risk monitoring for nuclear power plantrisk monitoring for...
TRANSCRIPT
S bi I t ti l W k h 2012 Ad d C diti M itSymbio International Workshop 2012 on Advanced Condition Monitorsfor Nuclear Power and Other Process System
Risk Monitoring for Nuclear Power PlantRisk Monitoring for Nuclear Power PlantRisk Monitoring for Nuclear Power Plant Risk Monitoring for Nuclear Power Plant Applications using PRAApplications using PRA
Nuclear Engineering, Ltd. (Osaka, Japan)Nuclear Engineering, Ltd. (Osaka, Japan)g g, ( , p )g g, ( , p )KURAMOTO Takahiro KURAMOTO Takahiro
September 3, 2012September 3, 2012
11
Company ProfileCompany Profile
KANSAI (The Kansai Electric Power Co., Inc.)KANSAI (The Kansai Electric Power Co., Inc.)
p yp y
–– Located in the center of JAPAN and supply electrical power in the Located in the center of JAPAN and supply electrical power in the “KANSAI” area.“KANSAI” area.Possesses 11 PWRs and is the second largest producer of electricalPossesses 11 PWRs and is the second largest producer of electrical–– Possesses 11 PWRs and is the second largest producer of electrical Possesses 11 PWRs and is the second largest producer of electrical power in Japan.power in Japan.
http://www1 kepco co jp/english/index htmlhttp://www1 kepco co jp/english/index htmlhttp://www1.kepco.co.jp/english/index.htmlhttp://www1.kepco.co.jp/english/index.html NEL (Nuclear Engineering, Ltd.)NEL (Nuclear Engineering, Ltd.)
Funded by KANSAI in order to supply and upgrade engineering servicesFunded by KANSAI in order to supply and upgrade engineering services–– Funded by KANSAI in order to supply and upgrade engineering services Funded by KANSAI in order to supply and upgrade engineering services which enhance the safety and reliability of nuclear power plants.which enhance the safety and reliability of nuclear power plants.
–– Perform PRA (especially Level 1, internal events, external events).Perform PRA (especially Level 1, internal events, external events).–– Use PRA for the Risk informed Activities, and so on.Use PRA for the Risk informed Activities, and so on.
http://www.neltd.co.jp/index_eng.htmlhttp://www.neltd.co.jp/index_eng.html
22
ContentsContents
IntroductionIntroduction
ContentsContents
1. Current Status of PRA, Risk informed Activities 1. Current Status of PRA, Risk informed Activities and Risk Monitoring in Japanand Risk Monitoring in Japan
2. The Achievements of Risk informed Activities in U.S.2. The Achievements of Risk informed Activities in U.S.3. Risk Monitoring3. Risk Monitoring4. Risk Monitoring System COSMOS Development4. Risk Monitoring System COSMOS Developmentg y pg y p5. Risk Monitoring Usages5. Risk Monitoring Usages6. Further Enhancements of COSMOS6. Further Enhancements of COSMOS
ConclusionConclusion
33
IntroductionIntroduction The results obtained by probabilistic risk assessment (PRA) provide The results obtained by probabilistic risk assessment (PRA) provide
useful risk information that can be utilized in identifying plant useful risk information that can be utilized in identifying plant
IntroductionIntroduction
y g py g pvulnerabilities, establishing plant maintenance programs, and revising vulnerabilities, establishing plant maintenance programs, and revising rules and guidelines. To facilitate the use of PRA, the government rules and guidelines. To facilitate the use of PRA, the government and nuclear industry is actively working on the preparation of and nuclear industry is actively working on the preparation of
l t id li d i d t t d d d id i thl t id li d i d t t d d d id i thregulatory guidelines and industry standards and considering the regulatory guidelines and industry standards and considering the application of riskapplication of risk--informed approaches to actual plants.informed approaches to actual plants.
It is necessary to continually monitor the risks depending on changing It is necessary to continually monitor the risks depending on changing l t diti h d i f t i kl t diti h d i f t i k i f di f dplant conditions, such as core damage, in future riskplant conditions, such as core damage, in future risk--informed informed
applications. For this purpose, risk monitoring system should be applications. For this purpose, risk monitoring system should be developed.developed.COSMOS i i k i i d l d b N lCOSMOS i i k i i d l d b N l COSMOS is a risk monitoring system developed by Nuclear COSMOS is a risk monitoring system developed by Nuclear Engineering Ltd. (NEL) for Level 1 PRA for atEngineering Ltd. (NEL) for Level 1 PRA for at--power and shutdown power and shutdown operation modes, which will be applied to plant operation and operation modes, which will be applied to plant operation and maintenance on a riskmaintenance on a risk informed basis COSMOS can pro ideinformed basis COSMOS can pro idemaintenance on a riskmaintenance on a risk--informed basis. COSMOS can provide informed basis. COSMOS can provide complete linkage with the integrated PRA tool RISKMAN, which has complete linkage with the integrated PRA tool RISKMAN, which has been widely adopted by plants at home and abroad.been widely adopted by plants at home and abroad.
44
1. Current Status of PRA, Risk informed 1. Current Status of PRA, Risk informed Activities and Risk Monitoring in JapanActivities and Risk Monitoring in JapanActivities and Risk Monitoring in JapanActivities and Risk Monitoring in Japan
55
Probabilistic Risk Assessment (PRA)Probabilistic Risk Assessment (PRA)Probabilistic Risk Assessment (PRA)Probabilistic Risk Assessment (PRA)
Systematic and Comprehensive Systematic and Comprehensive Methodology to Evaluate Methodology to Evaluate RisksRisks associated associated gygywith a Complex Engineered Technological with a Complex Engineered Technological EntityEntityEntityEntity(such as a (such as a Nuclear Power Plant (NPP)Nuclear Power Plant (NPP) ))
66
PRA Answers 4 Fundamental QuestionsPRA Answers 4 Fundamental Questions
1. What can go wrong?1. What can go wrong?
PRA Answers 4 Fundamental QuestionsPRA Answers 4 Fundamental Questions
1. What can go wrong?1. What can go wrong?i.e., what are the scenarios?i.e., what are the scenarios?
2. How likely is it?2. How likely is it?i.e., what are the scenario frequencies?i.e., what are the scenario frequencies?i.e., what are the scenario frequencies?i.e., what are the scenario frequencies?
