fulfillment of user requirement ur 1.6 independence of did ... 2... · rps n/a jdh (atws) n/a drop...
TRANSCRIPT
Denis Kolchinsky
Project Chief Engineer
Fulfillment of User
Requirement UR 1.6 –
independence of DiD levels
in AES-2006 design
19-22 November, 2013 INPRO Forum, IAEA, Vienna
State Atomic Energy Corporation ROSATOM
Branch of Joint Stock Company «East-European leading scientific research and design
institute for energy technology»
Saint-Petersburg R&D Institute “Atomenergoproject” (SPbAEP)
19-22 November, 2013 INPRO Forum, IAEA, Vienna
An assessment should be performed for an INS to
demonstrate that different levels of defense-in-depth are met
and are more independent from each other than for existing
systems.
User requirement UR1.6
19-22 November, 2013 INPRO Forum, IAEA, Vienna
Defense-in-depth is a main philosophy to ensure nuclear safety
for all nuclear power plants.
The independence of DiD levels is an essential strategy to
ensure the design safety concept success.
The fundamental states
19-22 November, 2013 INPRO Forum, IAEA, Vienna
Assessment of Defence in Depth for Nuclear Power Plants. Safety Reports Series No.46.
Guidance for the Application of an Assessment Methodology for Innovative Nuclear Energy Systems. INPRO Manual — Safety of Nuclear Reactors . Tecdoc 1575 Volume 8.
WENRA Report Safety of new NPP designs. Study by Reactor Harmonization Working Group RHWG, March 2013
References:
19-22 November, 2013 INPRO Forum, IAEA, Vienna
NPP safety is assured at the expense of sequential implementation of the
defense-in-depth concept based on using the system of physical barriers on the
way of spreading of ionizing radiation and radioactive substances into the
environment and the system of organizational and technical measures on
protection of the barriers and keeping their efficiency, as well as on protection of
personnel, population and the environment.
fuel matrix (pallets)
fuel rod cladding
reactor coolant system
boundary
primary containment
Physical barriers
Level 1. Prevention of abnormal operation
and failures.
Level 2. Control of abnormal operation and
detection of failures.
Level 3. Control of accidents within the
design basis
Level 4. Severe accident management.
Level 5. Emergency planning.
Organizational and technical measures
Defense-in-depth concept
The same for V-320
and AES-2006
19-22 November, 2013 INPRO Forum, IAEA, Vienna
Fundamental safety functions
Fundamental safety functions are aimed at fulfillment of the tasks
of physical barrier protection on the way of radioactive substances
propagation:
Reactivity monitoring and control;
Provision of reliable heat removal from the reactor core:
Keeping the coolant inventory with leaky primary
circuit;
Provision of primary circuit integrity (with leak-tight
primary circuit);
Provision of heat removal by the secondary circuit;
Localization and reliable retention of radioactive fission
products.
19-22 November, 2013 INPRO Forum, IAEA, Vienna
DBC and DEC definition
19-22 November, 2013 INPRO Forum, IAEA, Vienna
DEC
DBA
Level 3
3a
Control of accident
to limit radiological
releases and
prevent escalation
to core damage
conditions
Using engineering safety facilities and accident management
procedures:
- prevention of escalation of initiating events to DBA and of
DBA to BDBA by the use of reactor protection system, safety
systems and accident procedures;
- mitigation of consequences of accidents which failed to be
prevented, by localizing radioactive release;
- postulated single initiating events.
- prevention of core damage by additional safety features and
accident procedures in case of safety function failure at the
level 3a;
- postulated multiple failure events;
- considered CCF of I&C and CCF of mechanical equipment.
3b
In April 2013 there new report with defense in depth (DiD) requirements for
new reactors was issued by WENRA. In particular there has been stated that
the third DiD level shall be divided into two sub-levels:
New safety requirements and challenges
19-22 November, 2013 INPRO Forum, IAEA, Vienna
Guides and
Owner
Requirements
Design
Just
ific
atio
n
Assessment
Modification
Deterministic and Probabilistic Approaches
Generally independence justification analyze is performed using
deterministic approach (including hazards analysis) and than
technical solutions are verified by probabilistic method.
19-22 November, 2013 INPRO Forum, IAEA, Vienna
Deterministic Approach
Level 1
Level 2
Level 3a
Level 3b
Level 4
SSC-1
SSC-2
SSC-3
SSC-4
SSC-1
Set of SSC DiD level Each set of SSC includes:
-Mechanical SSC
-I&C
-Electrical sources
-etc
Saf
ety d
egra
dat
ion
In each defense-in-depth level the special set of SSC for implementation
of all necessary safety function is provided the design.
