the control rooms. It is essential to try to limit their number. Furthermore, the alarm represents the border between the Normal Operation of the reactor and the Emergency Operations Procedures (EOPs) or, in the worst case, the Severe Accident Management Guidelines. Hence, the notion of alarms is a fundamental aspect in the defense in depth concept: Prevention-Monitoring-Action/Mitigation (PMA) by being the interface between the Monitoring and the Action/Mitigation. Of course, not all the alarms are involving the application of an emergency procedure but they are measuring, in most of the cases, the evolution of all the physical parameters of the reactor, and are giving an overview of the state of the installations. Some alarms are more essential than the others because they are directly correlated with state functions of the reactor, hence have to be dealt in priority. Others alarms have a lower degree of importance but there are an overwhelming number of alarm on the screens in the control room, making less obvious other alarms that would appear. The handling of the alarm will be performed mostly in the master thesis in order to “clean-up” the screen of the control room, and to allow a better overview of the installations to the operators. Different methods were employed in this thesis in order to reduce the alarms on the screens. The first one was the utilization of new alarm handling software. Obviously, this software is ruled by an appropriate organization which includes a risk and safety analyses, validated by the Operations Shift Manager. Furthermore, the interaction machine/man has to be dealt with precaution regarding to the potential risk that it could introduce. This software is used for the alarms linked to the way of operating. The second method is a modification of installation and therefore has to be dealt with the procedures and the rules associated. The alarms linked to a maintenance activity within five days were carried out with this method. Last method consists on handling with the alarm by trying to fix the root of the problem, it is the more logical way of reducing the number of alarms but also the less obvious and, sometimes, it is impossible to perform it. The propositions to fix the problem are in application for some of the alarms. At the end of the master thesis, the number of alarms in the control has decreased. This data shows the efficiency of the three methods. It is still possible to continue the reduction of the alarms in the control room but, most of the cases, it involves a long modification period.
4
5
TAB L E OF C ON TE NT
ABSTRACT ..................................................................................................................................... 3
TABLE OF CONTENT ................................................................................................................... 5
ACKNOWLEDGMENTS ................................................................................................................ 7
1. INTRODUCTION ................................................................................................................. 9
1.1 Background and motivation .................................................................................................................. 9 1.1.1 Presentation of the Nuclear Power Plant ........................................................................................ 9 1.1.2 Generalities of the PWR P’4 design and basic reviews..................................................................... 9 1.1.3 The general organization of EDF ................................................................................................... 10 1.1.4 Organization of the Golfech Nuclear Power Plant and of the Operations Department ................... 10
1.2 Review of the state-of-the-art knowledge .......................................................................................... 12 1.2.1 Control room organization ........................................................................................................... 12 1.2.2 The different states of operating of the reactor ............................................................................ 14 1.2.3 The alarms: a limit between the normal operation and the emergency procedures ...................... 22 1.2.4 Generalities about alarms ............................................................................................................ 23 1.2.5 Generation of the alarms: Instrumentation and Control System ................................................... 29
1.3 Discussion and objectives ................................................................................................................... 31
2. APPROACH ........................................................................................................................32
2.1 Overview and identification of the alarms present in the control room .............................................. 32
2.2 Propositions, Plan of action, and methods to reduce the number of alarms in the control rooms ...... 33
2.3 The Temporary Plant Modification (MTI) process: Principles .............................................................. 33
3. APPLICATION, RESULTS, AND DISCUSSION .............................................................35
3.1 The alarm handling software .............................................................................................................. 35
3.2 Handling of the recurrent alarms: dealing with the root of the problem............................................. 36
3.3 Handling of the alarm with a modification of installation ................................................................... 37
3.4 Results ................................................................................................................................................ 38
4. CONCLUSIONS ..................................................................................................................39
5. APPENDIX 1: LIST OF THE ABBREVATIONS .............................................................40
6. APPENDIX 2: FACR EXAMPLE ......................................................................................47
7. APPENDIX 3: .....................................................................................................................52
6
8. FIGURES AND TABLES ....................................................................................................53
9. REFERENCES .....................................................................................................................54
7
ACKNOWLEDGMENTS
First and foremost, I offer my sincerest gratitude to my supervisor Delphine Apretna. Thank you for your patience, valuable feedback, inspiration, ideas, and advices. I would like to thank Caroline Bernard and Olivier Coadebez, the former and the current Unit Director of Golfech, for offering me the possibility to perform my master thesis in their Nuclear Power Plant. In addition, I would like to thank you Thierry Latrouite, head of the Operations Department, who welcomed me in his Department. I would like to express my gratitude to Pavel Kudinov and Nicolas Capellan, my supervisor in KTH and in Phelma respectively, who helped me during my master thesis by giving relevant advices. I am indebted to my many colleagues from the Operations Department who supported me during my internship and always offered their help and explanations at any moment. Thank you for the nice working environment that you have maintained during the entire master thesis. This thesis would not have been possible unless the three administrations of Phelma, KTH, and EDF which offered me the possibility to achieve my Double Degree in the best conditions. Thank you. This thesis is dedicated to my parents who have given me the support throughout all my life at any moment. I would like also to dedicate this thesis to my grandmother and, especially, to my grandfather who was always deeply interested about my studies. Thank you also to Inmaculada Viéitez for her endless patience for the rereading of this thesis and constant support. Thank you! Merci!
8
9
1. INTRODUCTION
1.1 Background and motivation
1.1.1 Presentation of the Nuclear Power Plant
The master thesis was performed at EDF (Electricité de France) in the Golfech Nuclear Power Plant (France). EDF is the world’s leading nuclear energy company with a worldwide workforce around 160,000 persons. EDF manages the country’s 58 Nuclear Power Plants, and Golfech is one of these units. The power plant at Golfech has two operating Pressurized Water Reactors with the particular P’4 design and a power of 1300 MW each. The first power plant Unit is operating since 1991, and the second one since 1994. The master thesis was performed within the Operations Department.
1.1.2 Generalities of the PWR P’4 design and basic reviews
Each Unit of the Golfech Nuclear Power Plant is composed with a conventional island, nuclear island, and a cooling tower. The nuclear island is constituted with the core, the cooling system, and the safety systems (the Reactor Protection System, Chemical and Volume Control System, Safety Injection System, Containment Spray System, Residual Heat Removal System, Power Electrical System, Feedwater Flow Control System…). Other systems are present on this island such as the Boron Recycling System, the Ventilation Systems, Component Cooling System, and the electrical alimentation from the Diesel Motor System. The fuel storage pool is in a building which is a part of the nuclear island. The main steam system assures the link between the nuclear island and the conventional island. The conventional island is composed with the turbine, the generator, and the condenser. The fuel used in the power plant is uranium oxide fuel, the thermalhydraulics and materials characteristic of the reactor are the same that the usual ones used in a Pressurized Water Reactor. The P’4 design of the PWR reactor have 4 steam generators (4-loop PWR) contrary to the PWR 900 MW, in order to provide a better cooling. Indeed, the power of a P’4 design is 1300 MW, and then the augmentation of the power implies a better cooling. Furthermore, the P’4 design has a double intern for the containment, which offers a better protection. The P’4 design has small differences with the P4 designs concerning the fuel building and some systems, but these differences are minimal, and are not important regarding to the subject that it is dealt in this thesis. Here on the figure 1.1 a PWR reactor is represented:
Figure 1.1: Schematic representation of a Power Water Pressurized Reactor [1]
10
The aim of this thesis is not to give all the characteristics of the pressurized water reactor. That is why only a small review is given in order to situate the environment where this master thesis was performed.