3. What are the consequences?3. What are the consequences?
4. How do uncertainties impact the above 4. How do uncertainties impact the above answers?answers?answers?answers?
77
Assessment Type of PRA for NPPAssessment Type of PRA for NPPLevel
Level 1 : estimates the frequency of accidents that cause damage to the nuclear reactor corenuclear reactor core. This is commonly called core damage frequency (CDF).
Level 2 : which starts with the Level 1 core damage accidents,estimates the frequency of accidents that release radioactivity fromestimates the frequency of accidents that release radioactivity from the nuclear power plant.
Level 3 : which starts with the Level 2 radioactivity release accidents,estimates the consequences in terms of injury to the public andestimates the consequences in terms of injury to the public and damage to the environment.
Plant StatusPlant Operation (At-power) , Low-Power & Shutdown
Initiating Eventsg Internal Events : events originating within a NPP,
e.g., Loss of Coolant Accident (LOCA), TransientExternal Events : events originating outside a NPP,
88
g g ,e.g., Seismic, Floods (Tsunami)
Utilization of PRAUtilization of PRAUtilization of PRAUtilization of PRA
Risk Level and Risk Profile ConfirmationRisk Level and Risk Profile Confirmation Risk Level and Risk Profile ConfirmationRisk Level and Risk Profile Confirmation High Risk Equipments and Systems IdentificationHigh Risk Equipments and Systems Identification Risk informed Decision Making of Maintenance Risk informed Decision Making of Maintenance
PrioritizationPrioritizationPrioritizationPrioritization GradedGraded--QA, OnQA, On--Line Maintenance w/ TechLine Maintenance w/ Tech--Spec Spec
Changing & Risk Monitoring, RIChanging & Risk Monitoring, RI--ISI, RIISI, RI--IST, etcIST, etc
99
Status of PRA in JapanStatus of PRA in Japan All inAll in--service commercial NPPs (BWR/PWR) have been service commercial NPPs (BWR/PWR) have been
already evaluated Internal events CDF (Level 1) andalready evaluated Internal events CDF (Level 1) and
Status of PRA in JapanStatus of PRA in Japan
already evaluated Internal events CDF (Level 1) and already evaluated Internal events CDF (Level 1) and CFF (Level 2).CFF (Level 2).
Utilities should evaluate the risk (i e CDF/CFF atUtilities should evaluate the risk (i e CDF/CFF atUtilities should evaluate the risk (i.e., CDF/CFF at Utilities should evaluate the risk (i.e., CDF/CFF at operational mode and CDF at shutdown mode) of their operational mode and CDF at shutdown mode) of their own plants in the Periodical Safety Review (PSR) at own plants in the Periodical Safety Review (PSR) at l t 10l t 10least once per 10 years.least once per 10 years.
The external events PRA has been much studying The external events PRA has been much studying recently (especially Seismic and Tsunami PRA)recently (especially Seismic and Tsunami PRA)recently (especially Seismic and Tsunami PRA).recently (especially Seismic and Tsunami PRA).
Also, towards to the Risk informed Activities using PRA Also, towards to the Risk informed Activities using PRA result, utilities pay much efforts to update the PRAresult, utilities pay much efforts to update the PRAresult, utilities pay much efforts to update the PRA result, utilities pay much efforts to update the PRA model and documentations to meet the requirements of model and documentations to meet the requirements of standards and peer review.standards and peer review.
1010
Status of Risk informed Activities in JapanStatus of Risk informed Activities in Japanpp
Preparing Regulatory Preparing Regulatory Guideline (GL) forGuideline (GL) forRi k i f d R l tiRi k i f d R l tiRisk informed RegulationsRisk informed Regulations
Japanese Regulatory, Japanese Regulatory, NISA has PublishedNISA has PublishedT i lT i l GL t 2005GL t 2005TrialTrial--GL at 2005GL at 2005
1111
Status of Risk informed Activities in Japan (cont.)Status of Risk informed Activities in Japan (cont.) Many Technical Standards regarding PRA and Risk Many Technical Standards regarding PRA and Risk
informed Activities Published and Preparing under Atomicinformed Activities Published and Preparing under Atomic
Status of Risk informed Activities in Japan (cont.)Status of Risk informed Activities in Japan (cont.)
informed Activities Published and Preparing under Atomic informed Activities Published and Preparing under Atomic Energy Society of Japan (AESJ)Energy Society of Japan (AESJ)-- Internal Operational PRAInternal Operational PRApp-- Internal Shutdown PRAInternal Shutdown PRA-- Internal Flooding PRAInternal Flooding PRA-- Internal Fire PRAInternal Fire PRA-- Seismic PRASeismic PRA-- Tsunami PRATsunami PRA-- PRA ParameterPRA Parameter
ff-- Risk informed ActivitiesRisk informed Activities
Comprehensive PRA Peer Review PlanningComprehensive PRA Peer Review PlanningEff ti Ri k i f d A ti iti E f i d Pl iEff ti Ri k i f d A ti iti E f i d Pl i Effective Risk informed Activities Enforcing and PlanningEffective Risk informed Activities Enforcing and Planning
Ourtage Schedule Optimization w/Risk MonitoringOurtage Schedule Optimization w/Risk MonitoringOnOn--Line Maintenance(OLM) w/ Risk MonitoringLine Maintenance(OLM) w/ Risk Monitoring
1212
( ) g( ) gRIRI--ISI, etc.ISI, etc.
2 The Achievements of Risk informed2 The Achievements of Risk informed2. The Achievements of Risk informed 2. The Achievements of Risk informed Activities in U.S.Activities in U.S.
1313
History of Risk informed Regulations in U.S.History of Risk informed Regulations in U.S.
・1986.8 NRC: Policy Statement of ”Safety Goal”・1995.8 NRC: Policy Statement of “PRA Methods for Risk
informed Activities”S C C f “ S S・1996.8 ASME: Code Case of “RI-ISI, RI-IST”
・1998.8 NRC: Regulatory Guides for Risk informed Regulations)
R.G.1.174 GeneralR.G.1.175 RI-ISTR G 1 176 Graded QAR.G.1.176 Graded QAR.G.1.177 T-Spec (AOT/STI Change)R.G.1.178 RI-ISI
・2000.2 Industry: ”Maintenance Rule (NUMARC93-01, Rev1)”
1414
Reduction of Power Generation and Maintenance Cost in U.S.Reduction of Power Generation and Maintenance Cost in U.S.
