440 likes | 759 Views
Nuclear Power Plant Fire Probabilistic Risk Assessment (PRA). Supplement to “Fire Hazard Analysis for Nuclear Engineering Professionals” Icove and Ruggles, (2011). Plant Fire Hazard Analysis in PRA.
E N D
Nuclear Power Plant Fire Probabilistic Risk Assessment (PRA) Supplement to “Fire Hazard Analysis for Nuclear Engineering Professionals” Icove and Ruggles, (2011) Funded by US-NRC: EDU10-002
Plant Fire Hazard Analysis in PRA • Probabilistic Risk Assessment (PRA) is increasingly the central tool for plant safety mangement and regulation. • The fire risk to the plant was initially not well represented in the internal events PRA. • A separate fire safe shutdown path was established to assure safe cold shutdown in 72 hours, for any postulated fire. Funded by US-NRC: EDU10-002
Fire PRA (NUREG/CR 6850) 2005 • We will review how fire modeling is integrated with the plant PRA. • Focus on process, with all NPP already operating with an internal events PRA. • A more detailed review is available from EPRI, who participated in the initial FIRE PRA work with NRC. Funded by US-NRC: EDU10-002
NUREG/CR 6850 Fire PRA Methodology for Nuclear Power Facilities Funded by US-NRC: EDU10-002
More NUREG/CR 6850 Funded by US-NRC: EDU10-002
Task 1: Plant Boundary and Partitioning • Global Boundary: Diesel Tanks, Substation, Intake pumps, auxiliary external fuel storage. • Plant Partitioning: By safety class, building, function, and impact on safe shut down path. • Fire Compartments: Fire modeling based decisions, “can this be modeled as a compartment?”. Some fire zones based on a protection or sensor system may not make good fire compartments. Funded by US-NRC: EDU10-002
Task 1 Confessions • Ignition sources and components will eventually drive analysis, so be careful in selection of divisions. • Cables appear to be the biggest driver for uncertainty in consequence predictions. The components selected partially determine the cables for which routing must be known. • Do we know where all our cables are? Funded by US-NRC: EDU10-002
Task 2: Components Selection • Plants already have a Fire Safe Shutdown Analysis-path allowing Cold shut-down in 72 hours. • Plant Critical Safety Systems Involved: • Reactivity Control • Reactor Cooling System (RCS) integrity • Decay Heat management • Containment integrity? • Process/plant status monitoring Funded by US-NRC: EDU10-002
Task 2: Components • Fire PRA will include active components that can contribute to compromise of safe shutdown, and these components are often part of the safe shutdown systems: • Injection pumps and safety injection pumps • Motor Operated, Air operated, Manual Control Valves that can be opened to cause loss of coolant to RHR system or containment. • Instruments that may malfunction to initiate inappropriate valve, pump, or operator actions. Funded by US-NRC: EDU10-002
Task 2: Components • The component list may expand to include supporting components and instrumentation: • Header tanks and associated level and temperature instruments (pumps). • Line pressure and flow instrumentation used to ascertain function (pumps). • Power supplies and switch gear for all above. • Fire instruments and protection systems for all above (they also failure probabilities). Funded by US-NRC: EDU10-002
Task 2: Components and SA, SI • Spurious Activation….fires can cause spurious activations when cable trays are burning. • Spurious Indications….fires can cause spurious indications when instruments and cable trays are burning. • PRA will include some Human Reliability Analysis in concert with Prescribed Operator Response for defined conditions (normal, fire, emergency, RHR, full power, etc.). Indications from plant induce response of operator. Funded by US-NRC: EDU10-002
Sometimes we decide to alter our perception of reality to get a good result. Task 2: Confessions Taken From: NUREG 0492- Fault Tree Handbook The component list may be expanded to “improve” the PRA outcome. Redundant systems offer multiple paths to safe shutdown. Complementary and/or redundant instruments offer more comprehensive information to operator. Additional components may improve plant probability to shut down safely. Funded by US-NRC: EDU10-002