1.1.3 The general organization of EDF
EDF is composed with three different divisions in the nuclear domain:
The Nuclear Production Division, which assures the operation of the power plant and contributes to participate in the improvement of the production of the power plant. This division is constituted by all the Units of the NPP (which have also its intern organization), the Engineering Operating Unit, which mission is to assure the basis in term of safety, radioprotection and environment protection; the Operational Technical Unit which assures all the modification and maintenance on the NPPs; and the Nuclear Inspection which assures all the verification on the NPPs.
The Nuclear Engineering Production Division, which deals with the conception, and assures the engineering activities about the future Nuclear Power Plant. This division is constituted by the SEPTEN which deals with all the studying, and the preparation of the projects for the future Nuclear Power Plant. The National Center of Nuclear Equipment which deals with all the equipments of the Nuclear Power Plant. Other divisions, such as the CIDEN, deals with the waste and the deconstruction.
The Fuel Nuclear Division which deals with all the questions about fuel issues.
All these divisions, notably the Nuclear Production Division and the Nuclear Engineering Production, are supervised by an independent national institution: the National Nuclear Safety Authority which makes sure that that all the safety assessments are respected.
1.1.4 Organization of the Golfech Nuclear Power Plant and of the
Operations Department
The NPP is an organization with the several main Departments:
The Operations Department is piloting the Unit production constantly. It is monitoring the good operating of the reactor, and coordinates the activities and the monitoring through the control room and also locally.
The Maintenance Department is assuring the servicing of the power plant in both preventive and accidental situations. The department is composed of different qualifications such as instrumentations, automatisms, test, electromechanically, and so on.
The Engineering Department is supervising and helping both previously mentioned departments.
It assures the safety improvements of the installation thanks to feedback from other units, and
the analyses of the behaviour of the materials.
The Safety Department deals with all the activities which concern the quality, and the safety. The department is also interacting with the other departments in order to provide assistance, advice and help in order to maintenance of a safety level.
The Chemistry and Environmental Departments are divided in two sections. The Chemistry Department deals with all the chemical parameters of the installations. The Environmental Department is monitoring the entire environment around the power plant such as: the quality of the air, the water, the surface, the fauna, the flora, and so on.
11
The Prevention of Risks Department is dealing with prevention of classical risks as well as radioprotection risks. It is in charge of checking the good application of the security rules, and helps all the workers to perform their work under the best conditions.
The constitution of the Operations Department is important for the dealing of the alarms in order to be able to identify the actors. That is why, a more precise investigation about this department and its organization was performed in this master thesis. A typical team of the Operations Department is constituted by: between 4 and 6 technicians, 2 or 3 operators, 1 operations Foreman, 1 Shift Supervisor, and 1 Operations Shift Manager (the Operations Shift Manager is common for two teams of the Nuclear Power Plant Unit). There are 14 teams in the NPPs which are making a turnover 24h over 24h and 7 days over 7 days to assure the right production of the power plant. Each team is formed by:
The technician: He contributes to the improvement of the performance of the operating, by dealing with the missions and the objectives of the Operations Department. He is in charge of the coordination of the activities for the other workers. He is performing the different operations of monitoring during the field inspection and the different local tests. He is writing the intervention request when he notices something wrong.
The operator: He is piloting the reactor and performing the monitoring activities in the control room. He is also responsible of the serenity maintenance into the control room.
The operations Foreman: He is responsible for the preparation of the alignments and the padlockings by performing safety analyses. He is improving the delay of inoperability of the Important for Safety materials. He is in charge of all the padlockings.
The Shift Supervisor: He is responsible of the accurate operations of the technicians and helps the Operations Shift Manager with the decision-making. He is performing the good achievement of the operations by giving all the information to the team.
The Operations Shift Manager: He is the responsible for the safety, operating actions, and the optimization of the installations by delegation from the direction of the Unit. He has to report to the Direction all the events that can occur when the power plant Unit is operating.
These descriptions are only a summary of the functions and activities of the technician, operators, operations Foreman, Shift Supervisor, and Operations Shift Manager. Of course, all of them have well defined activities regarding to the production, the safety, the security, the radioprotection, the environment and so on. In order to have a wider view of the background and the process to pilot the power plant and therefore to have an overview of the relation with the alarms conception, it is important to define the Normal Operation of the reactor, and also the limit of this normal operation which will place the state of the power plant in an incident or accident situations. In case that these situations occur, some procedures and rules are defined in order to deal with them: the Emergency Operating Procedures (EOPs), and the Severe Management Accident Guidelines (SAMGs). The alarms are linked directly with all these concepts, and represent one of the most important indicators of the state of the power plant.
12
1.2 Review of the state-of-the-art knowledge
1.2.1 Control room organization
The number of parameters which have to be checked and the complexity of the installation imply that the monitoring in the control room is fundamental. This activity has to be taken into account for the planning and the organization of the activity of every team. The monitoring deals with the checking of the physical parameters and the operability of the materials. This monitoring has to be done all the time. The operating of a nuclear reactor implies the presence of, at least, two operators in the control room all of the time. The operator has to coordinate activities while the global monitoring is still necessary. If it is not the case, they need to change the planning of the other activities. The Operations Shift Manager, or Shift Supervisor by delegation, checks that the organization of the team allows a guarantee of the monitoring of the control room. The monitoring in the control room is also checked punctually by the management of the Operations Department [2]. The monitoring in the control room has to guarantee that the parameters of the installation stay in the authorized area (physics, technical specifications) in order to be able to act in case of any problem. To assure that, the operators are performing a periodic turn in the control room by checking the physical parameters, the availability and operability of the materials and components, and checking the apparition of the alarms and acting if it is necessary. The monitoring of the installation cannot be performed under good conditions if the control room is too noisy or if the operators are solicited all the time. Hence, the access to the control is regulated and is allowed not all the time. It is easy to understand, that a high numbers of alarms per control room can have bad impact on the serenity of the control room, therefore it is important to limit their number. The control room is divided into several parts: one part is dedicated to the primary system and its auxiliary
system, another part is dedicated to the secondary system and its auxiliary system. Some specific parts are
dedicated to the core monitoring or the fire monitoring for instance. The control rooms have nine alarm
screens [E1,E9]. All the details are summarized on the figure 1.2 and it is notably displayed on the right part the
constitution of a control desk where are situated notably the alarm screens and the alarm windows:
13
Figure 1.2: Architecture of a Nuclear Power Plant control room [3]
14
1.2.2 The different states of operating of the reactor
a) The Normal Operation The normal operations have to comply with the Technical Specifications for Operation which are done to guarantee the safety of the operating under normal operation conditions and therefore to prevent the apparition or the aggravation of incident or accident. The technical specifications do not cover the incident or accident situations which are dealt by particular processes in the General Operating Rules. The document is structured in six different operation domains which are enveloping the standards states of the reactors. For each domain the prescriptions are dealing with:
The reactivity
The cooling of the fuel
The confinement and the integrity of the barriers
The transversal and support functions
The rules to apply in case of the inoperability of request materials
The table 1.1 contents a summary of the different operation domains under normal operation conditions: Table 1.1: The operation domains in a normal state of the reactor [4]
Operation domain
Study domain and standard states
Completely Unloaded reactor All the fuel in the fuel building
Refuelling Shutdown Cold Shutdown for refuelling
Cold Outage for maintenance
Cold shutdown for maintenance with primary coolant system fully open
Cold shutdown for maintenance with primary coolant system partly open
Cold shutdown for maintenance with primary coolant system closed and depressurized (pressure <5 bar)