19-22 November, 2013 INPRO Forum, IAEA, Vienna
Safety Functions
Reactivity Control
Core Cooling
Primary Circuit Heat Removal
Prevention of Primary Circuit Damage
Prevention of Activity Release
Rea
ctor
con
trol
an
d
pro
tect
ion
syst
em
Low
an
d h
igh
pre
ssu
re i
nje
ctio
n t
o
the
pri
mary
cir
cuit
, P
ass
ive
inje
ctio
n f
rom
acc
um
ula
tors
, in
term
edia
te
cooli
ng c
ircu
it s
yst
em
Em
ergen
cy f
eed
wate
r
Ste
am
dis
cha
rge
to t
he
atm
osf
ere
Pre
ssu
rize
r sa
fety
valv
es
Pri
mary
cir
cuit
safe
ty v
alv
es o
f lo
w
pre
ssu
re
Cu
toff
valv
es s
yst
em,
Em
ergen
cy
spra
y s
yst
em,
Hyd
rogen
rec
om
bin
ers,
C
hem
ical
reag
ents
su
pp
ly
Reactor Coolant Inventory
• Secondary Heat Sink • Steam Generator Feed
Pressure Limitation in Reactor Coolant System
• Pressure Limitation in Containment • Cutoff the Containment • Heat Removal from the Containment
• Reactor Shutdown • Reactor Power limitation • Subcriticaly in Shutdown Condition
Em
ergen
cy b
oro
n i
nje
ctio
n
syst
em,
volu
me
an
d b
oro
n
con
trol
syst
em
Main
Poss
ibil
ity t
o u
se t
wo h
igh
p
ress
ure
in
ject
ion
pu
mp
s in
stea
d o
ne
low
pre
ssu
re p
um
p
Pass
ive
hea
t re
moval
syst
em v
ia
stea
mgen
erato
rs
Pass
ive
hea
t re
moval
syst
em f
rom
th
e co
nta
inm
ent
Div. Main Div.
Main Div. Main Div.
Main Div.
Safety Functions Diversity
19-22 November, 2013 INPRO Forum, IAEA, Vienna
Safety levels Level 1 Level 2 Level 3a Level 3b (DEC-A) Level 4 (DEC-B)
Level name Control under NO and Prevention of AOO Prevention of DBA
Control of DBA and
prevention BDBA BDBA management without core melting Severe Accidents
Technical Features Technical features of normal operation Technical features of normal operation Safety systems I&C Common Cause Failure Mechanical Features Common Cause Failure
Канал
электроснабжения
технологической
системы
5 / 6 1 / 2 / 3 / 4 Internal self-
protection
5 / 6 1 / 2 / 3 / 4 Passive principle
1 / 2 / 3 / 4 5 / 6 1 / 2 / 3 / 4 7 / 8 Passive principle 5 / 6 1 / 2 / 3 / 4 7 / 8 Passive principle 7 / 8 Passive principle
Reactivity control
Power limitation and/or
reactor shutdown
APC, GICS PP Feedback APC, PLC, PP,
SPP
PP Drop of the CPS
absorbing rods into
the core under
gravitation
RPS N/A JDH (ATWS) N/A Drop of the CPS
absorbing rods into
the core under
gravitation
GICS JDH (ATWS) N/A Drop of the CPS
absorbing rods into
the core under
gravitation
N/A Core melt is
subcritical
Control of self-
supporting fission
chain reaction
APC, GICS,
KBA
N/A N/A APC N/A ECCS HP,ECCS
LP, heat exchangers
of ECCS
N/A ECCS HP N/A JDH (ATWS)
Subcriticality assurance KBA, KBC
equipment
N/A N/A KBA, KBC
equipment
N/A N/A Elimination of boric
delution (cut-off
valves)
N/A Elimination of boric
delution (cut-off
valves)
N/A AT KBA and KBC
equipment
JDH (ATWS) N/A AT N/A Properties of the core
catcher sacrificial
material
Heat removal from
reactor core
Coolant reserve
maintenance at primary
circuit leakiness
KBA N/A Considerable
volume of the
coolant in PRZR
and PCP
KBA N/A N/A ECCS HP, AT,
ECCS LP
N/A ECCS HP N/A AT KBA JDH N/A AT N/A N/A
Pressure maintenance
in the primary circuit
TEH, controller
of the injection
into PRZR
N/A Design solutions
of PRZR
TEH, controller of
the injection into
PRZR, quick-acting
injection valves
N/A N/A PPOSV N/A N/A N/A PPOSV use of
spring
Controller of the
injection into
PRZR, quick-acting
injection valves
N/A N/A PPOSV use of
spring
N/A N/A
Provision of heat
removal by the primary
circuit systems
RCPS-SG-
Reactor
Under cooldown:
ECCS LP, heat
exchangers of
ECCS
N/A RCPS-SG-Reactor
(train 5/6) Under
cooldown:
ECCS LP, heat
exchangers of
ECCS (train
1/2/3/4)
Under cooldown:
ECCS LP, heat
exchangers of ECCS
Continuous inertial
rundown of RCPS
under the action of
special rotating
masses
ECCS LP, heat
exchangers of
ECCS
N/A N/A N/A Continuous inertial
rundown of RCPS
under the action of
special rotating
masses
N/A N/A N/A
(if required Feed
