consequences was rapidly incorporated into safety analysis procedures, by taking account of the fact that the probability of an accident must be inversely proportional to the severity
Trang 1Đạại Hoc EVN, 1/2014
Hànôi
TS Trân Đạại Phuc
1
Trang 2 The objectives of nuclear safety
The basic principles of nuclear safety
The deterministic approach
The concept of risk
The risk assessment
The Probabilistic Safety Assessment
What is the purpose of a PSA
What does a PSA contain
The limitations of PSA
The future of PSAs
2
Trang 33
Trang 4Two lines exit in the field of nuclear safety:
goals & purposes): limits, defintions
• - practical-NPP operation (design, fuel cycle, INES )
• - Theorical –calculations, analyses, parameters
4
Trang 5Defence in Depth, Deterministic & Probabilistic methods
5
Trang 77
Trang 99
Trang 1010
Trang 1111
Trang 1212
Trang 1313
Trang 1414
Trang 1616
Trang 1717
Trang 1818
Trang 1919
Trang 2020
Trang 2121
Trang 2222
Trang 2323
Trang 2424
Trang 2626
Trang 2727
Trang 2828
Trang 2929
Trang 3030
Trang 3131
Trang 3232
Trang 44The most widely used parameters:
CDF = E-4/RY
LERF = E-5/RY (severe accidents related to consequences (release) Indirectly: LERF = Max: 10%CDF
CDF: Core damage frequency
RY: Reactor year
LERF: Large Early Release Frequency
44
Trang 61The objectives of nuclear safety
engineers must comply with a number of stringent regulations
aimed at limiting the risks inherent in this type of installation,
primarily the possible release of radioactivity These
regulations are applied throughout the lifetime of the facility,
i.e from the design and construction stages to the operating
phases and final decommissioning They embody the principal
concern of all those involved with the plant, from construction
engineers to operators or regulators: nuclear safety.
61
Trang 62 Nuclear safety has three objectives, namely to:
ensure that nuclear facilities operate normally and without an
excessive risk of operating staff and the environment being exposed
to radiation from the radioactive materials contained in the facility;
prevent incidents and;
limit the consequences of any incidents that might occur.
Pursuing these objectives enables those concerned to achieve the
overall goal of nuclear safety, namely to protect man and his
environment by limiting the release, under any circumstances, of the
radioactive materials that the facility contains; in other words,
ensuring the containment of radioactive materials.
62
Trang 63 The basic principles of nuclear safety
Nuclear safety management uses two basic strategies to prevent releases
of radioactive materials, notably in the event of an incident:
the provision of leaktight "barriers" (see Figure 1) between the
radioactive source and the public These barriers, of which there are
generally three, consist of: the fuel cladding, the primary reactor coolant
system, and the containment building (reactors of the type built at
Chernobyl are not equipped with a third containment barrier of this
kind);
the concept of defence-in-depth (see Figure 2), which applies to both the
design and the operation of the facility and which may be briefly summed
up as follows: despite the fact that measures are taken to avoid accidents,
63
Trang 64 it is assumed that accidents may still occur, and systems are
therefore designed and installed to combat them and to ensure
that their consequences are limited to a level that is acceptable
for both the public and the environment.
successive barriers
64
Trang 65 Figure 2 The concept of defence-in-depth
65
Trang 66 The deterministic approach
This analytical procedure has been widely used
throughout the world in the design of nuclear reactors
for the purpose of generating electricity It attempts to
ensure that the various situations, and in particular
accidents, that are considered to be plausible, have been
taken into account, and that the monitoring systems and
engineered safety and safeguard systems will be capable
of ensuring the containment of radioactive materials.
66
Trang 67 The deterministic approach is based on the two principles referred to
earlier: leaktight barriers and the concept of defence-in-depth
Defence-in-depth consists of taking into account potential equipment failures and
human errors, so that suitable preventive measures may be applied, and
of making provisions for the installation of successive devices to counter
such failures and limit their consequences It consists of several
successive stages (or levels), hence the term "defence-in-depth":
Prevention and surveillance: all necessary measures are taken to ensure
that the plant is safe; items of equipment are designed with adequate
safety margins and constructed in such a way that under normal
operating conditions the risk of an accident occurring in the plant is kept
to a minimum;
67
Trang 68 Protection: it is assumed that operating incidents may occur;
provisions are made to detect such incidents and to prevent them
from escalating This is achieved by designing safety systems that
will restore the plant to a normal state and maintain it under safe
conditions.