Normal outage with cooling by Residual Heat Removal System
(RRA)
Normal cold shutdown (pressure > 5 bar)
Intermediate shutdown with single phase conditions
Intermediate shutdown with residual heat removal system conditions (Residual Heat removal system connected) (RRA connected)
Normal outage with cooling by
steam generators
Intermediate shutdown with Residual heat removal system conditions (RRA connected)
Intermediate shutdown with cooling by steam generators
Hot shutdown
Reactor in service
Taking the reactor critical
Hot standby
Power operation
The concept allows the definition of some physical thresholds in order to maintain the integrity of the barrier, guarantee the efficiency of the safety functions, but also the definition of some assumptions regarding to the reactor initial state for the incidents or accidents studies. In this way, it is possible to specify the first objective of the Technical Specifications for Operation which is to define the different thresholds of each Normal Operation domain in order to assure the capacity to respect the
15
safety criteria and the design assumptions of the reactor. Then, the Technical Specifications gives the domain
of Normal Operation, by defining thresholds on physical parameters. The physical parameters are, for instance, the volume of coolant, the concentration in bore, the temperatures, the pressures and the mass flows. The measurements of these physical parameters are possible from the control room thanks to some tools such as indicators, recording, or the alarms for instance. It is worth noticing that the alarms are a direct link between the Technical Specifications and the safety. It constitutes an indicator of the possible threshold of physical parameter, hence the possible exit of a Normal Operation. The alarms issues are then fundamental, and need safety issues understanding. The second objective of the Technical Specifications is to keep the availability of the safety functions which are mandatory for the control, the protection, the engineering safety feature, and the operability of the incident or accident operating procedures. Then, it is necessary to define the materials and systems availability in order to assure the safety functions. In this way, a system is defined as available only if it is possible to show that, at any moment, the material is able to guarantee its functions and its performances. The periodic tests are done according the General Operating Rules, in order to assure the operability of the materials. The last objective of the Technical Specifications is to define a rule to respect in case of a non-compliance of a safety functions or when the operating is out of the Normal Operation domain. The Technical Specifications give the information and the action to perform for each operation domain if an event occurs. For each area of operation (see table 1.1), the Technical Specifications for Operation define the operating procedure to apply after an event: action statement limiting condition, action statement time limit or time to repair [5]. Regarding to the concept of the defense in depth, all these rules constitute the prevention, but it is also necessary to define the monitoring and the mitigation actions in order to complete the concept of the defense in depth. The monitoring is performed through several processes. The first one is the periodic test on the important materials safety related. It is a part of the second level of the defense in depth (see later on the figure 1.10). The activity of maintenance is also a way to check the availability and the reliability of all the necessary functions for the operators, in order to perform a safe operating. There are two kinds of maintenance, the corrective maintenance, carried out after failure, and the preventive maintenance, carried out in accordance to predetermined criteria with the intention of reducing the probability of failure of equipment or degradation of the service. The last way is the requalification tests which consist in the verification of the behaviour of a component or a system to ensure that the design levels of performance are maintained or re-obtained after maintenance, modification or an operating event.
b) The emergency procedures
The last concept of the defense in depth is the action. The ways of action are organized in order to act against an incident or an accident. One of the chapters of the General Operating Rules corresponds to the procedures during an incident or accident: the EOP (Emergency Operating Procedures). It corresponds also to the organization of the operation team in order to apply these EOPs. In case of severe accident (according to the criteria) the Severe Accident Management Guidelines contains the actions that have to be performed in order to contain the accident. The safety requirements for incident and accident situations consist in having the resources to handle all the circumstances in terms of organization, operation documents, equipment, and worker resources.
i) The Emergency Operating Procedures
The Emergency Operating Procedures constitute the third level of the defense in depth: the action and mitigation in case of accident. They are performed when a certain situation occurs, and it is necessary to apply special procedures in order to come back in a more stable state, therefore resume the normal operation of the reactor. Before, the Emergency Operating Procedures were dealt thanks to the events approach concept. These procedures were established on the basis of the expected sequence of the incident or accident with a view to placing or keeping the integrity of the reactor by maintaining it in safe conditions.
16
These procedures were applicable for a single event (it means that it was not combined with another incident or accident) and therefore they must have been correctly diagnosed.
In other words when an event had occurred, the physical parameters were analyzed in order to define the current state of the reactor. A strategy was chosen, and different procedures were applied. The process is summarized in the figure 1.3:
Figure 1.3: Process of the Emergency Operating Procedures [4]
By following this concept, the initial identification was not considered after, even if the initial state had changed or new events had appeared, it was not possible to change the operating instructions. The events procedures were not adapted to an accumulation of problems and defects. In order to improve these procedures, EDF has developed during the 90’s a new approach. Indeed, it would be really hard and difficult to create, and also to choose, a procedure for every possible combination of several failures and events. EDF has created then the Nuclear Steam Supply System state-oriented approach in order to avoid these difficulties. The principle is simple: there is a limitation on the possible state functions of the nuclear steam supply systems but not on the different possible combination of failure. The last version of this approach covers now all the types of incidents and accidents regarding to all the primary coolant system configurations. Remark: The Golfech Nuclear Power Plant was the first one to have at its disposition the state-oriented approach in 1991. In order to get a control of the possible states of the Nuclear Steam Supply System, a monitoring on the physical parameters is performed. For that, 6 state functions are defined, and offer a lot of information about the state of the reactor. The 6 state functions are the following:
Sub-criticality
Residual Heat Removal
Primary coolant inventory
Feedwater inventory
Steam generator integrity
Containment integrity
Physical parameters
Identification of the state
Application of one strategy = sequence of operating actions
+
Monitoring in parallel
End of sequence or procedure
17
When the overall of the physical situation is defined regarding these 6 state functions, it is necessary to determine the global objective of the control action according to the state. After that, a priority between the state functions has to be achieved, consequently on the actions which are mandatory in order to control the situation by monitoring the evolution of the state functions. At the same time, a general monitoring on the main state is performed in order to assure the operability of the main systems. Together, the process of identification of the physical state, determining the priorities, and state function control action to attain the general objectives, constitute a control strategy [4]. Here, on the table 1.2 the characteristics and the safety functions that represent the state functions are summarized. Table 1.2: Process of the Emergency Operating Procedures [6]
The process of the identification of the physical state is done cyclically in order to adapt the actions. All the thermohydraulic incidents and accidents, single or multiple, cumulated with a loss of system or human error, are covered by the state-oriented approach. On the figure 1.4 this process is summarized:
State function Characteristic Safety
function
Subcriticality (S/K) Level of the neutronic power Reactivity
Residual Heat Removal [WR (P, T)]
Tsat
Primary system internal energy
Cooling
Primary coolant inventory (INVprim)
Level in the reactor
Heat exchange Core - Coolant
Transport for the primary coolant
Transfer until the steam generator
Feedwater inventory (SG) (INVsec)
Level in the steam generator
Heat exchange coolant
Evacuation of the energy
Steam generator integrity (INTsg)
Pressure in the SG stable / Activity SG
No release of the radioactive elements
into the environment
Containment Containment Integrity (INTcon)
Pressure containment / Dose in the
containment
No release of the radioactive elements
into the environment
18
Figure 1.4: Process of the approach state Emergency Operating Procedures [4]
Physical parameters
Identification of the state
Continuity of
the strategy
Change the
procedure or the sequence
Application of one strategy = sequence of operating actions
Monitoring of the operability of important systems and contingent
restoration actions
Physical parameters
Identification of the state
(what effect does the sequence of operating actions have on the state?)
Is the current procedure or sequence suitable?
Does the sequence or the procedure in operation reach the goal?