Task 2: Components • “Should the resulting fire PRA CDF/LERF or other results be considered inadequate (e.g. too high) and it is desired later to model more of the equipment list and model more of that credited in the internal events PRA, the equipment list from the full internal events PRA is readily available.” pp. 2-25 NUREG 6850, Vol. 2. Funded by US-NRC: EDU10-002
Task 3: Cable Selection • Cables associated with fire PRA equipment and instruments. • Determine routing and location of these cables. • Identify power supplies for equipment and instruments. • Correlate cables to Fire PRA equipment and associated compartments and/or areas from Task 1. Funded by US-NRC: EDU10-002
Task 3: Cables • Circuit Failure Analysis (Task 9) may expand the fire cable list, and some thought toward likely Task 9 outcomes may save time here. • Database retrieval of cable routing and location information is required, but generally not available. Fire PRA pre-planning may need to include development of a cable routing database. Funded by US-NRC: EDU10-002
Task 3: Cable ID and Location, per NUREG/CR 6850. Funded by US-NRC: EDU10-002
Task 4: Qualitative Screening • Define plant trip initiators, and relate to compartments. • Establish compartments where there are no components or cables relevant to plant protection that would be damaged by fire in that compartment. • Screening removes compartments from more detailed fire modeling. Funded by US-NRC: EDU10-002
Task 5: Fire Induced Risk Model • PRA models to predict core damage frequency (CDF) and Large Early Release Frequency (LERF). • This is usually leveraged from earlier internal events PRA modes. • Several software packages are available, both fault tree (outcome centric) and event tree (initiator centric) approaches are used. Funded by US-NRC: EDU10-002
Task 5: PRA model observation • Fire induced initiating events….commonly used term exposes the challenge in fire PRA. • Fires are somewhere between a top event, like an off-site release, and a pure initiator, like a stuck open PORV. Each fire has an initiator of its own, and a sequence of progression, and can cause several other “initiating events” for the plant PRA. Funded by US-NRC: EDU10-002
Task 5: Fire PRA • Cable Room Fire: Plant nervous breakdown of a sort, can lead to several sequential failures/ initiating events: • Plant Trip • Loss of off site power • PORV opening • Loss of RCP seal cooling • Loss of steam generator level control/indication • Inappropriate safety injection… Funded by US-NRC: EDU10-002
Task 6: Fire Ignition Frequencies • One significant fire event per plant every 10 years implies 44 data points per year globally. • Unfortunately, all US plants are a little different, so data does not translate perfectly. • Important electrical component classes are pretty well characterized. • Most potential pool fire sources are diked, and flammable fluid inventories limited. Funded by US-NRC: EDU10-002
Task 6: Fire Frequency Funded by US-NRC: EDU10-002
Task 6: More Fire Frequencies: Frequencies apply to ALL equipment items within a unit. Divide by number of components. Funded by US-NRC: EDU10-002
Ignition Frequency: The rest of the story Funded by US-NRC: EDU10-002
Task 6: Plant Specific Frequencies • One can modify generic frequencies using unit specific data. • Suggested to use given frequencies, and map total unit based frequency onto a compartment by dividing number of components in compartment by total components in class (e.g. weighting Factor). • Components shared between two units may have frequency doubled. Funded by US-NRC: EDU10-002
Task 6: Ignition Frequencies • May further modify compartment frequencies to account for high maintenance areas (frequent cutting, welding,… painting). • May modify compartment ignition frequencies to accommodate traffic or storage patterns. • One size may not fit all, unit unique attributes should be considered even if generic ignition frequency table 6.1 is employed. Funded by US-NRC: EDU10-002
