probabilistic safety analysis (psa) level 2nucpower.info/uploads/sem2017/10_ВАБ-2.pdf ·...
TRANSCRIPT
Kaliopa Mancheva
March 16, 2017
PROBABILISTIC SAFETY ANALYSIS (PSA) LEVEL 2
March 16, 2017
o The safety bases are established on the principles of safety, therebyensuring protection of those working at a nuclear facility, aswell as of the population and the environment against harmfulionizing radiation at this moment and in future. These principlesdetermine the need for risk assessment and management ofnuclear facilities. The PSA is one of the basic means for riskassessment of possible releases of radioactive products into theenvironment and the consequences thereof
o More specifically, the PSA Level 2 deals basically with theinvestigation and assessment of possible paths of radioactiveproducts release after nuclear fuel damage and the possibilitynot to release them into the environment
o Nuclear fuel damage is associated with the term “severe accident”
WHY PSA LEVEL 2 ?
o The implementation of such type of projects has the following objectives:• A systematic analysis to achieve certainty in the nuclear facility
project compliance with the main safety objectives - overall level ofsafety
• Risk assessment of releases of radioactive products into theenvironment after fuel damage in the reactor, spent fuel pool,storage facilities and other facilities containing radioactive material
• Verification of project balancing, i.e. to ascertain that there are noexpressed deficiencies in terms of specific impacts
• Use of the source terms and frequencies to determine off-siteconsequences (Level 3 PSA input)
• Evaluation of plant designTo identify potential vulnerabilities in the mitigation of severe accidentsTo compare design options
• Support and verification of SAMG• Use of a range of other PSA applications in combination with the
Level 1 PSA results
o Objectives of the specific task:• Assessment of Large Early Release Frequency (LERF): it
considers only the sequences, for which the releases occurin the early phase of the accident. It is used for early riskrelease assessments
• A full-scope PSA Level 2: it considers all sequences, whichlead to releases into the environment, both at the early andlate phase of the accident
SCOPE OF PSA LEVEL 2
o PSA Level 2 can have a different scope, depending on the following:• The type of initiating events that are to be analyzed:
Internal initiating events (which include facility-internal failures, fires and flooding)
External hazards (which include seismic, tornado, strongwinds, high temperatures, external fires and floodings andetc.)
• The facility operational modesFull power modesLow power and shutdown modes
• The fuel location: Reactor vesselSpent fuel pool Spent fuel storage facility
Input from the Level 1 PSA – core damage minimal cut-sets/accident sequences
Plant familiarisation for Level 2 PSA
Plant damage states definition
Severe accident modelling
Containment performance analysis
Source term analysis
Quantification
Results
Sensitivities, uncertainties
Use of the results
Information collection and familiarization with plant
features that influence severe accident progression
Grouping of core damage MCSs into PDSs
Phenomena/ Containment Event Tree (CET)
analysis
Response to severe accidents
Fission product transport/ release categorization
CET probabilities/ quantification
Frequencies of large (early) release / release
categories
Sources of uncertainty
Identifications of severe accident vulnerabilities and
other applications
General Steps of Level 2 PSA
Design aspects identificationo Identify and highlight plant SSC and operating procedures that
can influence:
• severe accidents progression
• containment response
• transport of radioactive material
o The task includes also Reactor Building, Auxiliary Building,
Secondary containment and etc.
o Examples:
• core materials and geometry of the reactor internals
• area under the reactor pressure vessel
• flow paths from the area under the reactor pressure vessel to the
main containment volume
• chemical content of the concrete
• features that could lead to containment bypass sequences
Channel
GNF 10x10
8x89x9
ANF 10x10
Channel box
[kg-Zr
per MW]PWR BWR WWER
Fuel 6.0 11.5 8.05
Control
Rods0.5 [--] 0.78
Fuel
Channel
Box
[--] 5.6 [--]
Grids and
other
[--] [--]0.77
Total (kg)
3000 MW
reactor
20,000 51,000 28,800
Input from the Level 1 PSA – core damage minimal cut-sets/accident sequences
Plant damage states definition Grouping of core damage MCSs into PDSs
General Steps of Level 2 PSA
Initiating
Events
(< 100)
Accident sequence
event trees
(event probabilities
from fault trees)
Accident
sequences
(millions)
Initial plant
damage
states
(50 to 100)
Consolidated
plant damage
states
(< 20)
Accident progression /
containment event trees
(branch probabilities with
uncertainties)
Accident progression /
containment event tree
end states
(104 to 106)
Iterative truncation
10-10 ... 10-12 ...
