Enhancing Nuclear Power Plant Safety Requirements Post-Fukushima
The International Atomic Energy Agency (IAEA) has developed safety requirements for nuclear power plant (NPP) designs to address feedback from the Fukushima-Daiichi accident. Changes include clarifying levels of Defense-in-Depth, stress on margins to avoid accidents, and alternative heat sink requirements. Pilot exercises were conducted to assess changes in safety guides. Revision of safety guides was deemed necessary primarily due to recommendations based on older safety requirements. Safety enhancements aim to prevent significant offsite consequences and maintain operability during severe accidents.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
International Atomic Energy Agency Developments in Safety Requirements for NPP Design INSAG Meeting 4-5 December 2013 P. Hughes, J. Yllera IAEA Division of Nuclear Installation Safety
Outline Addendum to Safety Requirements for NPP Design (SSR 2/1) to address the feedback from the Fukushima-Daiichi accident Implication of Changes of the Requirements for Safety Guides New draft TECDOC on Considerations for the application of the IAEA Safety Requirements on Design International Atomic Energy Agency
Addendum to Safety Requirements for NPP Design (SSR 2/1) Changes to SSR 2/1 in the light of the experience from the Fukushima Daiichi accident Clarification of levels of DiD, in particular on level 4 (DEC) and practical elimination of large offsite consequences. Consideration of concurrent external hazards based upon causality and likelihood. Stressing the need for margins to avoid cliff edge effects: For equipment important to safety to withstand external hazards moderately exceeding the input from site evaluation. For DEC equipment to remain operable Significant margins for items that prevent releases Not sharing of equipment associated to DiD levels between different reactor units Connection of units to support each other if it facilitates accident management International Atomic Energy Agency
Addendum to Safety Requirements for NPP Design (SSR 2/1) Changes to SSR 2/1 in the light of the experience from the Fukushima Daiichi accident Alternative heat sink required if its reliability cannot be ensured in all conditions generated by postulated hazards Implementation of features (design, procedures, etc.) to enable the use (e.g. hook-up) of non permanent equipment Practical elimination of the loss of containment integrity needs to be achieved without significant releases. Margins in control room design to ensure availability in all conditions generated by hazards and severe accidents; also on the habitability of technical support centre Dedicated power supply source for DEC equipment Additional measures for spent fuel pool instrumentation, cooling and maintaining inventory. International Atomic Energy Agency
Pilot Exercise on Effect of changes in Safety Requirements to subordinated Safety Guides Safety Guides analyzed include: NS-G-1.9: Design of the Reactor Coolant System and Associated Systems in Nuclear Power Plants NS-G-1.10: Design of Reactor Containment Systems for Nuclear Power Plants Safety Guide NS-G-2.15: Severe Accident Management Programmes for Nuclear Power Plants Safety Guide NS-G-1.2: Safety Assessment and Verification for Nuclear Power Plants In general, the scope changes needed as a consequence of the Fukushima accident is very limited. The safety guides need to be revised primarily because they provide recommendations on earlier versions of the safety requirements. International Atomic Energy Agency
New TECDOC: Considerations for the application of the IAEA Safety Requirements on Design Intended to help to harmonize implementation of selected topics of SSR- 2/1 before the relevant Safety Guide(s) will be published: Categories of plant states for reactor and spent fuel pool. DECs to be included in the design. Independence of the levels of defense in depth. Understanding CCFs, root causes coupling mechanisms and efficient defensive measures Design basis of plant equipment versus beyond design basis Design margins and cliff-edge effects Interpretation of the concept of practical elimination Use of mobile sources of electric power and coolant Diversification of the ultimate heat sink The importance of addressing these issues has been strongly highlighted by the lessons learned from the Fukushima accident. . International Atomic Energy Agency
