Risk-Informed Design Guidance

22.39 Elements of Reactor Design, Operations, and Safety

Fall 2005

George E. Apostolakis Massachusetts Institute of Technology

Department of Nuclear Science and Engineering 1

2

Policy Issues for Future Reactor Licensing

• Integrated risk posed by multiple reactors • Containment functional performance requirements and

criteria • Level of Safety • Definition of defense in depth • Use of a probabilistic approach to establish the licensing

basis • Use of scenario-specific source terms for licensing decisions • Possible modifications of emergency preparedness

requirements • Physical protection • Selective implementation

Department of Nuclear Science and Engineering

Department of Nuclear Science and Engineering 3

Technology-Neutral Regulatory Framework

Acce pta ble Region

Frequency-Consequence Curve

1E-2

1E-3

1E-4

1E-5

1E-6

1E-7

0.1 1 .0 10.0 1 00.0 100 0.0 D os e, rem

Department of Nuclear Science and Engineering 4

5

Why Risk-Informed Design?

• USNRC is preparing a new risk-informed licensing processfor future reactors. The IAEA is also preparing relatedguidance.

• Important uncertainties are identified early. • The best features of the structuralist (i.e., defense in depth)

and the rationalist (i.e., risk-based) safety philosophies canbe combined early in the process.

• Different design options can be compared. •

improvements can be made resulting in a more risk-informed design.

Department of Nuclear Science and Engineering

PSA methodological needs are identified early so that

6

The MIT Risk-Informed Design Process

Modify Design

Step 3 Screening

)

Step 1 Formulate Design

Step 2

(PRA)

Step 4Deliberate and Choose

the Best Design

Granted

•

•Structuralist defense in depth.

Department of Nuclear Science and Engineering

Start with “bare-bones” ECCS design with minimum combination of structures, systems, and components necessary for the system function to be accomplished.

Unacceptable

Criteria (Deterministic, Probabilistic

Analyze Design

Acceptable Exemption

Best Engineering Practices

7

Criteria and Goals

• Deterministic Criterion (General Design Criterion 35) –

*Common-cause failures are not considered single failures.

• Probabilistic Goal – fLOCA = 5.45x10-4 per reactor year → “infrequent initiator” →

• ≤ 10-2 AND • fLOCA x CCDP ≤ 10% of the CDF goal of 10-4 per reactor year =

10-5

– CCDP ≤ 10-2 is the only goal in this case

Department of Nuclear Science and Engineering

An ECCS must be designed to withstand the following postulated LOCA: A double-ended break of the largest reactor coolant line, the concurrent loss of offsite power, and a single failure* of an active ECCS component in the worst possible place.

Conditional Core Damage Probability (CCDP)

8

Studies Completed

• Decay Heat Removal for two initiating events: – Loss of coolant – Loss of offsite power

• Uncertainties in passive cooling systems

Department of Nuclear Science and Engineering

9

ECCS Designs 1-6 (LOCA) 2 cooled, direct cycle)

1. Bare-bones system 2.

DC battery(1x100%)

3. DC battery(2x100%)

4. DC battery(2x100%)

5. DC battery(2x100%), DCtransmission (2x100%)

6. DC battery(2x100%), DCtransmission (2x100%)

Systems,” , 235:1537-1556, 2005.

Department of Nuclear Science and Engineering

Bare-bones system of MIT GFR concept (SCO

Designs 1- 6

+Diesel (1x100%),

+Diesel (1x100%),

+Diesel (2x100%),

+Diesel (2x100%),

+Diesel (3x100%),

Figure removed for copyright reasons. See Delaney, M.J., Apostolakis, G.E., and Driscoll, M.J., “Risk-Informed Design Guidance for Future Reactor

Nuclear Engineering and Design

10

Design 7: Secondary Onsite AC Power

Design 7

• Diesel (3x100%) • DC battery (2x100%) •

(2x100%) • Turbine (1x100%) • Accumulator(1x100%) • Electric valve (1x100%) • •

motor

Systems,” , 235:1537-1556, 2005.

Department of Nuclear Science and Engineering

DC transmission

Generator (1x100%) Secondary electric

Figure removed for copyright reasons. See Delaney, M.J., Apostolakis, G.E., and Driscoll, M.J., “Risk-Informed Design Guidance for Future Reactor

Nuclear Engineering and Design

11

Design 8: Microturbine (secondary onsite AC power)

Design 8

• Diesel (3x100%) • DC battery (2x100%) •

(2x100%) • Microturbine

(1x100%) • Natural gas

accumulator(1x100%) • Electric switch

(1x100%) • • Offsite natural gas

connection (1x100%) •

motor

Systems,” , 235:1537-1556, 2005.

