1 / 26

Understanding Living PSA and Risk Monitors in Nuclear Power Plants

Learn about Living PSA and Risk Monitors for NPP safety assessment, their requirements and applications, as well as why risk is time-dependent. Explore the benefits of Risk Monitors in decision making.

waterman
Download Presentation

Understanding Living PSA and Risk Monitors in Nuclear Power Plants

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IAEA Training Course on Safety Assessment of NPPs to Assist Decision Making Risk Monitoring tools: Requirements of Risk Monitors, relation with the Living PSA, applications of Risk Monitors Lecturer Lesson IV 3_11.6 Workshop Information IAEA Workshop City , CountryXX - XX Month, Year

  2. Living PSA: Definition “A PSA of the plant, which is updated as necessary to reflect the current design and operational features, and is documented in such a way that each aspect of the model can be directly related to existing plant information, plant documentation or the analysts’ assumptions in the absence of such information. The LPSA would be used by designers, utility and regulatory personnel for a variety of purposes according to their needs, such as design verification, assessment of potential changes to the plant design or operation, design of training programmes and assessment of changes to the plant licensing basis” IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  3. Living PSA: General Requirements • The basis for the LPSA model should be comprehensively documented so that each aspect of the model can be directly related to existing plant information or to the analysts' assumptions of how the plant and the operating staff behave. • It must be possible to update the LPSA as changes are made to plant design and operation, feedback is obtained from internal and external operational experience, understanding of thermal-hydraulic performance or accident progression is improved, and advances are made in modelling techniques • A “Living PSA” can only be developed and maintained successfully by a team of qualified analysts with the full support of the plant management and the involvement of different plant departments. IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  4. Living PSA - Definition PSA updated as necessary to reflect the current design and operation of the plant Calculates the average risk from the plant - averaged over all modes of operation/ plant configurations Used for design verification, assessment of changes to design or operation, risk informed applications, etc. Used off-line by PSA specialists IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  5. Risk Monitors • A significant part of the PSA applications require near prompt knowledge of the actual risk caused by the actual situation at the plant. This requirement can be satisfied by using a special tool called a Risk Monitor. • A Risk Monitor is “a plant specific real-time analysis tool used to determine the instantaneous risk based on the actual status of the systems and components. At any given time, the safety monitor reflects the current plant configuration in terms of the known status of the various systems and/or components, e.g., whether there are any components out of service for maintenance or tests. The risk monitor model is based on, and is consistent with, the LPSA. It is updated with the same frequency as the LPSA. The safety monitor is used by the plant staff in support of operational decisions” IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  6. Risk Monitor - Definition “Real time” analysis tool ???? Consistent with the LPSA, updated with the same frequency Used to determine the instantaneous risk based on the current mode of operation/ plant configuration Used by plant staff to support operational decisions IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  7. Uses of Risk Monitors • Provide information on acceptability of point-in-time and annual average risk • Assist in compliance with Operating Rules (Tech Specs) for unplanned plant unavailabilities • Advise on the acceptability of future planned plant unavailabilities • Assist in planning multiple plant unavailabilities • Provide advice on-line • Advise with respect to both Deterministic and Probabilistic criteria IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  8. Why is Risk Time Dependent ? • Risk changes versus time due to several reasons: • Component outages • Different Plant alignments • Maintenance activities • Testing • External factors: Likelihood of offsite power, increased number of flights over the plant, etc. • Plant transients • Equipment degradation, plugging, ageing • Human factors: The operator is tired today or the new one is on duty • etc. • Neither LPSAs nor Risk Monitors account time dependently for all the influencing factors IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  9. More flexibility with allowed outages • Reduced likelihood of reactor shutdown being required • Forward planning capability helps to reduce average risk • Rapid response Some Advantages of a Risk Monitor IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  10. Instantaneous risk Estimated average risk Real average risk Risk Versus Time IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  11. PSA / Risk Monitor Uses/Users • Analysis of the past: • Event incident analysis (PSA-Risk Monitor) • Plant Performance, risk profiles (Risk Monitor) • etc. • Analysis of present situation: • IST, Technical Specification Analysis (PSA) • Exemption to Tech. Specs (Risk Monitor) • Plant configuration Control, Risk Management (Risk Monitor) • etc. • Analysis of the future: • Maintenance Planning (Risk Monitor), etc. • Maintenance Rule (Risk Monitor) • Risk Monitors can be used on and off-line, by PSA experts • and other staff (Operation, Maintenance) • PSA is used off-line and by PSA experts • Uses depend on type of Regulatory Regime IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  12. Average and Instantaneous Risk Considerations in Risk Monitors • With risk monitors we try to assess the effect of plant alignments, component outages and testing and some other factors on instantaneous risk. • Some other factors affecting risk remain treated as