Easing ofEasing of Restrictions Power Uprate
Outage Schedule
Reduction of Power Generation Cost
Long-term Cycle Operation
Support
Outage Schedule Optimization
( Shutdown Risk Evaluation )
AOT ExtensionRise of Availability
Shortening ofOutage Period
pp
At-Power Risk Monitoring
On-Line Maintenance(OLM)Reduction of Maintenance Cost
Support
RI-ISI、RI-IST
1515
OnOn--Line Maintenance (OLM)Line Maintenance (OLM) In the past, most planned maintenance works in NPPs In the past, most planned maintenance works in NPPs
were performed during an outagewere performed during an outage
( )( )
were performed during an outage.were performed during an outage. Currently, US utilities have been performing planned Currently, US utilities have been performing planned
maintenance on safety related components while themaintenance on safety related components while themaintenance on safety related components while the maintenance on safety related components while the plant is atplant is at--power.power.
By shifting certain planned maintenance activities By shifting certain planned maintenance activities y g py g pnormally performed during an outage (in particular, a normally performed during an outage (in particular, a refueling outage) to during power operation, the outage refueling outage) to during power operation, the outage duration can be significantly reducedduration can be significantly reducedduration can be significantly reduced.duration can be significantly reduced.
US availability and capacity factor measures have US availability and capacity factor measures have significantly improved ( a portion of this improvementsignificantly improved ( a portion of this improvementsignificantly improved ( a portion of this improvement significantly improved ( a portion of this improvement can be credited to OLM).can be credited to OLM).
1616
OnOn--Line Maintenance (OLM) (Cont.)Line Maintenance (OLM) (Cont.) Plant configurations are not limited by plant Technical Plant configurations are not limited by plant Technical
Specifications in all casesSpecifications in all cases
( ) ( )( ) ( )
Specifications in all cases.Specifications in all cases. US NRC has expressed concern that utilities may not US NRC has expressed concern that utilities may not
be adequately considering the risks of extendedbe adequately considering the risks of extendedbe adequately considering the risks of extended be adequately considering the risks of extended operation in degraded plant configurations.operation in degraded plant configurations.
Utilities have responded to this concern using Risk Utilities have responded to this concern using Risk p gp gMonitoring.Monitoring.
Risk monitoring during OLM is now required under Risk monitoring during OLM is now required under P h (4) f 10 CFR 50 56 (M i t R l )P h (4) f 10 CFR 50 56 (M i t R l )Paragraph a(4) of 10 CFR 50.56 (Maintenance Rule).Paragraph a(4) of 10 CFR 50.56 (Maintenance Rule).
1717
Application Example for OnApplication Example for On--Line Maintenance (OLM) Line Maintenance (OLM)
Use Risk Matrix with the Out-Of-Service (OOS) combinations of the risk-
-- Salem NPP (1/3)Salem NPP (1/3)--Use Risk Matrix with the Out Of Service (OOS) combinations of the riskrelated components in OLM planning stage.
Risk Matrix Describes the risk level for the 2 components’ OOS combinations. Plant Staffs should Evaluate the risk even in the night time on demand.g
The risk level (Instantaneous CDF) of the OOS combinations is classifiedby 3 colors:
Red: 1E 4/year CDFRed: 1E-4/year CDFinsCannot Allow OLM.
Yellow: 5E-5/year CDFins 1E-4/yearC All OLM ith li bl ti MCan Allow OLM with applicable compensative Measures.
Green: CDFins 5E-5/yearCan Allowable OLM with no Problem.
During OLM enforcement, Risk Monitoring with the actual plant configuration should be done. (Requirements from Maintenance Rule/ NUMARC93-01)
1818
( q )
Application Example for OnApplication Example for On--Line Maintenance (OLM) Line Maintenance (OLM)
p p p c Hx
Hx
p P p
Wtr p
Wtr p
er c
er c
er c
g p
g p
G G G
p p
-- Salem NPP (2/3)Salem NPP (2/3)--
Jet gtg
21AFW
22AFW
23AFW
#2EAC
SBO c
21CCW
22CCW
21CCW
22CCW
23CCW
21Ch W
22Ch W
21 Chill
22 Chill
23 Chill
21 Chr g
22 Chrg
2A D/G
2B D/G
2C D/G
21RHR
22RHR
Jet gtgT T T TT T T
21AFW p22AFW p T T T
T T
T TT
T T T T
22AFW p23AFW p#2EAC c
SBO c21CCW Hx22CCW Hx
21CCW p T T T TT T T
T TT T
TT T T T
21CCW p22CCW P
23CCW p21Ch Wtr p22Ch Wtr p21 Chiller c
T T TT T
T TTT T TT Tc - Compressor
21 Chrg p22 Chrg p
2A D/G2B D/G
22 Chiller c23 Chiller c
T T
T
c Compressor gtg- Gas Turbine Generator Hx. - Heat Exchanger p-Pump
2B D/G2C D/G21RHR p22RHR p
An Example of Risk Matrix
1919
Application Example for OnApplication Example for On--Line Maintenance (OLM) Line Maintenance (OLM) -- Salem NPP (3/3)Salem NPP (3/3)--
WEEK01 WEEK02 WEEK03 WEEK04 WEEK05 WEEK06 WEEK07 WEEK08 WEEK09 WEEK10 WEEK11 WEEK12A-BusChannel 1
B-BusChannel 2
C-BusChannel 3
No BusChannel 4
A-BusChannel 1
B-BusChannel 2
C-BusChannel 3
No BusChannel 4
A-BusChannel 1
B-BusChannel 2
C-BusChannel 3
No BusChannel 4
CDF=9 86E-05
CDF=6 47E-05
CDF=6 89E-05
CDF=6 93E-05
CDF=6 42E-05
CDF=7 57E-5
CDF=4 50E-5
CDF=7 79E-5
CDF=6 56E-5
CDF=8 16E-5
CDF=8 67E-5
CDF=4 00E-59.86E 05 6.47E 05 6.89E 05 6.93E 05 6.42E 05 7.57E 5 4.50E 5 7.79E 5 6.56E 5 8.16E 5 8.67E 5 4.00E 5
21 RHR-p 21 Chrg-p 23 CCW-p 22 CCW-Hx 21 SJ-p 22 RHR-p 22 SJ-p 21 CCW-Hx 23 Chrg-p 22 CCW-p 22 Chrg-p JET-gtg
21 CCW-p 22 AFW-p 22 CS-p 2A D/G 2B D/G 2C D/G 21 AFW-p 2B D/G 23 AFW-p2A D/G 2B S/G 2C D/G 21 Ch Wtr-p 22 CAV-s 23 CFCU 21 CS-p 22 Ch Wtr-p 2C D/G21 CAV-s 22 Chiller-c 21 ABV-s 21 SPAVS-x 22 ABV-s 23 ABV-x EDG 2A 24 CFCU 23 CAV-s22 SPAVS-X 22 SPAVS-S 21 CFCU SBO-c 21 Chiller-c 22 ABV-s 23 SPAVS-s22 SPAVS X 22 SPAVS S 21 CFCU SBO c 21 Chiller c 22 ABV s 23 SPAVS s21 ABV-X 22 CFCU 21 SPAVS-s 25 CFCU
21 CAV-s #2 EAC-c
21OR 22SW-p
23 OR 24SW-p
25 OR 26SW-p
Any OneSW-p
21OR 22SW-p
23 OR 24SW-p
25 OR 26SW-p
Any OneSW-p
21OR 22SW-p
23 OR 24SW-p
25 OR 26SW-p
Any OneSW-pSW p SW p SW p SW p SW p SW p SW p SW p SW p SW p SW p SW p
v-Valve gtg-Gas Turbine Generators-Spply Fan Hx-Heat Exchanger
GREEN<5.0E-05; 5 .0E-05< YELLOW <1.0E-04 ; RED >1.0E-4
x-Exhaust Fan p-Pumpc-Compressor SJ-Intermediate Head Injection