Task 7: Quantitative Screening • Initial qualitative screening assumed nothing in compartment mattered, or ignition frequency was very near zero. • Quantitative Screening still assumes all fails in compartment, but ignition frequencies and the internal events PRA are used to evaluate probability of core damage (CDP) or large early release (LERP). • Look for incremental core damage probability (ICDP) due to screened compartment to be less than 1e-6. Funded by US-NRC: EDU10-002
Task 8: Scoping Fire Modeling • Want to screen ignition sources that cannot threaten other targets in compartment. • Establish severity factors to unscreened ignition sources to prioritize detailed modeling. • Remember ignition sources (motors, cables, ele. cabinets) may be risk significant on their own. Funded by US-NRC: EDU10-002
Task 8: Use 98th Percentile HRR’s Funded by US-NRC: EDU10-002
Task 8: Use Zone of Influence (ZOI) Model to Establish Target Damage NUREG/CR 6850 suggests to use EPRI FIVE models. Flame, flame irradiation, plume, ceiling jet and HGL can cause damage. Walkdown recommended and forms provided to record inputs to FIVE code. Funded by US-NRC: EDU10-002
Task 8: Severity Factor Screened on 98th percentile HRR. If ignition source damages target at 97th percentile HRR, severity factor is 0.03. If just a small percentage of potential HRR is required to damage other targets, severity factor approaches unity. Funded by US-NRC: EDU10-002
Task 9: Circuit Failure Analysis • Create mapping of specific failure modes for circuits to specific fire induced cable failures. • Cables can fail several ways: short to ground, hot shorts, open circuit are the main ones. • Probabilities for each failure mode must be postulated in Task 10. • An “Equipment failure response Report” lists all outcomes of fire damage to the cable. Funded by US-NRC: EDU10-002
Task 9: Circuit Failure Analysis Funded by US-NRC: EDU10-002
Task 9: Cable Failure modes Convert to Circuit Failure modes • Spurious operation • Loss of Power • Erroneous indication • Loss of control, due to errors in feedback data from instruments • Loss of control due to loss of operator control connection Funded by US-NRC: EDU10-002
Task 10: Circuit Failure Mode “Likelihood” • Must define probability of each failure mode since they may lead to different outcomes. • Detailed Cable Data Required: insulation type, raceway type, power source, company in the raceway • Go to failure mode probability estimate tables Funded by US-NRC: EDU10-002
Task 10: Cable failure mode probabilities Funded by US-NRC: EDU10-002
Task 10: Example Failure Mode Probability Tables. Funded by US-NRC: EDU10-002
Task 11: Detailed Fire Modeling! Detailed fire growth and spread analysis Funded by US-NRC: EDU10-002
Task 12: Fire Human Reliability Assessment • Fire tenability, and other stress, leads to human failure events (HFEs). • Some plant trajectories require significant human intervention, and these may warrant adding this assessment. • Fire emergency procedures should be reviewed for possible HFEs that could cause increased risk. • HFE assessment aimed to improve instrumentation, MCR layout, or procedures to reduce possibility for errors. Funded by US-NRC: EDU10-002
Task 13: Seismic Fire Interactions • Sounded pretty over-the-top until just a few months ago (Earthquake-Tsunami-Fires). • Seismically induced fires • Degraded fire suppression and fire brigade effectiveness. • Spurious activation of suppression and detection systems. • Qualitative examination of these issues is suggested. Funded by US-NRC: EDU10-002
Task 14: Fire Risk Quantification • Recall that risk is a combination of probability and outcome: Core Damage (CDF) and Large Early Release (LERF) are main outcomes evaluated. • Uncertainty is also presented (Task 15). • Also note that PRA is always based on probability of postulated events/initiatiators, and the postulated probabilities are derived mostly from operational experience. Funded by US-NRC: EDU10-002
Tasks 15 and 16 • Task 15 examines the Fire PRA sensitivities and uncertainties. This may involve parts of the fire hazard assessment input to the PRA, and thus relate to the fire hazard assessment tools used, and the uncertainty in those tools as established through V&V. (Module 4) • Task 16 is the documentation of the fire PRA. Funded by US-NRC: EDU10-002