Safeguard: it is assumed that severe accidents might occur that
could have serious consequences for the public and the environment
Special safety systems are therefore designed to limit the
consequences to an acceptable level.
Some countries make provision for a fourth level of safety consisting
of what are known as ultimate measures, designed to provide
protection against severe
68
Trang 69 conditions under which defences at the three levels described
above prove inadequate.
The concept of risk
Nuclear facilities are designed so that the risks associated with
their operation are within acceptable limits for both the public
and the environment There is no precise definition, however, of
what constitutes an "acceptable risk"; it is basically a subjective
notion In its simplest form, risk denotes the level of uncertainty
associated with an individual's given action The acceptance of
risk is generally governed by the degree to which it is considered
to be relatively improbable and of limited consequence.
69
Trang 70 In a nuclear facility, as in any industrial plant, risk assessment
distinguishes between the potential hazards that might be
encountered in the absence of any protective measures, and the
residual risks that will still remain despite the measures taken
The problem lies in assessing the latter, since there is no way of
ensuring that they have been completely eliminated.
consequences was rapidly incorporated into safety analysis
procedures, by taking account of the fact that the probability
of an accident must be inversely proportional to the severity of
the potential consequences for the public and the environment.
70
Trang 71 This approach may be represented schematically in a
probability/consequence diagram (known as a "Farmer
curve"), which sets out acceptable and prohibited domains
(Figure 3).
Figure 3 Probability consequence diagram
71
Trang 72 Risk assessment
risk assessment is which accident conditions should he take
into consideration and to what level of probability should he
pursue his analysis As the use of probabilistic risk analysis
became more widespread, the safety authorities asked design
engineers to introduce appropriate measures whenever such
analyses indicated that the probability of an event occurring
that might potentially have unacceptable consequences for the
public and the environment was sufficiently high.
72
Trang 73 Risk assessment
risk assessment is which accident conditions should he take
into consideration and to what level of probability should he
pursue his analysis As the use of probabilistic risk analysis
became more widespread, the safety authorities asked design
engineers to introduce appropriate measures whenever such
analyses indicated that the probability of an event occurring
that might potentially have unacceptable consequences for the
public and the environment was sufficiently high.
73
Trang 74 Risk assessment Elements
Initiating events analysis (IEA)
Accident Sequence analysis (ASA)
Success criteria (SC)
Systems analysis (SA)
Human reliability analysis (HRA)
Data analysis (DA)
Internal flooding (IF)
Quantification (QU)
LERF Analysis (LERFA) (Large Early Release Frequency Analysis)
74
Trang 75 Objective & high level requirements
terms
could lead to core damage
complete identification of initiating events.
75
Trang 76 Supporting requirements
meet that capability category
events (for levels, 1, 2 & 3)
possibility of an initiating event occuring due to a failure of the
system (for level 2 & 3).
76
Trang 77 PROBABILISTIC SAFETY ASSESSMENT (PSA)
was rapidly supplemented by the development of probabilistic
studies, referred to more commonly as PSAs.
order to calculate the probability of external events such as an
aircraft falling onto a given target PSA techniques were
subsequently used to develop scenarios for hypothetical
accidents that might result in severe core damage, and to
estimate the frequency of such accidents.
77
Trang 78 The first study of this kind carried out in the United States was
published in 1975 (Rasmussen report) and provided the first
assessment of the potential risk of core damage for two power
reactors.
The accident in 1979 at the Three Mile Island plant generated
renewed interest in this type of study One of the
recommendations made after the accident was that probabilistic
analysis techniques should be used to supplement conventional
safety assessment procedures for nuclear power plants, and that
probabilistic objectives should be developed in order to facilitate
the determination of acceptable safety levels for nuclear facilities.