An Example of 12 weeks OLM Schedule
2020
3. Risk Monitoring3. Risk Monitoring
2121
Risk MonitoringRisk Monitoring Risk Monitoring is the essential item for the risk Risk Monitoring is the essential item for the risk
informed activitiesinformed activities
gg
informed activities. informed activities. In many countries, Risk monitoring has been installed In many countries, Risk monitoring has been installed
for their own riskfor their own risk--informed applications consistent withinformed applications consistent withfor their own riskfor their own risk informed applications consistent with informed applications consistent with the PRA models.the PRA models.
OECD/NEA report “ RISK MONITORS OECD/NEA report “ RISK MONITORS -- The State of the The State of the ppArt in their Development and Use at Nuclear Power Art in their Development and Use at Nuclear Power Plants (NEA/CSNI/R(2004)20) “ describes the status in Plants (NEA/CSNI/R(2004)20) “ describes the status in the worldthe worldthe world.the world.
2 key issues:2 key issues:“Shutdown risk evaluation for every outage”“Shutdown risk evaluation for every outage”Shutdown risk evaluation for every outageShutdown risk evaluation for every outage“At“At--power risk monitoring in case of Onpower risk monitoring in case of On--Line Line Maintenance”Maintenance”
2222
Risk MonitorRisk Monitoring (Risk Monitor)ing (Risk Monitor)D fiD fi itiiti b IAEAb IAEADefinDefinition ition by IAEAby IAEA
Risk Monitor isRisk Monitor is A plant specific realA plant specific real--time analysis tooltime analysis toolRisk Monitor is Risk Monitor is A plant specific realA plant specific real time analysis tool time analysis tool used to determine the instantaneous risk based on used to determine the instantaneous risk based on the actual status of systems and components. the actual status of systems and components. y py p
At any given time, the Risk Monitor reflects the At any given time, the Risk Monitor reflects the current plant configuration in terms of the known current plant configuration in terms of the known p gp gstatus of the various systems and/or components. status of the various systems and/or components.
The Risk Monitor is based on, and is consistent with, The Risk Monitor is based on, and is consistent with, , ,, ,the Living PRA. It is updated with the same the Living PRA. It is updated with the same frequency as the Living PRA. frequency as the Living PRA.
The Risk Monitor is used by plant staff in support of The Risk Monitor is used by plant staff in support of operational decisionsoperational decisions
2323
Risk MonitorRisk Monitoringing BenefitsBenefitsgg
Manage plant operational safetyManage plant operational safety Manage plant operational safetyManage plant operational safety Support scheduling activitiesSupport scheduling activities Achieve greater flexibility in plant operationsAchieve greater flexibility in plant operations Provide justifications for carrying outProvide justifications for carrying out OnOn LineLine Provide justifications for carrying out Provide justifications for carrying out OnOn--Line Line
MMaintenance aintenance (OLM)(OLM) Provide information on the risk importance of Provide information on the risk importance of
components that are in service as well as outcomponents that are in service as well as outcomponents that are in service as well as out components that are in service as well as out of serviceof service
2424
(Regular) (Regular) PRA PRA v.s. v.s. Risk MonitorRisk Monitoringing
Regular Regular PRA provides average risk, CDFPRA provides average risk, CDFavgavg, using average , using average initiating event frequencies and maintenance unavailabilitiesinitiating event frequencies and maintenance unavailabilities
Risk monitorRisk monitoringing provide pointprovide point--inin--time risk, CDF (t), for the time risk, CDF (t), for the current plant configuration and environmental factorscurrent plant configuration and environmental factors
CDF CDF
CDFavgCDF ( t )
t [years] t [years]
2525
How How should be should be Risk MonitorRisk Monitoringing Used?Used?gg
OnOn--Line forLine for actual control and maintenanceactual control and maintenance::OnOn--Line forLine for actual control and maintenanceactual control and maintenance::–– Risk informed IRisk informed Informationnformation for Decision Makingfor Decision Making–– MonitoringMonitoring the Rthe Risk qualitatively and quantitativelyisk qualitatively and quantitatively–– Monitoring Monitoring the Rthe Risk qualitatively and quantitativelyisk qualitatively and quantitatively–– Calculating Allowed Outage Time Calculating Allowed Outage Time (AOT) (AOT) and and CCumulative umulative
RRiskisk
OffOff--line for planning:line for planning:–– FutureFuture MMaintenanceaintenance OOutagesutagesFuture Future MMaintenance aintenance OOutagesutages–– Long term Long term RRisk profilingisk profiling–– Analysis of Analysis of CCumulative umulative RRiskiskyy–– Evaluation Evaluation in case of in case of unplanned eventsunplanned events occuroccur–– Feedback Feedback –– lessons learntlessons learnt
2626
How How should be should be Risk MonitorRisk Monitoringing Used? (contUsed? (cont..))gg (( ))
Provides…Provides…IInformation about which components should benformation about which components should be–– IInformation about which components should be nformation about which components should be returned to service prior to taking others returned to service prior to taking others OOutut--OOff--SService and which components are the mostervice and which components are the mostSService and which components are the most ervice and which components are the most important ones during maintenance outagesimportant ones during maintenance outagesII t i t h th i t b i dt i t h th i t b i d–– IInput into whether more maintenance can be carried nput into whether more maintenance can be carried out onout on--line without increasing the overall riskline without increasing the overall risk
–– IInput into maintenance planningnput into maintenance planning to ato avoid peaks in void peaks in riskrisk
2727
Major Risk Monitoring Tools Used in U.S.Major Risk Monitoring Tools Used in U.S.
