An approach to address probabilistic assumptions on the availability of safety systems for deterministic safety analysis

doi:10.1016/j.ress.2016.12.009

Reliability Engineering & System Safety

Volume 160, April 2017, Pages 136-150

https://doi.org/10.1016/j.ress.2016.12.009 Get rights and content

Abstract

There is an attempt nowadays to provide a more comprehensive and realistic safety assessment of design and operation of Nuclear Power Plants. In this context, innovative approaches are being proposed for safety assessment of nuclear power plants design including both design basis conditions and design extension conditions. An area of research aims at developing methods for combining insights from probabilistic and deterministic safety analyses in Option 4, also called realistic approach, from the International Atomic Energy Agency specific safety guide. The development of Option 4 or realistic approach involves the adoption of best estimate computer codes, best estimate assumptions on systems availability and best estimate of initial and boundary conditions for the safety analysis. This paper focusses on providing the fundamentals and practical implementation of an approach to integrate PSA-based probabilistic models and data, which incorporate best estimate assumptions on the availability of safety systems, into Option 4. It is presented a practical approach to identify relevant, i.e. most probable, configurations of safety systems and to assess the associated occurrence probability of each configuration using PSA models and data of a NPP, which is based on the use of a Pure Monte Carlo method. An example of application is provided to demonstrate how this approach performs. The case study focusses on an accident scenario corresponding to the initiating event “Loss Of Feed Water (LOFW)” for a typical three-loops Pressurized Water Reactor (PWR) NPP.

Introduction

Nuclear industry has relied on the concept of defense in depth and safety margins to deal with the uncertainties associated with the design and operation of nuclear facilities. In this context, both deterministic and probabilistic safety analyses are performed with an aim to achieve regulatory approval of Nuclear Power Plant (NPP) design and operation according to well-established licensing basis.

The adoption by regulators of the risk-informed decision-making philosophy [1] represents a key milestone to understand both the evolving regulatory framework and the growing research interest towards developing methods for using Probabilistic Safety Analysis (PSA) results into requirements and assumptions in Deterministic Safety Assessment (DSA) and vice versa. There is an attempt to provide a more comprehensive and realistic safety assessment of reactor design and operation. In addition, Fukushima Daiichi accident has raised new challenges such as the revision of current design license basis accounting for not only design basis conditions (DBC), e.g. anticipated occupational occurrences and design basis accidents (DBA), but also design extension conditions (DEC), e.g. DEC without and with fuel damage, in a context where innovative approaches of safety assessment of current NPP are welcome.

What concerns DSA (Deterministic Safety Analysis), the International Atomic Energy Agency (IAEA) produced guidance on the use of deterministic safety analysis for the design and licensing of nuclear power plants (NPPs): ‘‘Deterministic Safety Analysis for Nuclear Power Plants Specific Safety Guide,’’ Specific Safety Guide No. SSG-2 [2], which is now under revision [3]. SSG- 2 addresses four options for the application of DSA.

Options 1 and 2 are conservative and they have been used since the early days of civil nuclear power, and are still widely used today. However, the desire to utilize current understanding of important phenomena and the availability of reliable tools for more realistic safety analysis without compromising plant safety has led many countries to use option 3. Option 3 involves the use of best-estimate codes and data together with an evaluation of the uncertainties, the so called BEPU (Best Estimate Plus Uncertainty) methodology. Several BEPU approaches have been developed [4], [5], [6], [7], [8], [9], [10], [11], some of them in scopes that are accepted by the regulator authorities nowadays. Most of them are based on propagation of input uncertainties and make use of the Wilks’–based methods to determine the number of calculations of the output (usually safety-related parameters) needed to verify compliance of acceptance criteria with “Standard Tolerance Levels (STL)” (typically 95/95) in accordance with current regulatory practice. Ref. [4] provided a review of groups of tools and methods being proposed up to 2008 to perform BEPU analysis, e.g. statistical methods, use of surrogate models, etc. Pourgol-Mohammad, [5] and D’Auria et al. [6] published the fundamentals of several of them. Wilsom, [7] presented historical insights in the development of BEPU safety analysis. Unal et al. [8] proposed an improved BEPU methodology including advanced validation concepts to license evolving nuclear reactors and more recently Queral et al. [9] presents an application of the BEPU methodology for the safety analysis of a Large-Break LOCA with TRACE code of an advanced NPP.