78
Trang 79 A large number of generic and plant-specific PSA studies (over
one hundred to date) have been carried out or are currently in
progress in those OECD countries currently operating nuclear
plants These studies are of interest not only in determining the
absolute value of the risk of damage to the reactor core, but also
for the information they can provide about the various
components of this risk and their relative weighting.
Lastly, the accident at Chernobyl in 1986 revealed the potential
consequences of failure to manage nuclear power plant safety,
and lent greater urgency to the need to develop PSA applications
in the areas of safety management and accident prevention.
79
Trang 80 What is the purpose of a PSA?
PSAs can be used to calculate the probability of damage to the
core as a result of sequences of accidents identified by the study.
With the development of this type of analyses, PSAs can now
also be used to assess the size of radioactive releases from the
reactor building in the event of an accident, as well as the
impact of such releases on the public and the environment
These studies are referred to as level 2 and level 3 PSAs
respectively (level 1 corresponding to the assessment of the risk
of a core damage) Level 2 analyses have been performed, or are
planned, in most NEA countries in view of their
80
Trang 81 importance in determining accident management strategies and
identifying potential design weaknesses in reactor containment
buildings Level 3 analyses are used for emergency plan
The results of these analyses can therefore identify not only the
weaknesses but also the strengths with regard to the plant's safety,
and thus assist in setting priorities and focusing efforts on the points
identified as the most sensitive in terms of the contribution they can
make to improving the safety of facilities Indeed, it is this type of
assessment that is most commonly carried out, given that its use as an
"analytical tool" was rapidly recognised as its most important aspect.
81
Trang 82 What does a PSA contain?
A PSA is an analysis that is used during both the design and the
operating stages of a nuclear plant to identify and to analyse every
possible situation and sequence of events that might result in severe
core damage.
A typical PSA involves:
acquiring an in-depth understanding of the facility and collecting a
large volume of related information;
identifying initiating events and states of plant damage;
modelling the main systems within the plant using event and fault trees;
assessment of the relationships between events and
82
Trang 83 human actions and;
systems and components
initiating events, which is aimed at identifying and estimating
the frequencies of initiating events that might lead to severe
core damage, or even meltdown, as a result of either a safety
system failure or human error.
83
Trang 84 The second part of the analysis assesses the reliability of systems
designed to meet safety requirements This assessment consists in
the identification, for each system and function reviewed, of failures
that might result in the loss of the system's function The
probability of each type of failure occurring is then calculated and
the failures can be ranked by decreasing order of probability
Potential weaknesses in the facility may thus be revealed This part
of the assessment is particularly important because its results will
largely depend on the reliability of the data used in calculations
Reliability values must be based on data which are representative of
plant operating experience and thus on the incidents and events
observed in the systems concerned;
84
Trang 85 The third part of the analysis is aimed at identifying and
assessing sequences of events that might lead to a severe
accident, i.e damage to the core resulting in core melt For
this, analysts generally use the event-tree method (see Figure
4), which consists in identifying accident sequences from
individual initiating events and then postulating the failure of
the safety systems triggered by the event in question The
safety system failures postulated are those identified and
calculated in the previous stage of the assessment This
underlines the importance of collecting reliable data, as noted
above.
85
Trang 86 Figure 4 Event tree example
86
Trang 87 THE LIMITATIONS OF PSAs
does probabilistic assessments These are due to the fact that
the results of a PSA invariably contain uncertainties arising
from three main sources:
the area under consideration It is impossible to demonstrate
the exhaustiveness of a PSA, even when the scope of the
analysis has been extended to as large a number of situations as
possible notably in terms of various reactor operating states
and potential initiating events.
87
Trang 88 uncertainties regarding data Such uncertainties concern the
reliability data for plant components, the frequency of
initiating events, common-mode failures and failures resulting
from human actions The main uncertainties are those relating
to the frequency of rare initiating events (for example, the
combination of a steam piping break and a steam-generator
tube break), as well as data relating to human factors.
cannot easily be quantified, such as the resistance of certain
components under accident conditions, poorly understood
physical phenomena or human actions.
88