1 / 21

Defense-in-Depth and Mitigative Measures

Learn about the application of Defense-in-Depth (DID) and mitigative measures in nuclear facilities to prevent and mitigate accidents. Understand the importance of redundancy and multiple barriers in ensuring safety.

magillj
Download Presentation

Defense-in-Depth and Mitigative Measures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Defense-in-Depthand Mitigative Measures Paul Leonard

  2. Defense-in-Depth (DID) • What is Defense-in-Depth? • From NUREG-2150, A Proposed Risk Management Regulatory Framework, April 2012 “Defense-in-depth is an element of the NRC’s safety philosophy that employs successive measures to prevent accidents or mitigate damage if a malfunction, accident, or naturally caused event occurs at a nuclear facility. Defense-in-depth is a philosophy used by the NRC to provide redundancy as well as the philosophy of a multiple-barrier approach against fission product releases. The defense-in-depth philosophy ensures that safety will not be wholly dependent on any single element of the design, construction, maintenance, or operation of a nuclear facility. The net effect of incorporating defense-in-depth into design, construction, maintenance, and operation is that the facility tends to be more tolerant of failures and external challenges.”

  3. Application of DID for GL 2004-02 • Plants that choose Option 2 or 3 for end of year submittals, DID must be included to provide supporting justification for continued operation for the extended time required to complete actions in support of closure of GL 2004-02 • Mitigative measures describes how DID can be implemented at a particular plant • There are 2 areas where DID will need to be described, as applicable for the selected closure path • Inadequate flow through recirculation strainers • Inadequate flow through reactor core

  4. Application of DID for GL 2004-02 • NEI submitted a letter, with attachment, to NRC on March 5, 2012 identifying recommended approaches for implementation of DID (ML120730654 and ML120730660) • This letter recommended that the following characteristics should be addressed: • Multiple means to both detect and mitigate inadequate flow conditions through the recirculation strainer(s) and reactor core should be identified • Detection and mitigation measures may utilize non-safety equipment • Detection and mitigation measures may credit operator actions provided these actions are directed through procedures • A discussion should be included of any general or specific limitations on the application of identified measures (e.g., timing, break size applicability, flows)

  5. Application of DID for GL 2004-02 • The attachment to the letter provided examples of DID measures that exist within the industry • Many of the measures described currently exist within procedures at plants • Bulletin 2003-01 compensatory measures • Functional Restoration Procedures (Emergency Operating Procedure (EOP) framework) • Severe Accident Mitigation Guidelines (SAMG) • Extensive Damage Mitigation Guidelines (B.5.b or EDMG) • Plants need to evaluate the DID and mitigative measures that exist at their plant, or could be implemented • If additional measures need to be implemented, or could be implemented, then a schedule for implementation should be included in the end of year response

  6. Inadequate Recirculation Strainer Flow • Prevention or Delay of Inadequate Flow Condition • There are 2 primary methods to prevent or delay an inadequate strainer flow condition • Maintain an elevated pool temperature (above the precipitation temperature for chemical effects) • Need to be able to monitor temperature in the bulk pool or in systems taking suction on the sump • Reduce flow through the strainer(s) • This could be pre- or post-transfer to recirculation through selective removal (stopping) of pumps taking suction on the recirculation strainers or not starting these pumps following transfer to recirculation • Either option would probably require changes to the EOPs • May also require human factors impact evaluation, and training of the Operators

  7. Inadequate Recirculation Strainer Flow • Detection of inadequate recirculation strainer flow • For non-vented sump designs, monitoring of differential pressure across the strainer • With plant instrumentation, either currently existing or that could be installed • Containment pressure and pump suction pressure • Specifically installed sump instrumentation • May also be able to use plant process computer if inputs are provided • This could be either real time indication or alarm indication at a pre-determined setpoint • Direction for monitoring would need to be in either the EOPs as a continuous action step or through an alarm response procedure

  8. Inadequate Recirculation Strainer Flow • Detection of inadequate recirculation strainer flow • For vented sump designs, monitoring of differential water level across the strainer • With plant instrumentation, either currently existing or that could be installed • Containment water level and sump water level (internal to the sump or downstream) • Specifically installed sump instrumentation • May also be able to use plant process computer if inputs are provided • This could be either real time indication or alarm indication at a pre-determined setpoint • Direction for monitoring would need to be in either the EOPs as a continuous action step or through an alarm response procedure

  9. Inadequate Recirculation Strainer Flow • Detection of inadequate recirculation strainer flow • For all sump designs, monitoring of pump distress indication • Low flow, pump trip, or low suction pressure alarms • Pump discharge indications (flow, pressure) • Pump motor amperage (if so equipped) • Monitoring for these conditions is normally a part of Operator monitoring of plant equipment which is contained in plant procedures and is an inherent part of Operator training • Alarmed indication would be addressed by alarm response procedures and EOPs

  10. Inadequate Recirculation Strainer Flow • Mitigation of inadequate recirculation strainer flow • Reduction of flow demand on the strainer • Typically, EOPs contain specific steps to reduce flow through the systems up to and including stopping all pumps taking suction from the affected strainer • Alternation of recirculation trains • Applies only to plants that have separated strainers and recirculation sump suctions • Most effective if only one strainer train placed in service initially • Strainer backwash • Can be either a forced backwash or gravity drain backwash (dependent on plant design)