Development of Option 4 of the IAEA Specific Safety Guide SSG-2 [2], [3], which is also called realistic deterministic safety analysis, is currently under research. An area of research in this context aims at developing methods for combining insights from probabilistic and deterministic safety analyses [12], [13]. Even more, some research aims at developing methods for integrating deterministic and probabilistic safety assessment or even at developing an integrated safety assessment methodology [14], [15], [16]. The new methods, such as the one presented in [13], are intended to be used for safety assessment of some current NPP design basis conditions, e.g. anticipated occupational occurrences also called DBC-2, and design extension conditions without and with significant fuel degradation, which are also called DEC-A and DEC-B accidents respectively. Option 4 is not allowed for design basis accidents (DBA) within the design basis conditions, called DBC-3 and DBC-4, where it is proposed only the adoption of Options 1–3 (see section 2.15 in Ref. [3]).

In this research context, it is proposed to face the challenge of combining the use of well stablished BEPU methods and probabilistic-based assumptions on systems availability to build an extended BEPU methodology, called EBEPU methodology [12], [13], following the fundamentals of Option 4 based on the IAEA SSG-2 guide, which can be used for realistic deterministic safety analysis of current NPP designs [2], [3]. In Ref. [13], a novel EBEPU approach was introduced merging traditional BEPU methods and PSA-based assumptions on the availability of safety systems, which consists of the following steps:

1.
Selection of the accident scenario.
2.
Selection of the safety criteria linked to the accident scenario under study and the FOMs (Figures of Merit) involved in the acceptance criteria.
3.
Identification and ranking of relevant physical phenomena based on the safety criteria.
4.
Selection of the appropriate TH (Thermal Hydraulic) parameters to represent those phenomena.
5.
Identification of relevant safety-related systems involved in the accident scenario.
6.
Selection of relevant components/trains of the above redundant safety systems that are responsible for performing the intended safety function to mitigate accident consequences.
7.
Development of the TH computer model of the accident scenario, e.g. develop an input for TRACE code [17].
8.
Association of PDF (Probability Density Functions) for each selected TH parameter.
9.
Identification of relevant, i.e. most probable, system configurations based on the availability of safety components/trains and association of a probability of occurrence for each configuration.
10.
Random sampling of the selected TH parameters and plant configurations. Sample size (N) will depend on the particular statistical method and the acceptance criterion adopted to verify compliance of safety criteria. Perform N computer runs to obtain FOMs for each run.
11.
Processing the results of the multiple computer runs (N) to estimate either the probability distribution of the FOMs, or rather some descriptor of this distribution, such as for example a percentile of the FOM, or a tolerance level of each FOM with STL using OS, e.g. the FOS.
12.
Verify compliance of acceptance criterion for each FOM

The main difference between a typical BEPU and this EBEPU approach is the incorporation of steps 6 and 9 to account for best estimate assumptions, i.e. PSA-based assumptions herein, on safety systems availability under the EBEPU approach. In addition, step 10 must be updated to account also for random sampling of safety systems configurations in addition to TH parameters. At last but not at least, the TH computer model must be developed in step 7 with appropriate level of detail at component/train in a coherent manner with step 6 in order to make it possible to address the particular configuration of the safety systems required for each TH simulation or computer run in step 10. BEPU approaches focuses only on an enveloping sequence representing a conservative progression of the accident scenario (step 1) departing from an initiating event. Thus, for such an enveloping accidental sequence, it is adopted a conservative assumption on the availability of safety systems (steps 5 and 7), so that steps 6 and 9 are not necessary. In Ref. [18], a comparison between traditional BEPU and Extended-BEPU approaches for Deterministic Safety Analysis is presented.