End of sequence or procedure
19
On the table 1.3 and figure 1.5 the 6 state functions and their localizations are represented: Table 1.3: The 6 state functions [6]
Figure 1.5: Localization of the 6 state functions [6]
The 6 state functions
Primary system
S/K Subcriticality
WR (P,T) Residual Heat Removal
INVprim Primary coolant inventory
Secondary
system
INVsec Feedwater inventory
INTsg Steam generator integrity
Containment
INTenc Containment integrity
1
2
3
4
5
6
20
The operating sequences are classifying into different kinds of procedures:
For the primary system the procedures are named ECP (Primary Instruction State) and ECPR (Primary
Instruction State when the Residual Heat Removal System is connected)
For the secondary system the procedures are named ECS (Secondary Instruction State)
For the periodic monitoring performed by the Operations Shift Manager or the safety engineer the
procedures are named SPE (Periodic Monitoring Instruction)
The initiation of the application of these procedures is done after a first indication of a problem which can be given by an alarm: the DOS alarm which are the alarms related to the Guidance and Stabilization Document (see specifications of the alarms on paragraph 1.2.4). The DOS corresponds to the Stabilization and Guidance Document. This document leads the initial identification of the global physical state of the boiler from the power initial state until the Cold Outage for repair by indicating the instructions to apply. There is one DOS document for the operators (ECP), the operation Shift Supervisor (ECT), and the shift Manager (SPE). After that, the DOS leads the initiation of the different instructions. These documents are dealing with all the states of the boiler, from the power initial state until the Cold Outage for repair. Here, on the figure 1.6 the different kinds of procedures that can be used regarding to the severity of the accident and the state of the reactor (Residual Heat Removal System in service or not, and Primary Coolant System open or not) are represented.
Figure 1.6: The different emergency procedures [4]
21
22
1.2.3 The alarms: a limit between the normal operation and the
emergency procedures
As it can be seen on the figure 1.10, which summarizes the different states of a reactor and the different concepts of the defence in depth (Prevention, Monitoring and Action/Mitigation), the alarms have a fundamental role regarding to the monitoring. They represent the border between the normal operation and the incident/accident operation, hence between the monitoring and the action.
Figure 1.10: Representation of the different states of the reactor with the different concepts of the defense in depth [7]
23
1.2.4 Generalities about alarms
a) Definition An alarm can be defined as a message transmitted to the operators in order to warn them about a faulty of the equipment, installation or of the threshold exceeding of physical parameters. Consequently, they have to apply actions to monitor or fix the problem. The correlation between the defect, the alarm, and the action engaged by the operator is fundamental. For this reason, the domain of the monitoring of the alarms and the minimal action required from the operator, depending on the apparition of the alarm (minimal action justifying the presence of the alarm), are the two main components regarding to the handling of the alarms. The support component of the alarms is normalized: there are the alarm windows and the polychromatic screens (BARCO screens). Whatever the component used, alarm windows or screens, when the defect is present, the name and the symbol is present in order to attest the presence of the defect. The alarm is transmitted by a specific codification which gives the Unit, the elementary systems, and the code of the alarms. It is also given with a written text for the alarms on the screens. Example of the identification of an alarm (1 RCV 034 AA):
1 RCV 034 AA PRESSION < 1 BAR ABS.
Every elementary system has an assembly of alarms description papers. More information is given in the alarm description paper as represented on the figure 1.12. The alarms linked to a system are transmitted from a place around the control and monitoring device of the
system concerned. The control desk, as represented on the figure 1.2, has the alarm windows and the screen of
the alarms associated to the systems that it is piloting.
b) Characterization and Categories of the alarms The apparition of an alarm is characterized in the control room by both audible and visual signals: Visual signal: The appearing or the disappearing of an alarm has two different visual signals. Each visual signal allows a separate identification of each alarm. The action to get off an alarm means that the operator took it into account and then is dealing with it. The getting off is done specifically on every alarm (each panel, each screen…). Audible signal: The appearing and the disappearing of an alarm have two different audible signals warning the operator. Moreover, several kinds of signals could exist regarding to the different support of alarms. It is useful to awake the attention of the operator of every change in the state of an alarm, and then to be able to be heard from every place in the control room. The alarm getting off is global for every kind of support. The appearance and disappearance of alarms on the screens with the visual and audible signal is summarized on the table 1.4:
Unit 1 Elementary
system:
Chemical
and Volume
Control System
Code of
the alarm
for a given
system
Information about the alarm AA=alarm
24
Table 1.4: The audible and visual signals related to the alarms
Screens
Appearance 1 RCV 034 AA PRESSION < 1 BAR ABS Red square flashing on the screen with an audible signal in the control room.
Fixation 1 RCV 034 AA PRESSION < 1 BAR ABS
When the operator has taken into account the alarm by pushing the button under the screen, the red square disappears and the klaxon stops
The defect disappears 1 RCV 034 AA PRESSION < 1 BAR ABS When the origin of the alarm disappears, a white square is flashing and the colour of the text becomes purple.
Acknowledgment When the operator has taken into account that the defect has disappeared by pushing the button under the screen, the alarms disappears from the screen. A klaxon is also flashing to make sure that the defect has effectively disappeared (different from the first one).
Remark: The appearance and the disappearance of alarms on the alarm windows are similar. The alarm window is flashing when an alarm appears on it. A klaxon is also flashing at the same time. When the operator has taken into account the alarms by pushing the button under the screen, the alarm windows stop flashing and have a steady red colour and moreover the klaxon stops. When the defect has disappeared, the alarm window is turned-off. Beside the fact that there are audible and visual signals, it is also necessary to define an organization into hierarchy in order to classify the alarms by priority. The first distinction that can be done concerning the alarms is between the alarms that imply the applications of the emergency procedures, and the ones which do not.
i) The DOS alarms (alarms related to the Stabilization and Guidance
Document)
The alarms that warn about an incident/accident situations are named the DOS alarms (alarms related to the
Stabilization and Guidance Document), and are marked with the letter “D”. Most of the DOS alarms are
transmitted through the alarm windows, but some also through the screens. They are implying the application
of the Stabilization and Guidance Document. The DOS alarms have to be dealt as a priority comparing to the
other ones. As soon as an alarm marked as “D” appears, the operator immediately takes the document of
orientation DOS without first consulting the alarm description paper. However, in order to avoid a
standardization of the application of the incident or accident procedure situations, for instance in the case of
25
an activity of the materials it would not be necessary to apply these procedures; indeed in this case the
appearance of the alarm would be known in advance.
ii) The other alarms
Not all the alarms are classified as DOS and imply the necessity of emergency procedures application; actually
most of them do not. Nevertheless, all these alarms do not have the same degree of importance and for this
reasons are coded with different colours in order to make a difference between them. Each colour has its
specific meanings.
The red alarms
The red alarms are transmitted directly to the alarm windows and define the defects which need quick actions.
The actions that have to be performed are considered as emergency actions and have to be engaged in a
specific time schedule:
The yellow alarms
The yellow alarms are transmitted to the screens and define the defects which actions can be postponed. An
action to fix a problem is classified into the category of an alarm which can be postponed if the action can be
engaged in a time above:
The white alarms
The defects which are dealt first automatically and which correspond to the change of state of some
components (for instance the fact to push a button) are signalized with white alarms. They are transmitted to
26
the screens.
The green alarms
The defects which are dealt automatically and do not need an intervention of the operators are signalized with
green alarms. They are transmitted to the screens.
The grouped alarms
Some alarms are grouped. The grouping of two or more alarms together is allowed when the operator does not need to discriminate the defects or when resources are available to make easily this discrimination. Defects are grouped on one alarm in order to deliver more syntactical information or to gain place when the action to fix the alarm is local or from the same nature. The grouping of alarms is remaining limited especially for the ones corresponding to the first and the fourth category. When several alarms are grouped, sometimes the audible and visual signals (flashing of the alarm) are coming out every time that a defect appears: these are the re-flashing alarms. When the operator does not need to know the specific details of the problem, the alarms are grouped in one alarm which is handled without flashing on and off all the time. The information is still available locally.