• EOOS Configuration Risk Monitor
j gj g
EOOS Configuration Risk Monitor- Developed by EPRI
• Safety Monitor TM
- Developed by ScientechDeveloped by Scientech
• PARAGON TM (ORAM-SENTINEL)PARAGON (ORAM SENTINEL)- Developed by ERIN
• Or, Some In-house Tools by each Utility
2828
Risk Monitoring ExampleRisk Monitoring ExampleSan Onofre NPP; Safety MonitorSan Onofre NPP; Safety MonitorTMTM–– San Onofre NPP; Safety MonitorSan Onofre NPP; Safety MonitorTM TM ––
2929
4.4. Risk Monitoring SystemRisk Monitoring SystemCOSMOS DevelopmentCOSMOS Development
3030
Outline of COSMOSOutline of COSMOS< PRA Software in KANSAI/NEL >< PRA Software in KANSAI/NEL >
NELFT
Fault Tree Drawings w/ FT checking Enhancements
RISKMANATORAS
INPUT generating
OUTPUT extracting
COSMOS FP
RISKMANDatabase
Outage Risk Evaluations
g
COSMOS-SD
COSMOS-FP
RM2R RISEDIT
Risk Monitoring
PRA ModelD i ti PRA Results
Documentations
3131
Descriptions
General Features of COSMOSGeneral Features of COSMOS COSMOS is a levelCOSMOS is a level--1 and internal event risk monitoring tool up to 1 and internal event risk monitoring tool up to
nownownow.now.
COSMOS has completely linkage to RISKMAN and the model.COSMOS has completely linkage to RISKMAN and the model.-- COSMOS does not require special PRA models for RISKMAN andCOSMOS does not require special PRA models for RISKMAN andCDF sequences which previously stored.CDF sequences which previously stored.
COSMOS has 2 separated modules “COSMOSCOSMOS has 2 separated modules “COSMOS--FP” and FP” and “COSMOS“COSMOS SD” f h PRA tifi ti COSMOS hSD” f h PRA tifi ti COSMOS h“COSMOS“COSMOS--SD” for each PRA quantification. COSMOS change SD” for each PRA quantification. COSMOS change the quantification logic between “COSMOSthe quantification logic between “COSMOS--FP” and “COSMOSFP” and “COSMOS--SD” with each usageSD” with each usageSD with each usage.SD with each usage.
3232
Key Features for Evaluation of COSMOSKey Features for Evaluation of COSMOS “COSMOS“COSMOS--FP” follows these steps:FP” follows these steps:
(1) Set the failure probability of basic event related to the (1) Set the failure probability of basic event related to the outage equipment to 1 0outage equipment to 1 0
yy
outage equipment to 1.0outage equipment to 1.0(2) Quantify the Fault Tree(FT)s by the BDD method(2) Quantify the Fault Tree(FT)s by the BDD method(3) Quantify the Event Tree(ET)s. Only the top events affected (3) Quantify the Event Tree(ET)s. Only the top events affected
b th t l l t db th t l l t dby the outage are recalculated.by the outage are recalculated.“COSMOS“COSMOS--FP” keeps the quantification results inside own FP” keeps the quantification results inside own database with one unique outage equipment case for the database with one unique outage equipment case for the
d ti f l l ti tid ti f l l ti tireduction of calculation time.reduction of calculation time.
COSMOSCOSMOS--SD” is mainly used for the risk evaluation of refuellingSD” is mainly used for the risk evaluation of refuellingCOSMOSCOSMOS SD is mainly used for the risk evaluation of refuelling SD is mainly used for the risk evaluation of refuelling shutdown repeatedly and cyclically, so the quantification logic is shutdown repeatedly and cyclically, so the quantification logic is different from “COSMOSdifferent from “COSMOS--FP”.FP”.In “COSMOSIn “COSMOS--SD” quantification FT reSD” quantification FT re--quantification is not donequantification is not doneIn COSMOSIn COSMOS--SD quantification, FT reSD quantification, FT re--quantification is not done. quantification is not done. “COSMOS“COSMOS--SD” sets the ET branching ratios (the split fractions) SD” sets the ET branching ratios (the split fractions) corresponding to various alignments in the ETs, and recorresponding to various alignments in the ETs, and re--quantifies quantifies the ETs directlythe ETs directly
3333
the ETs directly. the ETs directly.
Key Features for Evaluation of COSMOS (cont.)Key Features for Evaluation of COSMOS (cont.)Conventional Risk MonitorConventional Risk Monitor
y ( )y ( )
Quantify Core damage frequency based on the core damage Quantify Core damage frequency based on the core damage sequences or cutsets previously storedsequences or cutsets previously stored
Have to identify the outage equipments, before picking up core Have to identify the outage equipments, before picking up core dd
--The calculation precision is strongly dependent on the number of the The calculation precision is strongly dependent on the number of the prepared sequences.prepared sequences.
damage sequences.damage sequences.