Department of Nuclear Science and Engineering

DC transmission

Generator (1x100%)

Secondary electric

Figure removed for copyright reasons. See Delaney, M.J., Apostolakis, G.E., and Driscoll, M.J., “Risk-Informed Design Guidance for Future Reactor

Nuclear Engineering and Design

12

ECCS Design 9: Nitrogen Accumulator

Design 9

• Diesel (3x100%) • DC battery (2x100%) •

(2x100%) • Nitrogen

accumulator(1x100%) • Electric valve • Pressure valve • Turbine

Systems,” , 235:1537-1556, 2005.

Department of Nuclear Science and Engineering

DC transmission

Figure removed for copyright reasons. See Delaney, M.J., Apostolakis, G.E., and Driscoll, M.J., “Risk-Informed Design Guidance for Future Reactor

Nuclear Engineering and Design

4x503x1003x502x1001x100%

Screening based on Deterministic Criteria

Desig Number of ECCS Loops n * % % % % Comments

Meets Deterministic Screening Criteria?

1 No No No No No Violates SFC, no onsite AC power,

2 No No No No No Violates SFC 3 No No No No No Violates SFC + Loss of Offsite

Power 4 No Yes Yes Yes Yes 1x100% violates SFC 5 No Yes Yes Yes Yes 1x100% violates SFC 6 No Yes Yes Yes Yes 1x100% violates SFC 7 No Yes Yes Yes Yes 1x100% violates SFC 8 No Yes Yes Yes Yes 1x100% violates SFC 9 No No No Yes Yes 1x100%, 2x100%, 3x50%

violates SFC

Department of Nuclear Science and Engineering 13

Screening based on Probabilistic Goals (1-5)

Conditional Core Damage Probability given a LOCA Number of ECCS Loops

Desig n

1x100 %

2x100 %

3x50 %

3x100 % 4x50%

PRA Insights (3x100% ECCS Loops)

Mean CCDP 1 No No No No No LOOP accounts for ~99% of risk

2.51E-02 2.20E-02 2.20E-02 2.20E-02 2.20E-02

2 Yes* Yes* Yes* Yes* Yes* Failure of diesel is largest contributor to risk (50.3%)5.71E-03 2.32E-03 2.36E- 03 2.31E-03 2.31E-03

3 Yes* Yes Yes Yes Yes 1 Diesel account for 86.6% of risk 4.86E-03 1.68E-03 1.72E-03 1.67E-03 1.67E-03

4 Yes* Yes Yes Yes Yes LOOP + CCF of diesels accounts for 14.5% of risk 3.82E-03 5.97E-04 6.29E-

04 5.81E-04 5.81E-04 LOOP + random failure of diesels accounts for

27.1% of risk 1 DC Transmission loop accounts for 25.1% of risk

5 Yes* Yes Yes Yes Yes LOOP + CCF of diesels accounts for 18.5% ofrisk

3.75E-03 4.69E-04 5.02E-04

4.52E-04 4.52E-04 LOOP + random failure of diesels accounts for 35.5% of risk

*Did not meet deterministic criteria.

Department of Nuclear Science and Engineering 14

Screening based on Probabilistic Goals (6-9)Conditional Core Damage Probability given a LOCA

Number of ECCS Loops

Design 1x100

% 2x100

% 3x50 %

3x100 %

4x50 %

PRA Insights (3x100% ECCS Loops)

Mean CCDP 6 Yes* Yes Yes Yes Yes LOOP + CCF of diesels accounts for 2.84% of risk

3.59E-03 5.18E-04 5.34E-04

2.96E-04 2.96E-04 LOOP + random failure of diesels accounts for 1.8% of risk

7 Yes* Yes Yes Yes Yes ~99% of risk due to CCF of ECCS or DC components3.40E-03 1.61E-04 1.97E- 1.43E-04 1.43E-04

8 Yes* Yes Yes04 Yes Yes ~99% of risk due to CCF of ECCS or DC components3.42E-03 1.55E-04 1.88E- 1.38E-04 1.38E-04

9 Yes* Yes Yes04 Yes Yes ~99% of risk due to CCF of ECCS components2.16E-04 1.15E-04 1.66E- 1.03E-04 1.03E-04

Conditional Core Damage Probability given ECCS Loop LOCA 04

9 No Yes* Yes* Yes Yes ~86.6% of risk due to CCF of ECCS components

1.00E+00 4.70E-03 7.48E-03

1.49E-04

1.49E-04 12.1% of risk due to random failure of ECCS components

*Did not meet deterministic criteria.