This paper presents a practical approach to identify relevant configurations of safety systems and to assess the associated occurrence probability of such configurations using PSA results of a NPP, i.e. how to develop step 9 in the above EBEPU approach. The most relevant configurations mean the most probable ones according to PSA-based probabilistic models and data, which incorporate best estimate assumptions on the availability of safety systems. An example of application is provided to demonstrate how this approach performs. The case study focusses on an accident scenario corresponding to the initiating event “Loss Of Feed Water (LOFW)” for a typical three-loops Pressurized Water Reactor (PWR) NPP.

Section snippets

Methodology

Fig. 1 Provides an outline of the procedure proposed to identify a list of relevant sets of configurations of Trains/Components (TC) of safety systems (available/unavailable TC) and to assess the associated occurrence probability for each set of TC configurations using PSA models and data for a NPP. Each step of the proposed approach is explained next.

Step 1: Identification of the PSA-based initiating event, accident scenarios and safety functions.

The procedure starts with the adoption of the

Description of the PSA-based initiating event and the corresponding event tree (Step 1)

The case study focusses on an accident scenario corresponding to the initiating event “Loss Of Feed Water” for a typical three-loops Pressurized Water Reactor NPP. The group LOFW includes those transients involving total loss of main feed water to steam generators (SG), which reduce water level of SG and consequently reduce their capacity to extract heat from the reactor coolant system (RCS). In particular, this group includes initiating events of category 16 and 24 in EPRI/NP-2230 [21]. Fig. 3

Concluding remarks

In this paper, it is proposed an approach that can be used to integrate probabilistic assumptions on the availability of safety system configurations into deterministic safety analysis of extensions to NPP design conditions based on Option 4 of the IAEA SSG-2 guide, which will require combining the use of well stablished deterministic BEPU methods and realistic assumptions on availability of safety systems.

In particular, this paper proposes and demonstrate the performance of an approach to

Acknowledgements

Authors are grateful to the Spanish CSN (Consejo de Seguridad Nuclear) for the financial support of this research (Research Project SIN/4078/2013/640; MASA Project).

References (21)

M. Pourgol-Mohammad
Thermal–hydraulics system codes uncertainty assessment: a review of the methodologies
Ann Nucl Energy
(2009)
F. D’Auria et al.
The best estimate Plus uncertainty (BEPU) approach in licensing of current nuclear reactors
Nucl Eng Des
(2012)
C. Unal et al.
Improved best estimate plus uncertainty methodology, including advanced validation concepts, to license evolving nuclear reactors
Nucl Eng Des
(2011)
C. Queral et al.
Large-Break LOCA BEPU analysis with TRACE code
Ann Nucl Energy
(2015)
C.S. Brown et al.
Best estimate plus uncertainty analysis of departure from nucleate boiling limiting case with CASL core simulator VERA-CS in response to PWR main steam line break event
Nucl Eng Des
(2016)
E. Zio
Integrated deterministic and probabilistic safety assessment: concepts, challenges, research directions
Nucl Eng Des
(2014)
J. Gonzalez-Cadelo et al.
Analysis of cold leg LOCA with failed HPSI by means of integrated safety assessment methodology
Ann Nucl Energy
(2014)
D.G. Kang et al.
A combined deterministic and probabilistic procedure for safety assessment of beyond design basis accidents in nuclear power plant: application to ECCS performance assessment for design basis LOCA redefinition
Nucl Eng Des
(2013)
Use of probabilistic risk assessment methods in nuclear activities: final policy statement. federal register. Vol. 60....
International Atomic Energy Agency (IAEA), Deterministic safetyanalysis for nuclear power plants. Specific safety guide...

There are more references available in the full text version of this article.