The computer treatment complement (KIT)
The KIT calculator is a complement for the treatment of the alarms. It allows control and verification of the action, the monitoring, the analyses, and diagnoses. In order to guarantee these functions, the most important defect which generates an alarm on a screen or an alarm window will be treated in the calculator, and be mentioned in the KIT memory. The most important defects which generate alarms will transmit an input into the calculator. In this way, after the warning information has been received, the operator can consulate the KIT in order to get more detailed information. This is especially useful for the grouped alarms; indeed it is possible to know the root of an alarm that has appeared on the screen or on the alarm window.
c) Handling of the alarms
When the Unit is operating, the objective is to pilot the reactor “off-light”. The operator has to act as much as possible in order to do not have any alarms in the control room. In this way, the operator needs to act in order to have only the alarms which can be justified by the state of the components.
27
When an alarm appears, the operator has to perform the action taking into consideration the alarm, by following the alarm description paper. If the alarm is supposed to appear (maintenance action for instance), the operator has to check the cause of the alarm before fixing it. After that, the operator has to turn off the alarm, especially in order to stop the audible signal which would become available again to warn about the appearance of a new alarm.
Dealing with constant flashing of alarms is an important issue. A constantly flashing alarm is symptomatic of operating or conception issues. A corrective action has to be performed: transient operating, to modify, adjustment of the threshold of the alarm, problem of hysteresis of the alarm, etc. The hysteresis of an alarm can be an advantage or a drawback. This concept is to avoid that the alarm is constantly flashing, by allowing a margin to the threshold before the alarm appears or disappears. Nevertheless, in some situations (see later the case of the alarm named as RHY004AA), the hysteresis cumulated with some error margins from the materials can involve the generation of the alarms, though it is not required. The hysteresis principle is represented on the figure 1.11:
Figure 1.11: The hysteresis principle of one alarm
The alarms handling is of course done regarding to the categories of the different alarms. And then, an inhibition would not be permitted in cases of some categories which define the border between the normal operations and the incident/accident situations.
Presence of the alarm
Alarm threshold
Physical parameters (P, T, W…)
Hysteresis
28
29
In order to deal with the reduction of the number of alarms inside the control rooms, it is important to understand the process of the generation of the alarm. This also allows a better understanding of the interaction man/machine in order to try to reduce the number of alarms.
1.2.5 Generation of the alarms: Instrumentation and Control System
a) Generalities
The Instrumentation and Control System represents all the materials which guarantee the operating, the monitoring, and the Nuclear Power Unit safety. The objective is to assure the three main objectives regarding to the nuclear safety: prevention, monitoring, and mitigating actions. Following this concept, it has to assure the Normal Operation of the materials, prevent the incident and accident, and mitigate the consequences of the incidents and accidents. The process is based on the order given from the control room and the report given to the control room (and then to the operators). This information exchange is made possible by four main parts in the instrumentation system: the interface man/machine which corresponds to the action of the operators in the control room, the data processing which processes the relay of the order and the feedback of the information, the power supply which allows a conversion of the orders into effective actions, and finally the actuators which are performing the actions, and the captors which are providing information about the actions that have been performed.
30
31
1.3 Discussion and objectives
32
2. APPROACH
2.1 Overview and identification of the alarms present in the
control room
33
2.2 Propositions, Plan of action, and methods to reduce the
number of alarms in the control rooms
2.3 The Temporary Plant Modification (MTI) process: Principles
34
35
3. APPLICATI ON, RESULTS, AND DISCUSSI ON
3.1 The alarm handling software
36
3.2 Handling of the recurrent alarms: dealing with the root of
the problem
37
3.3 Handling of the alarm with a modification of installation
38
3.4 Results
39
4. CONCLUSIONS
40
5. APPENDIX 1: LI ST OF THE ABBREVATIONS
A FEEDWATER SUPPLY
ABP Low Pressure Feedwater Heater System
ADG Feedwater Deaerating Tank and Gas Stripper
System
AFR Feedwater Pump Turbine Fluid Control
System
AGR Feedwater Pump Turbine Lubrication System
AHP High Pressure Feedwater Heater System
APG Steam Generator Blowdown System
APP Turbine-driven Feedwater Pump System
ARE Feedwater Flow Control System
ASG Auxiliary Feedwater System
ATH Feedwater Pump Turbine Oil Control
Processing System
C CONDENSER
CET Turbine Gland System
CEX Condenser Extraction System
CFI Circulating Water Filtration System
CGR Circulating Water Pump Lubricating System
CPA Cathodic Protection System
CRF Circulating Water Condenser Cooling System
CTA Condenser tube cleaning system
CTE Circulation Water Treatment System
CTF Circulating water acid treatment system
CVF Cooling towers
CVI Condenser vacuum system
D DIVERS MISCELLANEOUS
DAN
Elevators in Nuclear Auxiliary building,
Electrical building, Waste Treatment building, Turbine hall
DAR Elevators in Reactor building and Operation
building
DEG Nuclear island chilled water system
DEL Electrical building chilled water system
DEQ Waste treatment building chilled water system
DMA Handling inside the Maintenance building
DMH Miscellaneous handling equipment (circulating water pimping station)
DMK Fuel building handling equipment
DMM Turbine hall handling equipment
DMN Nuclear Auxiliary building handling equipment
DMQ Waste treatment building handling equipment
DMR Reactor building handling equipment
DMS Electrical building and safeguard auxiliaries
building handling equipment
DN Normal lighting, OAR
DNA Normal lighting Maintenance Shop
DNB Normal lighting – Safeguard auxiliaries
building
DND Normal lighting – Diesel buildings
DNJ Normal lighting – Gas storage and auxiliary
transformer
DNK Normal lighting – Fuel building
DNL Normal lighting – Electrical building
DNM Normal lighting – Turbine hall
DNN Normal lighting – Nuclear Auxiliary building
DNO Normal lighting – High point of structure
DNP Normal lighting – Water intake
DNQ Normal lighting – Waste treatment building
DNR Normal lighting – Reactor building
DNV Normal lighting – Auxiliary boiler building
DNW Normal lighting – Unit operation building
DNX 6.6 KV power supply
DNY Normal lighting – Demineralization building
DRT Control markers
DS Emergency lighting – High point of structure
DSA Emergency lighting – Maintenance building
DSB Emergency lighting – Safeguard auxiliaries
building