Department of Nuclear Science and Engineering 15

Results of the Iterative ECCS Design GuidanceCDF

(3x100% CDF ECCS reduction

Design Configuration Loops) factor 1 1.21x10-5 1.00

2 No Diesels, 1x100% DC Battery

1.29x10-6 9.4

3

1x100% Diesel, 1x100% DC Battery

8.59x10-7 14.1

4 1x100% Diesel, 2x100% DC Battery

3.11x10-7 39.0

2x100% Diesel, 2x100% Battery, 5

2x100% Diesel, 2x100% Battery

2.47x10-7 49.0

3x100% Diesel, 2x100% Battery, 6

2x100% Transmission

1.64x10-7 73.8

3x100% Diesel, 2x100% Battery, 2x100% Transmission,

7

2x100% Transmission

1x100% Secondary onsite Turbine 7.96x10-8 152.0

3x100% Diesel, 2x100% Battery,2x100% Transmission,

8 1x100% Secondary onsite Microturbine 7.58x10-8 159.6

3x100% Diesel, 2x100% Battery,2x100% Transmission, Nitrogen

9 Accumulator 1.35x10-7 89.6 Department of Nuclear Science and Engineering 16

17

Insights

• • PRA insights were used to

– – –

• Are

• -8 ry-1).

• As such,

• improvement (Designs 1-8).

–

– (11.5%).

• Deliberation allows – The inclusion of best engineering practices –

proliferation resistance, and physical protection)Department of Nuclear Science and Engineering

Data appropriate for gas reactors are needed.

change the configuration of the design (Designs 5 and 6) add a secondary onsite power source (Designs 7 and 8) add a nitrogen accumulator system (Design 9)

Several designs satisfied the probabilistic goals but not the deterministic criteria. the latter “unnecessary regulatory burden?” Design 8 (3x100% loops; microturbine; elimination of the failure-to-start mode for an onsite AC power supply) is best in terms of CDF (7.58x10Mircoturbines have never been used in a NPP emergency power supply system. they will be thoroughly scrutinized during the licensing process. Data are needed. Adding redundant ECCS loops beyond 2x100% capability does not result in significant

This is due to the insensitivity of the CCF models. No quantitative guidance exists as to how the values of the beta factor change when the design changes. Causes: hardware (48.3%), maintenance (26.1%), operations (14.1%), environment

Comparison with other NERAC goals (sustainability, economics, reliability,

18

Bibliography

• S.E.,

, June 4-5, 2001,

• , 235:1537-1556, 2005.

• , 149:129-140, 2005.

•

, pp. 408-413,

• Second Status Paper on the Staff’s Proposed Regulatory

Licensing

Department of Nuclear Science and Engineering

Apostolakis, G.E., Golay, M.W., Camp, A.L., Durán, F.A., Finnicum, D., and Ritterbusch, “A New Risk-Informed Design and Regulatory Process,” Proceedings of the Advisory

Committee on Reactor Safeguards Workshop on Future ReactorsNUREG/CP-0175, US Nuclear Regulatory Commission, Washington, DC, 2001. Delaney, M.J., Apostolakis, G.E., and Driscoll, M.J., “Risk-Informed Design Guidance for Future Reactor Systems,” Nuclear Engineering and DesignPagani, L.P., Apostolakis, G.E., and Hejzlar, P., “The Impact of Uncertainties on the Performance of Passive Systems,” Nuclear TechnologySorensen, J.N., Apostolakis, G. E., Kress, T.S., and Powers, D.A., “On the Role of Defense in Depth in Risk-Informed Regulation,” Proceedings of PSA ‘99, International Topical Meeting on Probabilistic Safety Assessment Washington, DC, August 22 - 26, 1999, American Nuclear Society, La Grange Park, Illinois. US Nuclear Regulatory Commission, Structure for New Plant Licensing and Update on Policy Issues Related to New Plant

, SECY-05-0006, Washington, DC, January 7, 2005.