Cited by (9)

Activities in Spain on the integration of probabilistic and deterministic safety analysis methods. Discussion on their applicability to DEC-A scenarios
2024, Nuclear Engineering and Design
This paper presents a summary of theoretical and applied achievements in the field of integrated methods of nuclear safety analysis produced by Spain’s nuclear safety community. These integrated methods combine deterministic as well as probabilistic tools and include the approaches termed “Extended Best-Estimate Plus Uncertainty” (E-BEPU), dynamic PSA (DPSA), and probabilistic quantification of safety margins. In the three fields, the Spanish contributions have been substantial, and, in some cases, certainly pioneering. These works have been promoted and performed by Spain’s Regulatory Authority (CSN), in collaboration with some Spanish university groups and foreign research groups.
The paper describes how these integrated methods can be useful in the analysis of Design Extension Conditions (DEC) of nuclear plants, especially in the subcategory DEC-A, formed by scenarios DEC where the core or nuclear fuel is not severely damaged. Finally, a prospective of future activities on the development and application of integrated methods is presented.
A risk-based approach to identify safety-critical equipment in process industries
2023, Results in Engineering
Establishing safety-critical equipment (SCE) in process industries is essential to reduce the risk of catastrophic accidents due to equipment failure. Despite the significant role of risk in the definition of SCE, there are still challenges to identifying and prioritizing risk-based SCE that require further investigation. To address the current gap, a quantitative risk-based approach is presented to identify and prioritize SCE. To do this, Hazard and operability study (HAZOP) is employed for hazard identification; the Bow-tie model and Bayesian network are used for probabilistic cause-consequence analysis, and consequence modelling is used to complete the risk-based approach. The approach here not only aids in making the system more reliable by recognizing the equipment and barriers that reduce the risk of major accidents, but it also aids in the development of maintenance management by reducing the associated costs. The proposed framework then is employed to identify and rank SCE in a high-toxicity petrochemical processing unit. The results show that there are 9 major accident scenarios in the studied unit. As well, rapture in the Phosgene absorber tower 36611 is the worst scenario with a fatality number of 247 and a probability of 0.01/yr. Also, the results indicate that 22 pieces of equipment have the highest safety criticality rating and need more attention in the maintenance plan.
Demonstration of the E-BEPU methodology for SL-LOCA in a Gen-III PWR reactor
2022, Reliability Engineering and System Safety
Citation Excerpt :
However, several features must be studied in detail, demonstrated, and stress-tested in future research. The methodology presented in this paper can be briefly discussed and compared with other recently developed probabilistic and deterministic combined methods equivalent or similar to E-BEPU (also mentioned in the introduction section) to indicate the most important differences and novelty [37–41]. The Extended BEPU methodologies attempt to reduce the level of conservatism in the definition of scenarios studied in the safety analysis.
The paper presents the first practical application of the alternative Extended Best Estimate Plus Uncertainty (E-BEPU) methodology. The E-BEPU is the systematic risk-informed combined deterministic and probabilistic methodology dedicated to design verification of Nuclear Power Plants. The approach covers applying the best-estimate computer code, realistic input data for initial and boundary conditions with uncertainties, and plant systems availability based on Probabilistic Safety Analysis methods. Furthermore, it extends the scope of the uncertainty analysis to include the availability of safety systems as an additional uncertain item. The approach is characterized by an enhanced Defence-in-Depth; it can detect cliff-edge effects and include risk insights in the deterministic analysis framework. It is an advanced approach to Deterministic Safety Analysis beyond the BEPU approaches and an alternative realization of the Extended-BEPU. In this study, the generic Generation-III Pressurized Water Reactor design was investigated to demonstrate the methodology with a practical example. The Postulated Initiating Event was a surge line double-ended break (SL-LOCA), a variant of the Large Break Loss of Coolant Accident (LB-LOCA), and considered an example of the Design Basis Event. The considered reactor design passed successfully through the procedure with a large margin due to the robustness of its safety systems.
Application of Expanded Event Trees combined with uncertainty analysis methodologies