Plant Sates & Design Basis Design Basis Operational states Accident conditions (No cliff edge effects) Conditions practically eliminated NO AOO DBAs Design Extension Conditions Severe Accidents (core melt) No core melt Conditions generated by External & Internal Hazards (No cliff edge effects) Criteria for the necessary capability, reliability and availability (for each plant state) Design Basis of safety features for DECs including those SSCs necessary to control DECs Beyond design basis Design Basis of Safety Systems including those SSCs necessary to control DBAs Design basis of equipment for Operational states Design Basis ofthe containment systems The design basis identifies for each structure, system and component (SSC) of the NPP: the functions to be performed , the operational states, accident conditions the conditions generated by internal and external hazards that the SSC has to withstand the acceptance criteria for the necessary capability, reliability, availability and functionality specific assumptions and design rules International Atomic Energy Agency
Design Extension Conditions DECs are to some extent technology dependent. Recommended DECs (except for SBO) are not available in any IAEA safety standards. A preliminary list of DECs is being considered: anticipated transient without scram (ATWS) station black out (SBO) total loss of feed water LOCA together with the complete loss of one emergency core cooling system (either the high pressure or the low pressure emergency core cooling system ) uncontrolled level drop during mid-loop operation (PWR) or during refuelling loss of the component cooling water system or of the essential service water system loss of core cooling in the residual heat removal mode loss of fuel pool cooling loss of ultimate heat sink function uncontrolled boron dilution (PWR) multiple steam generator tube ruptures (PWR, PHWR) loss of required safety systems in the long term after a postulated initiating event Failure of the reactor protection system International Atomic Energy Agency
DiD Levels Independence and Safety provisions Level 1 BDBAs Failure prevention. Control system and quality requirements PIEs DBAs AOOs (L2 bypass) AOOs Level 3 Level 4 (DEC) Level 2 Level 5 DEC Provisions(no CD) SA Management L3 Provisions for MSFs L2 Provisions for MSFs No alternate L3 Provisions (SBO, ATWS) Provisions need to: Be balanced and meet safety goals Rely on adequate design bases of SSCs, including sufficient margins Ensure sufficient reliability of safety provisions at each level Be independent to the extent possible, in particular of level 4 from 2&3. International Atomic Energy Agency
Dependent Failures Causes and Defensive Measures Causes of Dependency: Functional Dependencies (Support systems) affecting redundant trains Common system interfaces Systems and components with multiple functions, e.g. for different DiD levels Failures/conditions induced by a PIE on plant. Failure/conditions caused by external hazards Operation errors Common Cause Failures (intrinsic): Errors in design, manufacturing and construction Errors or inadequate practices during maintenance, surveillance or inspection Environmental or external factors resulting in conditions exceeding the margins of the design Root Cause Common Mode Failure Adequate Defensive Measures? Coupling mechanism or triggering condition Proven design and construction Adequate QA practices Physical separation, Redundancy, Diversity (functional and technical) Regular maintenance and Inspection Adequate procedures Automatic announcement of failures, etc. International Atomic Energy Agency
Dependent Failures Causes and Defensive Measures Dependent failures may jeopardize the efficiency of safety provisions and the independence between levels of DiD It is both important to ensure the reliability of safety provisions at a given level and the effective independence between different levels of defense in depth. There might be however some practical limitations. Safety features for DEC (level 4) introduced in SSR 2/1 should be as independent as possible from previous levels of DiD The implementation of adequate defensive measures requires the thorough application of design rules, e.g. on physical separation and functional independency of safety trains, and the understanding of the relevant root causes of common mode failures and coupling mechanisms, as well as benefits and drawbacks of the measures. Hazards can be a major source of dependency. If a hazard exceeds the Design Basis + Margin of an SSC, it will fail despite defensive measures. It is essential to ensure an adequate Design Basis supplemented by sufficient margins , especially for safety features for DEC. Some countries are reinforcing the design ensuring larger margins for critical equipment (hardened safety core) Non permanent equipment cannot be credited as part of the design. The design needs to include the necessary provisions for their timely connection and operation International Atomic Energy Agency