COSMOSCOSMOS Quantify Core damage frequency directly from FTs and ETs Quantify Core damage frequency directly from FTs and ETs
quantificationquantification..
Treat all basic events for the input conditions. (COSMOSTreat all basic events for the input conditions. (COSMOS--FP)FP)
-- COSMOS does not require the core damage sequences or cutsets COSMOS does not require the core damage sequences or cutsets previously stored.previously stored.
3434
Treat all basic events for the input conditions. (COSMOSTreat all basic events for the input conditions. (COSMOS FP)FP)
COSMOSCOSMOS--FP (for atFP (for at--power)power)
COSMOSCOSMOS--DBDBCOSMOSCOSMOS--GUI GUI
(( ))
COSMOSCOSMOS--DBDBMaintenanceSchedule File Status of Equipments
and Quantification resultsSetting
Equipment Status(User Inputs)
Schedule Making / COSMOS-FP(COSMOS AUTO EXECUTE) Setting(COSMOS AUTO.EXECUTE)
User Interface for MaintenanceSchedule Inputting andcalculated CDF Outputting
CommunicationsCommunications
p gfor each condition / COSMOS-FP
(COSMOS AUTO.EXECUTE)
RISKMANRISKMANCOSMOS QUANTIFICATION COSMOS QUANTIFICATION
CommunicationsCommunicationsControlControlSPLITSPLIT FRACTIONSFRACTIONS
PRA MODEL
ENGINES and SYSTEMSENGINES and SYSTEMSET Re-quantification
ET ENGINE
(OPENINSIGHT)(OPENINSIGHT)
FT Re-quantificationARALIA (BDD Method)
3535
(Using XML Format )
( )
Key Features of COSMOSKey Features of COSMOS--FPFP
AA t COSMOSt COSMOS FPFP ff h d lih d li ff tt
yy
・・ AssumeAssume to use COSMOSto use COSMOS--FPFP for for schedulingscheduling of of atat--power power OOnn--LLine ine MMaintenanceaintenance..
・・ Restore sets of status of equipments and the Restore sets of status of equipments and the quantification results to the database. COSMOSquantification results to the database. COSMOS--FP FP qqutilizes the utilizes the database for speeding calculationdatabase for speeding calculation..
・・ Have a feature ofHave a feature of successive execution of FTs and ETssuccessive execution of FTs and ETs・・ Have a feature of Have a feature of successive execution of FTs and ETssuccessive execution of FTs and ETscorresponding to the Oncorresponding to the On--Line Maintenance equipments.Line Maintenance equipments.
3636
OnOn--Line Maintenance Scheduling and Risk Line Maintenance Scheduling and Risk E l ti (COSMOSE l ti (COSMOS FP)FP)Evaluation (COSMOSEvaluation (COSMOS--FP)FP)
・・Input GenerationInput Generation-- Gantt Chart OperationGantt Chart Operation-- Inputs referred to CalendarInputs referred to Calendar-- Inputs from Formatted file (XML)Inputs from Formatted file (XML)-- “In“In--service” or “Standby“ or “Outservice” or “Standby“ or “Out--ofof--Service” SwitchingService” Switching
・・Result IndicationResult IndicationTime dependent CDF and/orTime dependent CDF and/or-- Time dependent CDF and/or Time dependent CDF and/or ICCDP/Cumulative ICCDP OutputsICCDP/Cumulative ICCDP Outputs
-- The CDF sequence outputs The CDF sequence outputs by each time phaseby each time phase
-- The core damage frequency outputs The core damage frequency outputs for every IE by each time phasefor every IE by each time phase
3737
for every IE by each time phasefor every IE by each time phase
Successive Execution of Systems and ETs Successive Execution of Systems and ETs corresponding to Exact Plantcorresponding to Exact Plant ConditionsConditions
1 S t th t i t t t1 S t th t i t t t1. Set the exact equipments status1. Set the exact equipments status-- InIn--service, Standby or Outservice, Standby or Out--OfOf--Service of PRA equipmentsService of PRA equipments
2. 2. ReRe--quantify the system failure probabilitiesquantify the system failure probabilities based on exact based on exact equipments statusequipments statusthe failure probability of maintenance equipment as 1 0the failure probability of maintenance equipment as 1 0
33 RR tif E t Ttif E t T i d t d t f il b bilitii d t d t f il b biliti
-- the failure probability of maintenance equipment as 1.0the failure probability of maintenance equipment as 1.0-- Based on BDD method using ARALIABased on BDD method using ARALIA
3. 3. ReRe--quantify Event Treesquantify Event Trees using updated system failure probabilitiesusing updated system failure probabilities-- We developed quantification Engines and successively quantification We developed quantification Engines and successively quantification
system cooperated.system cooperated.system cooperated.system cooperated.
-- COSMOSCOSMOS--FP stored sets of status of equipments and the quantification FP stored sets of status of equipments and the quantification results (CDFs for each IE and the sequences of CDF) to COSMOSresults (CDFs for each IE and the sequences of CDF) to COSMOS--DB.DB.
3838
COSMOSCOSMOS--SD (for shutdown)SD (for shutdown)
COSMOSCOSMOS--DBDBCOSMOSCOSMOS--GUI GUI COSMOSCOSMOS DBDBMaintnanceSchedule File Status of Equipments
and Quantification resultsStoring
Equipment Status(User Inputs)
POS Defining / COSMOS-SD(COSMOS AUTO EXECUTE) Storing(COSMOS AUTO.EXECUTE)
User Interface for MaintenanceSchedule Inputting andcalculated CDF Outputting
CommunicationsCommunications
for each POS / COSMOS-SD(COSMOS AUTO.EXECUTE)
RISKMANRISKMANCOSMOS QUANTIFICATION COSMOS QUANTIFICATION
CommunicationsCommunicationsControlControlSPLITSPLIT FRACTIONSFRACTIONS
PRA MODEL
( Using XMLFormat )
PRA MODELENGINES and SYSTEMSENGINES and SYSTEMS
ET Re-quantificationET ENGINE
(OPENINSIGHT)(OPENINSIGHT)
3939
Format )(Using XML Format )
Key Features of COSMOSKey Features of COSMOS--SDSD
・・ COSMOSCOSMOS--SD is utilized for the SD is utilized for the risk evaluation during risk evaluation during
yy
shutdownshutdown..
