11.5Considerations
Most of the existing PSAs already account for shared equipment and systems, as well as cross-tie capability (including manual cross-tie from the unaffected unit) as allowed by design and procedures. If multi-unit considerations are taken into account in the PSA, and if a shared part has the capacity to support only one plant at a time, then a shared availability factor should be incorporated into the system fault tree, reflecting the probability that the other plant will not need the asset in order to meet minimal functional success criteria. The shared availability factor should include the human error probabilities of implementing the actions, and hardware failure probabilities. For the events that involve more than a single unit, the mitigating functions in the Level 1 PSAs could be modelled for the selected reference model unit, but it should reflect also the impact of the event on the other units. For example, the success criteria for common systems such as emergency power and water should reflect the demand requirements on the system following a common mode event that affects all units. The reduced availability of shared systems (or through inter-unit ties for specific systems) following events that could affect the supplying unit should be considered. It is necessary to review relevant system fault trees where operator action to cross-tie units is credited and to ensure the adequacy of actual plant and operator response to an event (e.g., time available for operator response vs. feasibility of recovery actions under changing environmental conditions).
11.6Connections with other facilities outside the plant
The framework for site assessment should include as well the “site configuration” with other facilities, as a multiple source area, which prompts new scenarios by the interaction between/among units and the other facilities, which are as well radioactive sources on the site, like the irradiated fuel in the spent fuel pool. These interactions can create more challenging accident sequences than sequences evaluated for a single plant, increasing the site risk, particularly in terms of radioactive releases (i.e. LRF) and health effects. This is the case, for instance, of a multi-unit configuration for a two units site with a common spent fuel pool, taken as an illustrative example. Clearly the spent fuel state is dependent on the configuration of the two units, that is whether both units are in operation or one in operation and the other in a refuelling outage or maintenance outage.
12L1 PSA QUANTIFICATION
The L1 PSA models for man-made hazards shall encompass dangerous phenomena linked to the industrial environment, the dangerous goods transportation (by road, by rail or by ship) and the aircraft crash. Hazards such as fire, explosion or toxic release can then occur and have to be assessed regarding the nuclear facility safety objectives. However, physical processes for same types of fires and explosions needs very complex model if high accuracy has to be achieved. Moreover, the results of external events PSA are sensitive to the modelling of dependencies between initiating events and safety system failures as well as between failures of different safety systems which was described in chapter 8 of this report. It makes quantification of the man-made hazard or aircraft crash PSA much more challenging when compared to the internal events L1 PSA and some additional considerations must be given to achieve the usable results.
First of all, in the aircraft crash/man-made hazard PSA the multiple transients initiating failures should be taken into account which does not apply to the internal L1 PSA. These failures may place different, usually higher demands and challenges on plant systems and personnel concerning accident mitigation. Moreover, depending on the features of the plant designing the frequency of two simultaneous events may be much higher than the simple product of their particular frequencies. The calculation of the probabilities of cut sets containing correlated events involves multivariate integration of the joint probability distribution function of the cut set elements. This tends to increase the complexity of the calculation without sufficient justification of the numerical values of correlation coefficients between the different random variables for external induced failures.
Another issue is that the external events may lead to harsh personnel working conditions, problems in getting external aid and increases in emotional burden (site isolation as consequence of a fire, worrying about the situation of family members, adverse conditions for countermeasures requiring working outdoors). Sometimes, there are also specific emergency operating procedures, or plant systems and equipment designed for responding differently to an aircraft crash, fire or explosion event as compared to the response to other random initiators. Thus, the PSA for external hazards should take to account the potential for human response to be affected by the external event, and the available time for operator intervention for mitigation of external event effects needs to be considered. A shortage of time can affect the operator’s ability to think clearly, to consider alternatives and to perform the required tasks. The time pressure imposes heavy task load situations (task complexity) and high or extremely high stress level. It is important that the time available and the time needed to perform the action are considered together with many of the other PSFs and the demands of the accident sequence. The difference between the total available time and the time required (i.e. the extra time available) should be divided by the time required to assess the available time margin which is the key factor for the feasibility assessment.
The extension of mission time is especially important for the assessment of the feasibility of the recovery and repair actions. The failure to successfully perform such actions should be added to the accident sequence model thereby crediting the actions and further lowering the overall accident sequence frequency because it takes additional failures of these actions before the core is actually damaged. However, the influence of external event may not only increase the time to complete the tasks but also cause unsuccessful recoveries. Recovery actions that cannot be performed due to the impact of external hazards of certain magnitude should be removed from the Level 1 PSA model. Special attention should be paid to recovery actions, and to necessary actions to use the mobile equipment (pumps, DGs, etc.), especially when this equipment is shared between two or more units. The availability of site shared fire protection systems, mobile equipment and cars may be limited when the external event affects more than one unit.
The results of man-made hazards PSA should be presented and analysed in the form of probability/frequency distributions rather than point values. This requires an analysis of uncertainty to be performed. The outstanding role in the overall uncertainty assessment within aircraft crash/man-made hazards PSA play the uncertainties of HRA. The potential sources of these uncertainties are: dependences (e.g. common cognitive impact); stress; workload; communications, etc. The aircraft crash/man-made hazards PSA results should be interpreted in the context of internal L1 PSA to achieve the impact of external events on the overall risk associated with the facility operation. Based on the results of hazards scenarios analyses and evaluation of emergency response actions the preventive measures may be identified and implemented as deemed practical. This is especially important for the scenarios for which emergency actions are insufficient or cannot be implemented in timely manner to reduce the consequences below the acceptable level. Results of the aircraft crash/man-made hazards PSA may be used in optimization of mobile equipment location and storage protection features; arrangement of additional passageways to the plant site in order to reduce arrival time of mobile equipment; preventive arrival and set up of mobile equipment; reduction of fire loading materials adjacent to or on the nuclear site, arrangement of exclusion zones in close proximity to the plant and along the electrical transmitting lines to prevent external fires propagation; isolation of the air intake of the main control room in the event of toxic clouds; reinforcing the elements and structures that can cause seismic induced fires or block important access paths due to local structural collapse.
A very important issue is the comparison of existing experience in this area between partners having already developed such PSA, especially for long term accident sequences. This comparison should include the input data analysis and methods for the data collection, as well as assumptions, models and results of the man-made hazards PSA. Such a process could be carried out in the form of workshop and be focused on solving real problems. During this workshop one partner could present how the particular problem has been solved and the other participants might suggest some modifications. This approach allows for greater involvement of partners than only theoretical discussions.
Share with your friends: |