  11. Inadequate Recirculation Strainer Flow • Mitigation of inadequate recirculation strainer flow • RWT refill and realignment for injection flow • Most plants currently have direction in EOPs to initiate makeup to the RWT following transfer to recirculation • Onset of inadequate strainer flow not expected for several hours after event (following cooldown) • Would provide cooling for extended time since most EOPs direct reducing flow to a value required for decay heat removal • If necessary to transfer back to recirculation, can be accomplished at a reduced flow rate with potential for clean screen area as result of stopping flow previously

  12. Inadequate Recirculation Strainer Flow • Mitigation of inadequate recirculation strainer flow • Injection flow from alternate sources • Cross-tying RWTs between units • Use of CVCS holdup tanks as a water source to make up to the VCT allowing use of a charging pump for injection flow • Use of Appendix R cross-tie capability to supply RCP seal cooling flow paths or direct charging • Plants should evaluate what other options may exist at their plant • Typically, use of alternate flow paths already contained in procedures

  13. Inadequate Reactor Core Flow • Prevention or Delay of Inadequate Flow Condition • Maintain an elevated pool temperature (above the precipitation temperature for chemical effects) • Use components in the RHR, CS, or systems supplying cooling water to these systems, or combination • Would not need to be safety related components • Equipment currently used to limit cooldown when on shutdown cooling and when pressurized thermal shock may be a concern • Need to be able to monitor temperature in the bulk pool or in systems taking suction on the sump • Control (reduce) core flow • As discussed in inadequate strainer flow, reduced flow can have a similar positive impact on potential core blockage • Also has potential to extend time to formation of chemical precipitates

  14. Inadequate Reactor Core Flow • Prevention or Delay of Inadequate Flow Condition • Transfer to hot leg injection or combined hot leg / cold leg injection • Normally performed 4 to 12 hours following an event • Plants that have upper plenum injection and most plants that have multiple hot leg injection paths, the flow rate should be significantly greater than core boil off • For plants with limited flow capability, transfer to hot leg injection has potential to disturb debris collected on lower nozzle area • Plants would need to evaluate their existing procedures to determine which of these options are or could be instituted • Could require new steps in EOPs, evaluation of human factors impacts, and training of the Operators

  15. Inadequate Reactor Core Flow • Detection of inadequate core flow • Core exit thermocouples (CET) temperature increasing • Monitored as part of EOP status trees and safety parameter display system (SPDS) • Operators trained to detect increases in CET temperatures and transition to the appropriate EOP for mitigation actions • Decreasing reactor water level indication (RVLIS) • RVLIS is monitored throughout the EOPs • Operators trained to monitor and understand implications of decreasing water level, including transitioning to the appropriate EOP for mitigation

  16. Inadequate Reactor Core Flow • Detection of inadequate core flow • Increasing containment or auxiliary building radiation levels • Typically indicated by alarms in the main control room • For an event of this nature, TSC and EOF personnel typically monitor radiation monitors to detect increasing indications • EOPs and alarm response procedures direct actions to be taken to mitigate • Due to sensitivity of monitors and low alarm setpoints, identification of degrading core conditions occur well before significant release of radioactivity to containment

  17. Inadequate Reactor Core Flow • Mitigation of inadequate core flow • Transfer to hot leg injection or combined hot leg / cold leg injection flow paths • Direction for use of these flow paths are contained in most plants EOPs or SAMGs • Establish alternate flow paths • If blockage is cause for increasing CET temperatures, most of the currently suggested flow paths may not be effective • Alternating between hot and cold leg injection flow paths has potential to disturb the blocking debris bed (along with core boiling) allowing for necessary cooling

  18. Inadequate Reactor Core Flow • Mitigation of inadequate core flow • Start a reactor coolant pump • Currently in most EOPs or SAMGs • The slug flow would remove the blockage in the core • Implement SAMGs or EDMGs • These procedure sets provide additional guidance for addressing inadequate core flow conditions • Flood containment above hot and cold leg nozzle (and break location) to provide for convective circulation cooling of the reactor

  19. Additional DID Considerations • Plants may have additional capabilities (design features) that are not credited in design basis analyses • Debris interceptors • Reinforced insulation not previously credited • Other debris generation or debris transport features not specifically credited • Plants need to evaluate these design features since they can and do provide for some measure of defense-in-depth

  20. Actions to Support DID Measures • PWROG Involvement • It may be worthwhile for the Industry to obtain assistance from the PWROG to establish specific steps or actions in the EOPs through changes or additions to the Emergency Response Guidelines (ERG) framework • This type of approach was taken for development of the compensatory measures established in response to Bulletin 2003-01 • This would simplify the process for plants that desire to make changes to the EOPs to implement some of these DID measures • PWROG Response ---

  21. Conclusion • May be significant scope of work for plants to fully establish the DID measures available to them • As stated previously, if a DID measure does not currently exist, but a plant desires to implement at a future date, ensure the implementation schedule is included in the end of year response

More Related