DSD Emergency lighting – Diesel buildings
DSI Site security system
DSJ Emergency lighting – Gas storage and
auxiliary transformer
DSK Emergency lighting – Fuel building
DSL Emergency lighting – Electrical building
DSM Emergency lighting – Turbine hall
DSN Emergency lighting – Nuclear Auxiliary
building
DSO Emergency lighting – High point of structure
DSP Emergency lighting – Water intake
DSQ Emergency lighting – Waste treatment
building
DSR Emergency lighting – Reactor building
DSV Emergency lighting – Auxiliary boiler building
DSW Emergency lighting – Unit operation building
DSY Emergency lighting – Demineralization
building
DTL Closed-circuit television
DTM Moselle temperature alarm transmission
DTV Communication system
DVA Maintenance building cold rooms ventilation
system
DVB Maintenance building air conditioning and
ventilation system
DVC Control room air conditioning system
DVD Diesel buildings ventilation system
DVF Electrical building smoke exhaust system
DVG Auxiliary feedwater pump room ventilation
system
DVH Charging pump room ventilation system
DVK Fuel building ventilation system
DVL Electrical building main ventilation system
DVL A, B, C, D
DVM Turbine hall ventilation system
DVN Nuclear auxiliary building ventilation system
DVO Essential service water building ventilation
and heating system
DVP Circulating water pumping station ventilation
system
DVQ Waste treatment building ventilation system
DVR Computer room ventilation system
DVS Safety Injection and Containment Spray Pump Motor Room Ventilation System
DVT Demineralization building ventilation system
DVU Security building and guardhouse ventilation,
air conditioning, lighting and fire detection
system
DVV Auxiliary boiler building ventilation system
DVW Unit operation building ventilation system
DVZ Electrical Building Safegaurd
DWA Maintenance building hot rooms ventilation
and air conditioning system
41
DWP Moselle to site tunnel ventilation system
E CONTAINMENT VESSEL
EAS Containment spray system
EAU Containment and seismic instrumentation
system
EBA Containment sweeping ventilation system
EDE Containment annulus ventilation system
EPP Containment leakoff monitoring system
ETY Containment atmosphere monitoring system
EVF Containment cleanup system
EVR Containment Continuous Ventilation and
Reactor Pit Ventilation System
G TURBINE GENERATOR GROUP
GRE Turbine governing system
GRH Generator hydrogen cooling system
GRV Generator hydrogen supply system
GSS Moisture separator reheater system
GST Stator cooling water system
GSY Grid connection system
GTH Turbine lube oil treatment system
GEV Power transmission system
GEX Generator excitation and voltage regulation
system
GFR Turbine control fluid syste
GGR Turbine lubrication jacking and turning system
GHE Generator seal oil system
GPA Generator and power transmission protection
GPV Turbine steam and drain system
J FIRE PROTECTION
JDT Fire detection system
JPD Fire fighting water distribution system
JPH Turbine oil tank fire protection system
JPI Nuclear island fire protection system
JPL Electrical building fire fighting water
distribution system
JPP Fire fighting water production system
JPT Transformers fire protection system
JPV Diesel generator fire protection system
K MONITORING
KBS Temperature measurements
KCC Sending data to national emergency response
centres
KCD Demultiplexer relay cabling
KCG Auxiliary boiler building alarm relay
processing system
KCH Demineralizer alarm relay processing system
KCO Unit alarm relay processing system
KCS Security building alarm relay processing
system
KCT Waste treatment building alarm relay
processing system
KDO Test data acquisition system
KDS CIT Site Equipment
KER Nuclear island liquid radwaste monitoring and
discharge system
KGA Reprom management
KGB Process Control Relaying Software
Management
KHY H2 leak detection system
KIR Primary circuit sonic monitoring system
KIT Data processing system
KKK Site and building access control system
KKO Energy metering and perturbography
KME Test instrumentation and measurement
KOS Perturbograph
KPE Tachyperturbograph
KPM Protection of equipment
KPR Remote shutdown panel
KRA Nitrogen risk detection
KRG General control analog cabinets
KRS Site radiation & meteorological monitoring
system
KRT Plant radiation monitoring
KSC Main control room mimic panel and auxiliary
panel
KSU Security building control panel
KTG Turbine generator group table testing
KXU Threshold electronic relay cabinets
KZC Controlled area access monitoring
L ELECTRICITY
LAA 230 VDC power system = LNF – LNE UPS
supply
LAB Turbine generator continuous lubrication
pump power supply
LAC Turbine generator emergency lubrication
pump power supply
LAE 230 V DC power system train A (LNG)
LAF 230 V DC power system train B (LNH)
LAL 230V power system - BDS power supply
LBA 125 V DC power system (equipment train A)
LBB 125 V DC power system (equipment train B)
LBC 125 V DC power system (equipment and
actuators train A)
LBD 125 V DC power system (equipment and
actuators train B)
LBE 125 V DC power system - Reactor protection
group 1
LBF 125 V DC power system - Reactor protection
group 2
LBG 125 V DC power system - Reactor protection
group 3
LBH 125 V DC power system - Reactor protection
group 4
LBK 125 V Power System
LBZ 125V BDS production and distribution
LCA Unit 48 V power Supply - train A (safety
support system; protection auxiliary control system)
LCB Unit 48 V power Supply - train B (safety
support system automats)
LDA 28 VDC power system (IPC SCAT train A
level 1 Equipment System)
LDC 28 VDC power system (IPC SCAT train A
level 1 Equipment System)
LGA LGB LGC
6.6V AC Normal Distribution Unit Auxiliaries
LGD LGE
LGF
6.6V AC Normal Distribution permanent Auxiliaries
LGI LGJ
Common and Site 6.6V AC Switchboard
LGM LGN
6.6kV AC Distribution Auxiliary Boilers
LGP 6.6kV AC power supply river link
42
LGR 6.6kV AC Auxiliary Power Supply
LHA 6.6kV AC Emergency Power Distribution -
Train A
LHB 6.6kV AC Emergency Power Distribution -
Train B
LHP 6.6kV AC Emergency Power Supply Diesel -
Train A
LHQ 6.6kV AC Emergency Power Supply Diesel -
Train B
LHT Reaction Turbine
LK. LV AC Network - 380V AC
LL. LV AC Emergency Network - 380V AC
LLS Hydrotest Pump Turbine Generator Set
LM. 220 V Production and Distribution Supply System (miscellaneous unit equipment)
LMC 220 V Production and Distribution Non-
Redundant System
LMK 220 V power system, BTE
LNA Reactor protection, group I
LNB Reactor protection, group II
LNC Reactor protection, group III
LND Reactor protection, group IV
LNE
LNF
Uninterrupted 220V AC power - power supply KIC; MCR light train A
Uninterrupted 220V AC power - power supply KIC train A
LNG LNH
Uninterrupted 220V AC power system - power
supply KIR, KRT train A Uninterrupted 220V AC power system - power
supply KIC, mimic panel, KRT, MCR light
train B
LNL 220V AC Power System (Security building)
LNR 220V AC power - power supply of
Maintenance building
LSA Test loops system
LSI Site lighting system
LSJ Fence lighting system
LTR Grounding system
LYS Battery discharge
P FUEL STORAGE POOL
PMC Fuel handing and storage system
PTR Reactor cavity and spent fuel pit cooling and
treatment system
R REACTOR
RAM CRDM power supply system
RAZ Nuclear island nitrogen distribution system
RCP Reactor coolant system