・・ Equipments are normally maintained each system unitsEquipments are normally maintained each system unitsEquipments are normally maintained each system units. Equipments are normally maintained each system units. So So COSMOSCOSMOS--SD does not reSD does not re--quantify FTsquantify FTs based on based on basic eventsbasic events but rebut re--quantify only ETsquantify only ETs based on systemsbased on systemsbasic eventsbasic events but rebut re quantify only ETsquantify only ETs based on systems.based on systems.
・・ COSMOSCOSMOS SD divides Shutdown into POSsSD divides Shutdown into POSs・・ COSMOSCOSMOS--SD divides Shutdown into POSs SD divides Shutdown into POSs automaticallyautomatically. Each POS is divided depending on RCS . Each POS is divided depending on RCS water level and the cooling systems (SG or RHR)water level and the cooling systems (SG or RHR)water level and the cooling systems (SG or RHR). water level and the cooling systems (SG or RHR). Moreover they are divided by status of the mitigation Moreover they are divided by status of the mitigation systemssystems
4040
systems.systems.
Outage (Shutdown) Scheduling and Risk Outage (Shutdown) Scheduling and Risk Evaluation (COSMOSEvaluation (COSMOS--SD)SD)
I t G tI t G t•• Input GeneratorInput Generator-- Gantt Chart OperationGantt Chart Operation-- Inputs through CalendarInputs through Calendarp gp g-- Inputs from Formatted file (XML)Inputs from Formatted file (XML)-- “In“In--service” or “Standby“ or “Outservice” or “Standby“ or “Out--OfOf--Service” SwitchingService” Switching
••Result indicationResult indication-- Time dependent CDFTime dependent CDF-- The CDF sequence outputs The CDF sequence outputs by each POSby each POS
-- The core damage frequency outputs The core damage frequency outputs g q y pg q y pfor every IE by each POSfor every IE by each POS
4141
Improvement RISKMAN modelImprovement RISKMAN modelf Sh td E l tif Sh td E l tifor Shutdown Evaluationsfor Shutdown Evaluations
Reactortrip HHSIAFW success
Top event
RISKMAN MODELTop eventSys-A Sys-B Sys-C・・・
POS-1 duration time(hr)
Initiating
Top eventPOS
Stand by(=0.0)
outage(=1.0)
( )
POS-2 duration time(hr)
POS-3 duration time(hr)
POS-4 duration time(hr)
POS-5A duration time(hr)
geventfrequenc
SUPPORT and FRONTLINE ET
core damagey( )POS-5A duration time(hr)
POS-5B duration time(hr)
POS-5C duration time(hr)
cy(/hr)
MULTI BRANCH MAINTENANCE ET FRONTLINE ETPOS ET MAINTENANCE ET
•• Get all POSs CDF once quantificationGet all POSs CDF once quantification•• Maintenance System Maintenance System Status for Each POSStatus for Each POS
•• Get all POSs CDF once quantificationGet all POSs CDF once quantification
4242
Status for Each POSStatus for Each POS
Demonstrations of COSMOSDemonstrations of COSMOS
4343
5. Risk Monitoring Usages5. Risk Monitoring Usages
4444
AtAt--power risk monitoring in case of OLpower risk monitoring in case of OLMM(COSMOS(COSMOS--FP)FP)
During the OLM, the risk significant system or component may During the OLM, the risk significant system or component may be planned under the Outbe planned under the Out--OfOf--Service (OOS) condition.Service (OOS) condition.Thus when developing the OLM schedule, the plant must Thus when developing the OLM schedule, the plant must p g , pp g , precognize the risk impact in every case of the possible recognize the risk impact in every case of the possible configuration. configuration.
Also during the actual OLM enforcement the additional riskAlso during the actual OLM enforcement the additional riskAlso during the actual OLM enforcement, the additional risk Also during the actual OLM enforcement, the additional risk significant system or component can be accidentally failed.significant system or component can be accidentally failed.Thus, the plant must continuously evaluate the risk with the Thus, the plant must continuously evaluate the risk with the actual plant configuration during the OLM enforced periodactual plant configuration during the OLM enforced periodactual plant configuration during the OLM enforced period.actual plant configuration during the OLM enforced period.
In current Japanese status, the actual OLM enforcement has not In current Japanese status, the actual OLM enforcement has not been permitted in the plant maintenance application yet. been permitted in the plant maintenance application yet. H tiliti t dil t d i t i t d hH tiliti t dil t d i t i t d hHowever, utilities are steadily studying to introduce such However, utilities are steadily studying to introduce such activities for their plants with the risk monitoring system activities for their plants with the risk monitoring system preparations.preparations.
4545
AtAt--power risk monitoring in case of OLpower risk monitoring in case of OLMM(COSMOS(COSMOS--FP)FP) (cont.)(cont.)
The plant must evaluate the risk The plant must evaluate the risk impact (CDF) by the possible impact (CDF) by the possible OOS combination of riskOOS combination of riskOOS combination of risk OOS combination of risk significant system or component significant system or component in the OLM planning stage.in the OLM planning stage.Th l t l t th lTh l t l t th l i ki kThe plant can select the lowThe plant can select the low--risk risk OOS combination form the risk OOS combination form the risk information beforehand.information beforehand.information beforehand.information beforehand.
COSMOS can easily evaluate this COSMOS can easily evaluate this risk impact matrix for the OLM risk impact matrix for the OLM
titipreparations.preparations.
4646
AtAt--power risk monitoring in case of OLpower risk monitoring in case of OLMM(COSMOS(COSMOS--SDSD))
The shutdown PRA evaluations are applied as useful risk The shutdown PRA evaluations are applied as useful risk information for the outage scheduling optimization. Specifically, information for the outage scheduling optimization. Specifically, when developing the outage schedule the risk mitigationwhen developing the outage schedule the risk mitigationwhen developing the outage schedule, the risk mitigation when developing the outage schedule, the risk mitigation measures were identified by analyzing risks to incorporate them measures were identified by analyzing risks to incorporate them into the outage schedule and so reduce risks during outage. into the outage schedule and so reduce risks during outage.
To perform these activities, the risk monitoring system is To perform these activities, the risk monitoring system is effectively used.effectively used.