to convergence
Stop
Bin
nin
g P
roce
ss
Screen on
low frequency
Release
categories
(< 20)
Frequency * Consequence
Conditional
consequence
bins
(< 20)
Ris
k I
nte
gra
tio
n
LEVEL 1 LEVEL 1 -2
InterfaceLEVEL 2 LEVEL 3
Sensitivity analysis & reconsideration of
low-frequency PDS with high consequences
Co
mbin
e S
imila
r P
DS
o Plant Damage State (PDS) – core melt
sequences identified in the Level-1 PSA
grouped based on similarities in accident
progression and availability of
containment safeguards and other systems
that might have impact on accident
progression after core melt
o Binning process is intended to establish an
interface between
• The plant systems analysis (Level-1 PSA) and
• The containment response analysis (Level-2 PSA)
o Software:
• SAPHIRE
• RiskSpectrum 1.2 – last version
Input from the Level 1 PSA – core damage minimal cut-sets/accident sequences
Severe accident modelling Phenomena/ Containment Event Tree (CET)
analysis
General Steps of Level 2 PSA
o Main purposes and outcomes from the
deterministic analysis
• Time chronology of the accident
• physical parameters of accident progression
• dependencies between phenomena
o Used for expert judgment assessment of
probabilities for different phenomena
o Software:
• MELCOR, MAAP, ASTEC
CV091
CV
060
CV092
CV
010
CV
055
CV
05
4C
V05
3C
V057
CV
047
CV
046
CV
045
CV
04
4C
V04
3C
V04
2
CV
037
CV
036
CV
035
CV
03
4C
V03
3C
V03
2
CV
027
CV
026
CV
025
CV
02
4C
V02
3C
V02
2
CV
017
CV
05
2
CV
016
CV
015
CV
01
4
CV
056
CV
01
3C
V01
2
CV
040
CV050
CV020
CV070
WWER-1000Reactor Model
First Phase of Accident Progression• IE TBO and DC power available
• Covers the period from CD to vessel breach- CD = 1200 ͦC of claddings
• Chronology:
Time [h:m]
Event Comment
0.0 IE – TBO with DC available
0.00+ Reactor Scram, MSIV* closure
0.00+ Diesel generators fail to start
0:03 MCP coast down
0:58 PORV opens Pressure is >180 MPa
3:03 H2 generation starts H2O-Zr
3:08 Gap release Core damage
3:36 Tcl >1200 C Core damage
4:23 Core degradation Loss of mass of CL
6:55 Vessel failure Start to eject to cavity
Pressure and Temperatures
• Primary Side pressure is
controlled by PORV
• Temperature increase rapidly
after water depletion
• Secondary Side pressure is
controlled by SG SV
• SDA assumed failed (no DC
power)
Levels
0
0.5
1
1.5
2
2.5
0.00 2.00 4.00 6.00 8.00
Lev
el [m
]
Time [hours]
SG levels0
2
4
6
8
10
12
14
0.00 2.00 4.00 6.00 8.00
Lev
el [m
]
Time [hours]
Primary Side - Levels
TAF
BAF
Pressurizer level is maintained up to
vessel failure
RPV level start to decrease after SG
depletion
• Major insights:
• PRZ level not indicative for mass
inventory in the system
Hydrogen generation
0
100
200
300
400
500
600
700
0.00 2.00 4.00 6.00 8.00
Mass [
kg
]
Time [hours]
Hydrogen generated in in-vessel phase
Simplified
nodalization – 5
volumes in core
region
Total H2
production
H2 production
from Zr
H2 production
from Steel
H2 production
from B4CUpper FL
Lower FL
Last Upper FL
Lowest FL
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
0.00 2.00 4.00 6.00 8.00
Are
a F
racti
on
[-]
Time [hours]
Core blocking
STRUCTURAL ANALYSIS OF THE PRIMARY SIDE ELEMENTS
MCP/ SG header/ pressurizer surge
line
Tube bundle of the steam generator – part
Steam Generator
WWER-1000 models with the ALGOR product
o In case of a severe accident, the primary side
elements operate in beyond design
conditions. Therefore, an analysis is required
of their operability and probability of failure,
respectively.