average. Therefore, properly speaking, it is wrong that risk monitors provide real time risk measures. • However, this doesn’t diminish the usefulness of risk monitors. It is not intended to assess time dependently all the factors affecting risk. • We only need to make sure that such factors cannot make such an influence at given time, so that adverse decisions can be made based on risk monitor results. In other words, we have to make sure that we treat adequately some factors time dependently and that it is acceptable to consider such other factors as average. IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  13. Average and Instantaneous Risk Considerationsin Risk Monitors • Risk monitors don’t provide real instantaneous risk estimates • We want to approach to instantaneous risk by taking into account: • plant configuration/alignment • component outages, testing • important factors affecting risk that cannot be obviated, e.g. increased likelihood of initiating events, that could seriously affect decisions based on instantaneous risk estimates. • other affordable factors AOTs of deterministic Tec. Specs. don’t consider other factors affecting risk, and don’t even consider simultaneous outages IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  14. Technical Differences Between RiskMonitor and PSA • What are the differences regarding modelling between PSA and risk monitors? • How to convert a LPSA model to a Risk monitor model? How to keep both updated? • What applications should be done with each tool? • Do the requirements of a risk monitor should be different depending on the intended use of it ? Joint IAEA - NEA /OECD Work IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  15. Accident Sequence Development Initiating events: • Initiating event frequencies are time dependent in reality: • Low time dependent events: LOCA • Events governed by outside factors: LOOP (grid instability, severe weather, external events), LOHS (leaves plugging the intake station), etc. • Events driven by internal factors (predictable or not): Operational transients, component (conventional or safety related) outages, maintenance and testing activities, etc. • How risk monitors could account for that? Is it necessary to account for all this factors? Accident sequence development: Can accident sequences be affected by plant configuration, e.g. Validity of modelling assumptions, probabilities of human errors, etc.? IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  16. System Analysis • At the PSA only some particular system configurations are modelled. • How should the models be modified to account for different configurations?. • Which solution is adopted by the different risk monitors?. IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  17. Human Reliability • How human actions should or could be assessed depending on plant configuration or time ? • Which performance shaping factors should be modified? • Are factors affecting human errors considered as part of the plant configuration? • How are type 1 and type 3 human errors treated? IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  18. Reliability Data • Some important events not further analysed can be reassessed given the actual plant status, e.g. LOOP frequency • Parameters affecting standby models, e.g. last surveillance test time point could be taken into account. • etc. IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  19. Before an outage the CCF estimate remains the same. What happens when a component of a CCF group fails or is taken out of service? Common Cause IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  20. Quantification Pre-Solution • Large number of runs of the PSA carried out for different plant configurations and stored in a database Cut Set Manipulation • Cut-set files obtained from solving the PSA to a very low cut off level manipulated to model plant outages ???????? Re-Solution • RM contains a PSA logic model which is solved for each new plant configuration Hybrid IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  21. Removal of Simplifications • Removal of asymmetries • Model running and standby trains explicitly • Model cross-connections explicitly • Remove maintenance basic events • Review grouping of initiating events • Replace initiating events screened out in LPSA • Model all safety systems IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  22. Development of Risk Monitors 1988 - Heysham 2, Essential Systems Status Monitor (ESSM) 1990 – Torness, LINKITT 1994 – San Onofre, Scientech Safety MonitorTM 2002 – >100 plants have RMs in use or under development IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  23. Frequent Uses of Risk Monitor Planning maintenance outages/configuration control Compliance with US NRC maintenance rule • Requires plant operators to assess the risk prior to entering a planned maintenance configuration and after entering a non-voluntary configuration Other • Precursor analysis • Sensitivity studies • Other risk informed applications IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  24. Risk Criteria Used in RM Risk criteria required to distinguish: NORMAL OPERATION • no restriction on maintenance • MODERATE RISK • maintenance needs to be completed urgently • time restrictions imposed CAUTION • maintenance completed very urgently/ severe time restrictions • compensatory measures UNACCEPTABLE RISK • immediate action required to reduce the risk IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  25. Typical Risk Criteria CORE DAMAGE FREQUENCY UNACCEPTABLE RISK 10-3 per year CAUTION 1 to 3x10-4 per year MODERATE RISK ~average risk calc in LPSA NORMAL OPERATION CDF x TIME IN CONFIGURATION < 10-6 IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

  26. Conclusions • Development and use of RMs during nuclear power plant operation is now a “mature” practice • RMs are in day to day operation in a large number of plants worldwide • RMs accepted by plant managers and station staff • Safety of nuclear plants is enhanced by the ability to monitor risk on-line • Use of a RM is a good way of demonstrating that the risk is ALARP IAEA Training Course of Safety Assessment of NPPs to Assist Decision Making

More Related