RCV Chemical and volume control system
REA Reactor boron and water makeup system
REN Nuclear sampling system
RGL Rod control system
RHY H2 distribution
RIC In-core instrumentation system
RIS Safety Injection system
RPE Nuclear island vent and drain system
RPN Nuclear instrumentation system
RPR Reactor protection system
RRA Residual heat removal system
RRC Boiler control system
RRI Component cooling system
RRM CRDM ventilation
S GENERAL SERVICES
SAA Breathable compressed air production system
SAP Compressed air production system
SAR Instrument compressed air distribution system
SAT Service compressed air distribution system
SBE Maintenance shops hot laundry
decontamination system
SDA Demineralised Water Supply System
SDP Demineralised Water Production System and
Pretreatment
SDX Demineralization Wastes Neutralisation
System
SEB Raw water system
SEC Essential service water system
SED Nuclear island demineralised water
production system
SEH Waste oil and inactive water drain system
SEK Conventional island liquid waste collection
system
SEN Auxiliary cooling water system
SEO Station sewer system
SEP Potable water system
SER Conventional island demineralized water
distribution system
SES Hot water production and distribution system
SEZ Ground water control system
SFI Raw water filtering system
SGZ General gas storage and distribution system
SIR Chemical reagents injection system
SIT Feedwater chemical sampling system
SKH Oil and grease storage system
SLS Cleaning of the secondary side tubesheets of
the steam generators
SRE Hot Workshop Drain System
SRI Conventional island closed cooling water
system
STB Slurry treatment system
STE Electrical tracing system
STR Steam transformer system
SVA Auxiliary steam distribution
T WASTE TREATMENT
TEG Gaseous waste treatment system
TEN Waste sampling system
TEP Boron recycle system
TER Liquid waste discharge system
TES Solid waste treatment system
TEU Liquid waste treatment system
TRI Waste treatment building cooling
S STEAM CIRCUIT
VPU Steam line drain system
VVP Main steam
X AUXILIARY STEAM
XAA Auxiliary Boiler Feedwater System
XCA Auxiliary Steam Production System
43
A LIST OF ABREVATIONS AAR Scram, Reactor trip
ADR Risk Analysis
AEI I&C, Electrical, IT Department
AIC Computerised Tagging System
AN GV Normal Outage on SG
ANRRA Normal Outage on RRA
APE State-oriented Approach
API Cold Outage for Repair
APR Refuelling Shutdown
APRP Loss of Coolant Accident (LOCA)
AQ Quality Assurance
ARI Isolating Breathing Apparatus
AS Safety Authorities
ASN Nuclear Safety Authority
AT Outage
B
BAC Waste Auxiliary Building
BAN Nuclear Auxiliary Building
BC Fuel Branch
BCCN Nuclear Equipment Manufacturing
Inspectorate
BdC Tagging Office
BDMAT Equipment Database
BdS Security Building
BIC Operating Engineering Section
BK Fuel Building
BL Electrical Building
BMO Operating Methods Library
BPA Approved for Action
BPE Approved for action
BPR Approved for Implementation
BR Reactor Building
BTC Operating Technical Method
BTE Effluent Treatment Building
C
CA Work Co-ordinator and Manager (EDF work)
CAE As-built (drawings)
CAM Trade Work Co-ordinator
CAPE Active Installed Base Support Centre
CAS Systems Work Coordinator
CC Tagging Supervisor
CC Technical Inspector/Work Checker
CD Management Team
CDE Extended Management Team
CDO Operational Management Team
CdS Department Manager
CdT Work Supervisor
CE Operations Shift Manager
CE-Quart
Duty Operations Shift Manager
CEIDRE Corporate Chemical & Metallurgical
Laboratorie
CET Technical evaluation committee
CFH Human Factor Consultant
CHSCT Health and Safety Workplace Committee
CID Inter-departmental Collaboration
CIF Individual Training Log
CIINB Inter-Ministerial Committee of Basic Nuclear
Installations
CIM Head of Professional Sector Maintenance
Work
CIP Public Information Centre
CIPN NPP Operations Engineering Centre
CLI Local Information Commission
CME Operations Foreman
CND Non-destructive Test (NDT)
CNIL National Commitee for IT and Freedom
CNPE Nuclear Power Plant
COAT Outage Committee
COCAR Professional development committee
CODIS Regional Operational Fire and Rescue Centre
COE Environment Committee
COET Operations Committee
COMEX Executive Committee
COMSAT Outage Safety Committee
COOP Operational Production Optimisation Centre
COSR Industrial Safety and Radiological Protection
Committee
CP Project Head
CPHC Senior Head Foreman
CR Report, minutes
CREL Local Event Report
CRES Significant Operating Event Report (SOER)
CRHM Human Resources & Management
Committee
CRP RP Committee
CSCT Technical Specifications and Conditions
CSNE Corporate Nuclear Safety Review Commitee
CT Technical Committee / Shift Supervisor
CT Quart Duty Shift Supervisor
CTC Temporary Operating Instruction
CTE Operational Technical Review Committee
CTI Engineering Technical Committee
CTS Nuclear Safety Committee
D
DCN Nuclear Fuel Division
DCO Chemical Oxygen Demand (COD)
DDD Dose-rate
DEGS EDF-GDF Services Direction
DES Safety Assessment Department
DGSNR Directorate General for Nuclear Safety and
Radiation Protection
DI Work Request / Work file
DI meeting
DIN Nuclear Installation Division
DIN Nuclear Engineering Division
DIS Nuclear Engineering Division
DITHR Thermal, Hydroelectric and Renewable
Engineering Division
DM Change/Modification File
DMP Special Tools and Equipment (temporary)
DOI Fire Guidance Document
DOS Stabilization and Guidance Document
DPN Nuclear Operation Division
DPTHR Thermal, Hydroelectric and Renewable
Generation Division
DR Execution File
DRIRE Regional Directorate for Industry, Research
and Environment
DSE Plant Systems Description
DSIN Nuclear Installations Safety Directorate
DSM Pooled Services Division
DSQ Safety Quality Director
DVP Asset Development and Exploitation
E
EAR Sampling Analysis and Discharge Form
44
EC Joint Team
EH Hydrostatic Test
EIS Fire & First Aid Team
EIS Safety-Related Event
EP Periodic Test EP Procedure
EPS Probabilistic Safety Assessment
ESE Environmental Significant Event
ESR Radiological Protection Significant Event
ESS Nuclear Safety Significant Event
EST Radioactive Transport Significant Event
F
FA Anomaly Report
FAI Fire Action Sheet
FAR Quick analysis sheet
FE Gap analysis sheet
FNC Non-conformance Report
FSI Execution Synthesis Form
G
GAI International Activities Group
GAM Professional Sector Management Group
GAP Corporate Installations Affairs Group
GCR Radiation Protection Coordination Group
GDL Corporate Chemical and Metallurgical
Laboratories
GDMI Information Systems Maintenance and
Development Group
GEnv Environment Group
GET Network Operational Group
GIP Process Engineering Group
GMC Boiler Maintenance Group
GMSA Active Systems Maintenance Group
GPEC Skills and Jobs Anticipated Management
GPR Advisory Committee for Nuclear reactors
GPR Risk Prevention Group
GRE OE Group
GSI IT manager
GSI Information Systems Group
GSN Nuclear Safety Group
GT EP EP Working Group
GTS Safety Technical Committee
GVP Performance & Monitoring Group
I
ICPE Installations classified for Environmental
Protection
IN Nuclear Inspection Department
INB Basic Nuclear Installation
IPE Post-commissioning Technical Support
IPS Safety-Related
IRSN Radiological Protection and Nuclear Safety
Institute
IS Safety Injection / Safety Engineer
ISAT Outage Safety Engineer