o The conditions of their operation are
determined by deterministic analyses results
with MELCOR or other integral code.
o The analysis of Primary Side components
response is based on the following:
Deterministic part: determining the
ultimate capacity by using the finite
elements method
Probabilistic part: assessment of the
probability of failure (e.g. Larson-Miller
approach)
o A CET is a logical framework for estimating the range of
consequences associated with a given accident sequence
o A CET is a time-line of accident progression
• It represents the sequence of events that could lead to failure of the
containment pressure boundary and fission product release to the
environment
Initiating Event
System failures
Human actionsCore Damage
Challenges to
Containment
Integrity
Fission Product
Release to the
Environment
Level 1 Level 2
o It is a Probabilistic model• It represents uncertainties in ability to predict
accident progression
• Particular assumptions regarding each
uncertainty lead to different conclusions
regarding plant response to the sequence
o Branch point probabilities typically NOT based on statistical analysis of “data”• Reflect confidence that one outcome is more
likely to be correct than its alternative
Containment Fission Product
Response Release
Intact None
Accident Large
Sequence xxx Fails Late
Small
Large
Fails Early
Small
o Unlike the Level 1 event tree,
branch points in a CET often have
more than two possible outcomes:
• Branch may not simply represent
“success” or “failure” of an event
• Often represent alternative conditions or
physical process
o All branches represent sequences of
interest
• Quantification does not exclude “success”
paths
Hydrogen
Concentration Hydrogen
in Containment? Burn?
No burn
4 < Conc < 8%
Weak Deflagration
None
Accident
Sequence xxx 8 < Conc < 14% Weak Deflagration
Strong Deflagation
Strong Deflagation
Conc > 14%
Detonation
RV at Low Pressure at
Onset of Core Damage
Injection Recovered
No Vessel Breach
No Early Containment
Failure No MCCI
No Late Containment
Failure Sprays
Containment
Fails Early
Containment
Fails at VB with
RCS at High
Pressure
Containment
Fails at VB with
RCS at Low
Pressure
Containment
Bypass or
Isolation Failure
Containment
Fails Prior to
Vessel Breach
RCS Not
Depressurized
Before Vessel
Breach
Containment
Fails Given
RCS at High
Pressure
RCS
Depressurized
at Vessel
Breach
Containment
Fails Given
RCS at Low
Pressure
In-vessel
Steam
Explosion Fails
Containment
Containment
Fails by Over-
pressure
During Core
Degradation
RCS
Depressurized
Before Vessel
Breach
High-
Temperature
Failure of Cavity
Penetration
Hydrogen Burn
at Vessel Breach
Fails
Containment
KOZLODUY NPP EVENT TREE SARRP
59
NQ = NUMBER OF QUESTIONS (SEE LINE 2)
1 1.000
TB-OPT
1 WHAT IS THE INITIATING EVENT?
8 VB LL MBL SML ISL SGTR TR TBO
1 1 2 3 4 5 6 7 8
0.000 1.000 0.000 0.000 0.000 0.000 0.000 0.000
-----------------------------------------------------------------------------------------------
14 DOES THE OPERATOR DEPRESSURIZE THE RCS AFTER CD?
2 DEPR_Y DEPR_N
2 1 2
3 CASES
2 1 1
6 + 7
SGTR TR
0.990 0.010
1 1
8
TBO
0.000 1.000
OTHERWISE
1.000 0.000
Input from the Level 1 PSA – core damage minimal cut-sets/accident sequences
Containment performance analysis Response to severe accidents
General Steps of Level 2 PSA
o The analysis of containment structures
response is based on the following:
Deterministic part: determining the ultimate
capacity by using the finite elements method
Probabilistic part: assessment of the
probability of failure under static and
dynamic loads by creating the so-called
fragility curves
o Software: Risk Engineering uses the
SOLVIA and LSDYNA, which allows the
development of 3D models of the
studied objects
“Solid” elements
Models of containment and WWER-1000/В320 Reactor Building
“Shell” elements
Input from the Level 1 PSA – core damage minimal cut-sets/accident sequences
Source term analysis Fission product transport/ release categorization
General Steps of Level 2 PSA
o The purpose of the analysis is to determine the
following:
• time, location, energy and amount of the
fission products released
• Analysis of the fractions by groups of
elements of fission products released
(MELCOR results)
• Assessment of fission products retention
o Using this analysis, both the full release activity,
and the activities of individual nuclides, which
have different consequences on the human body
and soil, water, etc., are obtained.