2021, Reliability Engineering and System Safety
Citation Excerpt :
In the open-access literature, there is still a reduced number of EBEPU examples for safety analysis. Regarding DSA, the research of Martorell et al. studied a Loss Of Normal Feedwater (LONF) sequence in a Pressurized Water Reactor (PWR) using its own developed methodology, [14,15]. Regarding advances in PSA, the Spanish regulator developed the Integrated Safety Assessment (ISA), which integrates methods suited for sequences where some events occur at uncertain times, [16,17].
During the last decades, the safety analysis of nuclear power plants, have been shifting from conservative models and hypotheses to Best Estimate. Within this trend, the different safety analyses can be categorized depending on their associated conservatisms. The approach that includes Expanded Event Trees together with Best Estimate model and conditions plus uncertainty avoiding conservatisms in system availability can be referred as Extended BEPU (EBEPU). In this sense, an Extended BEPU safety analysis relies on Expanded Event Trees and Best Estimate models to study an accidental sequence.
In the present paper, an EBEPU study is performed, using a loss of coolant accident in a pressurized water reactor modeled with the TRACE code. A 5% core power uprate is used as an example of safety margin EBEPU analysis. The paper presents parametric and non-parametric uncertainty approaches. Observing the results from all event tree sequences, it is seen that the branches that contribute the most to the Core Damage frequency are successful branches, with all safety systems available, and some Core Damage branches have a possibility of success.
Model checking reveals design issues leading to spurious actuation of nuclear instrumentation and control systems
2021, Reliability Engineering and System Safety
A spurious actuation of an industrial instrumentation and control (I&C) system is a failure mode where the system or its component inadvertently produces an operation without a justified reason to do so. Design issues leading to spurious failures are difficult to analyse, but pose a high risk for safety. Model checking is a formal verification method that can be used for exhaustive analysis of I&C systems. In this paper, we explain how formal properties that address spurious failures can be specified, and how model checking can then be used to verify I&C application logic designs based on vendor-specific function block diagrams. Based on over ten years of successful practical projects in the Finnish nuclear industry, we present 21 real-world design issues (representing 37% of all detected issues), each involving a systemic failure that could lead to spurious actuation of nuclear safety I&C. We then describe how random failures of the underlying hardware architecture—another cause for spurious actuation—can also be included in the models. With an experimental evaluation based on real-world nuclear industry models, we demonstrate that our method can be effectively used for the verification of single failure tolerance.
Uncertainty analysis of a large break loss of coolant accident in a pressurized water reactor using non-parametric methods
2018, Reliability Engineering and System Safety
The safety analysis of nuclear power plant is moving toward a realistic approach in which the simulations performed using best estimate computer codes must be accompanied by an uncertainty analysis, known as the Best Estimate Plus Uncertainties approach. The most popular statistical method used in these analyses is the Wilks’ method, which is based on the principle of order statistics for determining a certain coverage of the Figures-of-Merit with an appropriate degree of confidence. However, there exist other statistical techniques that could provide similar or even better results. This paper explores the performance of alternative non-parametric methods as compared to the Wilks’ method of obtaining such Figure-of-Merits tolerance intervals. Three methods are investigated, i.e. Hutson and Beran–Hall methods and a bootstrap method. All the techniques have been used to perform the uncertainty analysis of a Large-Break Loss of Coolant Accident. The Figure-of-Merit of interest in this application is the maximum value reached by the Peaking Clad Temperature. In order to analyze the results obtained by the different methods, four performance metrics are proposed to measure the coverage, dispersion, conservativeness, and robustness of the tolerance intervals.

View all citing articles on Scopus

View full text

An approach to address probabilistic assumptions on the availability of safety systems for deterministic safety analysis

Abstract

Introduction

Section snippets

Methodology

Description of the PSA-based initiating event and the corresponding event tree (Step 1)

Concluding remarks

Acknowledgements

Ann Nucl Energy

Nucl Eng Des

Nucl Eng Des

Ann Nucl Energy

Nucl Eng Des

Nucl Eng Des

Ann Nucl Energy

Nucl Eng Des