Also at the outage scheduling optimization the plant sets the inAlso at the outage scheduling optimization the plant sets the in Also at the outage scheduling optimization, the plant sets the inAlso at the outage scheduling optimization, the plant sets the in--house risk criteria for the decision making.house risk criteria for the decision making.
4747
AtAt--power risk monitoring in case of OLpower risk monitoring in case of OLMM(COSMOS(COSMOS--SDSD)) (cont.)(cont.)
If the plant risk level exceeds the inIf the plant risk level exceeds the in--house risk criteria, outage house risk criteria, outage schedule should be modified. However, to achieve a balance with schedule should be modified. However, to achieve a balance with the other objective of PRA which is to improve efficiency, the the other objective of PRA which is to improve efficiency, the j p y,j p y,outage schedule will be modified within a reasonably achievable outage schedule will be modified within a reasonably achievable range, and not all the risk mitigation measures will be reflected in range, and not all the risk mitigation measures will be reflected in the outage schedule.the outage schedule.gg
Even if risk exceeds the risk criteria and the outage schedule Even if risk exceeds the risk criteria and the outage schedule cannot be modified within a reasonably achievable range, the risk cannot be modified within a reasonably achievable range, the risk will be accepted with the following restrictions:will be accepted with the following restrictions:will be accepted with the following restrictions:will be accepted with the following restrictions:
-- Greater attention to operation must be paid during theGreater attention to operation must be paid during thespecified period with higher risk level.specified period with higher risk level.
E t b fi d b f h d d iE t b fi d b f h d d i-- Emergency measures must be confirmed beforehand during Emergency measures must be confirmed beforehand during a period with higher risk level.a period with higher risk level.
4848
An example of the An example of the inin--house risk criteria house risk criteria for the outage scheduling optimizationfor the outage scheduling optimization
【planned outage CDF<reference outage CDF×2】≧ ×2
< ×2
YELLOW
GREEN
Target for total CDF
The area ofThe area of
The area ofThe area of
< 2 G N
【time basedCDF<average of time based CDF×5】10-8 YELLOW
Target for time based CDF
e a ea o
【time based CDF<average of time based CDF×5】10
10-9
F(/h
our) Average of time based CDF
GREEN
10-10
me
base
d CD
F
For planned outage, there is some plant operating state that gravity injection or
10-11
Tim
Planned outage
Reference outage
Planned outage
Reference outage
time
p g g y jreflux cooling is not available.
For reference outage, there is no plant operating state that gravity injection or reflux cooling is not available.
4949
An example of the flow of outage An example of the flow of outage p gp gschedule optimizationschedule optimization
Develop/modify planned outage
CDF d tiCDF d ti YES
Agree with TAgree with T-Spec?
CDF reductionis possible?CDF reductionis possible?No
No
YES
Implement PRA for planned outage Outage settled with criteria
・ Call attention in high CDF period
Yes No
・ Confirm on abnormal status in advanceResults is belowin-house criteria?Results is belowin-house criteria?
No
Outage settled
Yes
5050
6. Further Enhancements of COSMOS6. Further Enhancements of COSMOS
5151
Further Enhancements for COSMOSFurther Enhancements for COSMOSFurther Enhancements for COSMOSFurther Enhancements for COSMOS
GUI improvements for more userGUI improvements for more user--friendlyfriendlyGUI improvements for more userGUI improvements for more user friendlyfriendly Event Tree (ET) quantification speedingEvent Tree (ET) quantification speeding--up more up more Importance calculation function addingImportance calculation function adding Importance calculation function adding Importance calculation function adding Calculation logic of “COSMOSCalculation logic of “COSMOS--SD” based on ETs SD” based on ETs
rere quantification shifting to “COSMOSquantification shifting to “COSMOS FP” basedFP” basedrere--quantification shifting to COSMOSquantification shifting to COSMOS--FP based FP based on Fault Trees and ETs Reon Fault Trees and ETs Re--quantification quantification Linkage developing to the maintenanceLinkage developing to the maintenance Linkage developing to the maintenance Linkage developing to the maintenance
schedulers schedulers Deterministic evaluation (DefenseDeterministic evaluation (Defense InIn Depth)Depth) Deterministic evaluation (DefenseDeterministic evaluation (Defense--InIn--Depth) Depth)
function addingfunction adding
5252
ConclusionsConclusions “Risk Monitoring” is the essential item for the PRA usage and risk“Risk Monitoring” is the essential item for the PRA usage and risk--
informed activities, and we assume “Atinformed activities, and we assume “At--power risk monitoring in power risk monitoring in
ConclusionsConclusions
,, p gp gcase of Oncase of On--Line Maintenance (OLM)” and “Shutdown risk Line Maintenance (OLM)” and “Shutdown risk evaluation for every outage” are 2 key issues for “Risk Monitoring”.evaluation for every outage” are 2 key issues for “Risk Monitoring”.O NEL h d l d Ri k M it i S tO NEL h d l d Ri k M it i S t Our company NEL has developed a Risk Monitoring System Our company NEL has developed a Risk Monitoring System called COSMOS to support above 2 issues. COSMOS has two called COSMOS to support above 2 issues. COSMOS has two separated modules “COSMOSseparated modules “COSMOS--FP” (for atFP” (for at--power) and “COSMOSpower) and “COSMOS--pp (( p )p )SD” (for shutdown) with the aim of each utilization.SD” (for shutdown) with the aim of each utilization.
COSMOSCOSMOS--FP is utilized for atFP is utilized for at--power OLM scheduling. COSMOSpower OLM scheduling. COSMOS--SD is utilized for the risk evaluation during shutdown periodSD is utilized for the risk evaluation during shutdown periodSD is utilized for the risk evaluation during shutdown period. SD is utilized for the risk evaluation during shutdown period.
COSMOS has been already the fundamental risk monitoring tool COSMOS has been already the fundamental risk monitoring tool for the PRA usage and riskfor the PRA usage and risk--informed activities Also for the futureinformed activities Also for the futurefor the PRA usage and riskfor the PRA usage and risk--informed activities. Also for the future informed activities. Also for the future applications for the risk monitoring and risk informed applications, applications for the risk monitoring and risk informed applications, COSMOS should continue to make the further enhancements.COSMOS should continue to make the further enhancements.
5353