Release
category
Release frequency,
[y-1]
Aerosol release
activity,
[Bq]
Risk of aerosol
release,
[Bq/y]
Contribution to the
risk of aerosol
release,
[%]
Full release
[Bq]
TRAR
[Bq/y]
Contribution
to the TRAR
[%]
RC1 1.0E-06 1.3E14 1.3E08 10 2.5E-15 2.5E-15 2.8
Vessel at
Low
Pressure
No Early
Contain.
Failure
Early F.P.
Release to
Pool
No Core-
Concrete
Interaction
No Late
Contain.
Failure
Late
Release to
Pool
Sprays
Operate
Auxiliary
Building
Retention
RELEASE
CATEGORY
PDS LP CFE POOL DF CCI CFL POOL SPRYS AB RC
1
1
3
2
4
4
5
2
2
3
3
4
4
5
Input from the Level 1 PSA – core damage minimal cut-sets/accident sequences
Quantification
Results
Sensitivities, uncertainties
CET probabilities/ quantification
Frequencies of large (early) release / release
categories
Sources of uncertainty
General Steps of Level 2 PSA
o Two interpretations of the concept of ‘Probability’
• Classical statistics: Statistical analysis of set of random data
generates confidence intervals, not (strictly speaking)
probability – probability of frequency
• Bayesian: “a quantity that we assign theoretically, for the
purpose of representing a state of knowledge“ – probability of
probability
Bayesian: Informed judgment that a particular outcome will occur –
reflects ‘degree of belief’ of the observer.
Only Bayesian interpretation is appropriate for PSA (particularly
Level 2)
o Uncertainty :
• epistemic uncertainty – reflects our lack of knowledge of the state of a system
Can be reduced by further analysis (realistic approach)
Can be reduced by changing our domain of experience (constructivist approach)
• aleatory variability – randomness, observable measure of correspondence of our system model with the real world system
Cannot be reduced by any means (for given system boundaries or for same model of a system)
Very important statement – aleatory variability is a property of our model and not a
property of the real world system
March 16, 2017 32
Insights• NO big impact of releases
between 12-48 hours
• Dominant releases starts after48 hours
• Dominant risk comes fromPOS’s with closed reactor
Insights• Low risk of hydrogen burning
• Low risk steam explosions andHPME
• Almost 100% of the risk for Openreactor comes from isolationfailure (RC4, 5)
SFP
Open Reactor
Closed Reactor
0%
20%
40%
60%
80%
100%
<12<24
<48
0% 7%7%
7% 11%10%
93%82% 83%
LERF
LRF0%
20%
40%
60%
80%
100%
<12<24
<48
18%20%
21%
82%80%
79%
Isolation FailureAll Phenomena0%
10%
20%
30%
40%
RC01 RC02 RC03 RC04 RC05
38%
2%
29%
13%9%
38%
4%
36%
13%9%
Input from the Level 1 PSA – core damage minimal cut-sets/accident sequences
Use of the resultsIdentifications of severe accident vulnerabilities and
other applications
General Steps of Level 2 PSA
o Successful examples of applications of Level 2 PSA
• Comparison of results of the Level 2 PSA with probabilistic criteria
To determine if the overall level of safety of the plant is adequate
• Evaluation of plant design
To identify potential vulnerabilities in the mitigation of severe accidents
To compare design options
• Development of severe accident management guidelines
• Use of the source terms to provide an input into emergency planning
• Use of the source terms and frequencies to determine off-site consequences (Level 3 PSA)
• Prioritization of research relating to severe accident issues
• Use of a range of other PSA applications in combination with the Level 1 PSA results
Headquarters:
10, Vihren str.
Sofia 1618
Bulgaria
Tel. + 359 2 8089 703
Fax: +359 2 9507 751
www.riskeng.bg
March 16, 2017
March 16, 2017
THANK YOU!