ISS Duty Safety Engineer
M
MDL Second Line Manager (department head)
MMCR Maintenance-Mechanices-Boilerwork-Valves
Department
MOA Training Commissioning/Training
Commissioner
MOE Training Provision/Training Provider
MPL First Line Manager
MQ Quality Manual
MSQ Safety and Quality Team
MTI Temporary Plant Modifications
N
NA Application Memorandum
NO Organisation Memorandum
NS Departmental Memorandum
NT Technical Procedure
O
OI Work Order
OIS Standard Work Order
OMF Reliability Centred Maintenance
OPRI Office for Protection against Ionising
Radiation
OTC Optimisation – Trading – Marketing
P
PBMP Basic Preventive Maintenance Programme
(corporate)
PC Set Point
PCC Site Assessment Emergency Centre
PDQ Quality Plan
PDR Spare parts
PDR General Work Form
PEE Test Procedure
PFU Unit Training Plan
PGF Training Guidelines
PIF Individual Training Plan
PLAP Local Professional Adaptation Scheme
PMT Medium Term Plan
PMUC Material and Equipment for Use in Power
Plants
PPI Off-site Emergency Plan
PQS Quality and Safety Plan
PRS Assembly Point for Emergency Services
PRV Preventive Maintenance System (computer)
PTF Standard Professional Scheme
PTJ Small everyday jobs
PUI On-site Emergency Plan
PV Report
PVE Test Report
Q
QNS Non Quality Control
QS Quality Control
QS/QNS Maintenance
R
RAT Outage Meeting
RC Tagging System
45
RCC Design & Construction Rules
RCD Completely Unloaded Reactor
RE Authorized for Testing
REE Testing Results
REM Management & Methods Officers
REP Pressurised Water Reactor, PWR
RER Rapid Experience Feedback
RET Exceptional Work System
REX Experience Feedback
RFF End of Manufacture Report
RFI End of Job Report
RGE General Operating Rules
RH human resources
RI Corporate Engineering Section
RII On-line Equipment Test Conditions
RIEM Maintenance & Methods Officer
RM Professional Sector Officer
RMCT Short-Term Methods Officer
RME Operating Methods Officer
RP 1 / 2 Radiological Protection Qualification (worker /
team leader)
RR Equipment Test Using External Supplies
RSE Off-line Equipment Test Conditions
A
LIST OF EQUIPMENT IDENTIFIERS
AD Adsorber
AG Agitator/Vibrator
AI Fire cabinet
AP Alternator
AR Cabine
B
BA Tanks
BC Junction box (tester)
BE Test loop
BT Battery/Accumulator
C
CC Switch
CG Control rod drive unit
CH Boiler
CO Compressor/supercharger
CR Box
D
DB Damper
DE Demineraliser
DH Oil filter
DI Orifice plate (except for measurement
plates)/Flow restrictor
DL Inverter
DM Handling cask - Lead cask
DN Deioniser
DS Dehydrator/Desiccator/Dryer
DT Sensor
DV Vibrating feeder
DW Support device
E
EJ Ejector
EL Pilot solenoid valve
EN Recorder
EP Electropneumatic converter
EV Evaporator
EX Exchanger
F
FA Absolute filter (ventilation system)
FI Filter (liquid)
FS Sand filter (sump sand trap)
FU Fuse/Low-current breaker
G
GA AC generator
GC DC generator
GE Diesel generating set
GF Cooling unit
GH Hydraulic unit
GM Foam generator
GR Lubricator
GS Floor drain
GV Steam generator
H
HU Humidifier
I
ID Indicator (general)
J
JA Switching device
JB Busbar set
JE Packing gland seal
JR 380 V and 6.6 kV emergency supply
JS Switching devices
K
KD Flow restrictor primary element, flow nozzle,
venturi, diaphragm
Lx Local indicator, gauges
P
PI Iodine trap
PJ Socket/Plug
PO Pump
PR Overhead crane
PS Sump
PY Pre-heater element (heating cable heat-
tracing cable etc.)
46
T
TA Auxiliary step-up transformer
TB Switchboard
TF Filter drums and grids
TG Condenser Neck/Condensor tube cleaning
system
TI Current transformer
TL Turn-Push-Light switch
TO Blind key/plate/push button switch
TP Main transformer
TS Step-down transformer
TU Voltage transformer/Tube
TY Pipework
U
UA Alarm unit
UB Terminal block module
UC Control unit
UJ Contactor unit
UL Illuminated mimic diagram unit
UP Breaker module
UR
Relay module
V
VA Air-operated valves
VB Borated water and not reactor coolant valves
VC Circulating water valves
VD Demineralised water valves
VE Raw water valves
VF Main fuel valves
VG Valves for CO2 and miscellaneous gases
VH Oil valves
VI Ventilation air valves
VJ Gaseous effluent valves
VK Liquid effluent valves
VL Condensate valves
VM Ignition fuel valves (propane - diesel oil)
VN Conventional Island Component Cooling System water valves (all closed treated
heated water systems)
VP Coolant valves
VQ Organic liquid valves
VR Reagent valves
VS Solid effluent valves (slurry, soot etc.)
VV Steam valves
VY Hydrogen valves
VZ Nitrogen valves
X
XA Stop relay
XB Retentive memory relay
Z
ZV Fan / Ventilator
ZZ Dryer reheater
47
6. APPENDIX 2: FACR EXA MPLE
u
48
C O N T E N T
1. OBJECTIVES 49
2. PRESENTATION OF THE MODIFICATION/ACTIVITY 50
3. ANALYSIS 51
u
49
1. Objectives
u
50
2. Presentation of the modification/activity
u
51
3. Analysis
u
52
7. APPENDIX 3:
u
53
8. FIGURES AND TABLES
u
54
9. REFERENCES
[1]. Holbert, Keith E. ASU Electrical Engineering. Holbert Faculty ASU. [Online] July 1, 2010. [Cited: January
29, 2012.] http://holbert.faculty.asu.edu/.
[2]. EDF. Note du manuel qualité, Organisation du service conduite. Golfech : EDF, 2010.
[3]. EDF. FTR 1300 MW - Controle Commande - Module A. Loyettes : EDF, 2004.
[4]. EDF Branche Energies Division Production Nucléaire Centre d'Appui au Parc en Exploitation
Groupe sûeté nucléaire. Mémento de la sûreté nucléaire. Saint-Denis : EDF, 2004.
[5]. EDF. Manuel qualité du CNPE de Golfech, Règles Générales d'Exploitation -RGE-. Golfech : EDF, 2011.
[6]. EDF, SFP/ PCT Golfech Formation CAFM. Presentation de l'APE : Approche Par Etats indice stabilisé.
s.l. : EDF, 2006.
[7]. EDF, Direction Production Ingénierie Unité de formation Ingénierie - UFPI. APE_1300 Découverte et
mise en oeuvre des MDC, MMS et matériels PUI. Paris : EDF, 2010.
[8]. EDF, Direction Production Ingénierie - Claude Morales. Note technique - Doctrine d'exploitation des
alarmes des REP 900 MWe et 1300 MWe. Saint-Denis : EDF, 2010.
[9]. EDF, Service Conduite. Tranche 1 Consigne permanate de conduite fiches d'alarmes A1 RCV circuit
controle volumétrique et chimique. Golfech : EDF, 2008.
[10]. Frid, Wiktor. Presentation about: Safety analysis and design basis accidents, Safety systems and
containment, Sever accidents threats. Stockholm : Swedish Radiation Safety Authority, 2010.
[11]. EDF, CIPN. Dossier de système élémentaire, Palier 1300 MW P’4 : Système RCV indice AA. Golfech :
EDF, 2010.
[12]. U.S.NRC. Pressurized Water Reactor- USNRC Technical Training Center. [Online] September 28, 2011.
[Cited: January 29, 2012.] http://www.nrc.gov.
[13]. EDF. Mechanical scheme sotfware. Golfech : EDF, 2011.
[14]. EDF, CIPN. Dossier de système élémentaire, Palier 1300 MW P’4: Système CTE indice H. Golfech :
EDF, 2011.
[15]. EDF, CIPN. Dossier de système élémentaire, Palier 1300 MW P’4 : Système RAZ indice O. Golfech :
EDF, 2011
u
55
[16]. EDF, CIPN. Dossier de système élémentaire, Palier 1300 MW P’4 : Système SGZ idnice H. Golfech :
EDF, 2011.
[17]. EDF, CIPN. Dossier de système élémentaire, Palier 1300 MW P’4: Système REA indice G. Golfech : EDF,
2006.
[18]. EDF, Xavier Delpeyroux, Ingénieur chimiste. Dossier technique système REA indice H. Golfech : EDF,
2010.
[19]. EDF, CIPN. Dossier de système élémentaire, Palier 1300 MW P’4 : Système RHY indice B. Golfech :
EDF, 1988.
[20]. EDF, CIPN. Dossier de système élémentaire, Palier 1300 MW P’4 : Système GRH indice AB. Golfech :
EDF, 2011.
u
56