and bleed through
additional control
line of PPOSV)
Continuous inertial
rundown of RCPS
under the action of
special rotating
masses
SG PHRS, (
provision <1МПа)
Core catcher cooling
with water from
inspection shafts,
fuse valve
Pressure maintenance
in the secondary circuit
TG CV N/A Design solutions
of SG
BRU-K N/A N/A BRU-A, SG POSV N/A N/A N/A SG POSV (passive,
use of spring)
BRU-K N/A N/A SG POSV (passive,
use of spring)
N/A SG POSV (passive,
use of spring)
Provision of heat
removal by the
secondary circuit
systems
TG, BRU-K,-
SN,-D SEFP,
EFP, CP, RP
N/A Considerable
volume of SG
boiler water
BRU-K,-SN,-D
SEFP, EFP, CP, RP
N/A N/A EEFP, BRU-A N/A N/A SG PHRS, makeup
pump of PHRS and
fuel pool
SG POSV (passive,
use of spring)
BRU-K,-SN,-D
SEFP, EFP, CP,
RP, Technical
Condencer
N/A SG PHRS, makeup
pump of PHRS and
fuel pool
SG POSV (passive,
use of spring)
SG PHRS N/A
Limitation of fission
products release
Limitation of pressure
inside the containment
NO ventilation N/A Design solutions,
safety margins
NO ventilation N/A N/A JMN (spray system) N/A N/A Makeup pump of
PHRS and fuel pool
Containment vessel
PHRS, passive
autocatalytic
hydrogen
recombiner
N/A N/A Makeup pump of
PHRS and fuel
pool
Containment vessel
PHRS, passive
autocatalytic
hydrogen
recombiner
Make up pump of
PHRS and fuel pool
Containment vessel
PHRS, passive
autocatalytic
hydrogen recombiner
Localization inside the
containment
NO ventilation N/A Design solutions,
safety margins
NO ventilation N/A N/A Localization of SV
JMN (spray system-
chemicals supply
into SV)
N/A N/A N/A Containment N/A N/A N/A Containment N/A Containment, core
catcher
Localization in the
annular space
HVAC
(Ventilation in
the annular
space) (NO)
N/A Design solutions,
safety margins
HVAC (Ventilation
in the annular
space) (NO)
N/A N/A KLC (Ventilation in
the annular space)
KLG (isolation of
ventilation in the
annular space from
ventilation systems)
N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
Localization in SG N/A N/A Design solutions,
safety margins
N/A N/A N/A MSIV, localizing
valves of SG
blowdown, valves
of feedwater,
emergency
feedwater, isolation
gate valve upstream
BRU-A) JDH on
injection in PRZR -
during primary-to-
secondary leakage.
N/A MSIV, localizing
valves of SG
blowdown, valves
of feedwater,
emergency
feedwater, isolation
gate valve upstream
BRU-A) JDH on
injection in PRZR -
during primary-to-
secondary leakage.
N/A N/A N/A Motor-operated gate
valve in steam line
N/A N/A N/A N/A
Localization in
auxiliary systems
N/A N/A Design solutions,
safety margins
N/A N/A N/A Localizing valves
on auxiliary systems
N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
Supporting systems
I&C system NO I&C NO I&C N/A NO I&C NO I&C N/A ESFAS N/A Hard Wired Deversity I&C N/A NO I&C ESFAS I&C for BDBA N/A I&C for BDBA N/A
Power supply NO power supply NO power supply N/A NO power supply,
RGM, ASB, unit
SB
Emergency DG N/A Emergency DG,
emergency SB
N/A Emergency DG,
emergency SB
SB for BDBA,
movable DG
N/A Unit SB emergency SB SB for BDBA,
movable DG
N/A SB for BDBA,
movable DG
N/A
HWAC HWAC for NO HWAC for NO N/A HWAC for NO HWAC for NO N/A Ventilation in
Safety building
N/A Ventilation in
Safety building
N/A N/A HWAC for NO N/A HWAC for BDBA N/A N/A N/A
Cooling water PGB KAA, PEB N/A PGB KAA, PEB N/A KAA, PEB N/A KAA, PEB N/A N/A PGB N/A N/A N/A N/A N/A
Safety class of
technical features
(according Russian
standards)
2
3
4
Conservative and
passive means
Analyzing Approach
19-22 November, 2013 INPRO Forum, IAEA, Vienna
Probabilistic Assessment
IAEA requirement:
CDF=10-5 1/r*y
LRF=10-7 1/r*y
AES-2006 result:
CDF=5,9 10-7 1/r*y
LRF=3,7 10-9 1/r*y
19-22 November, 2013 INPRO Forum, IAEA, Vienna
Denotation Postulated Initiating Event Loss of a safety system
ATWS Anticipated Transient Fast shutdown
Station blackout Loss of off-site power Emergency power supply
Total failure of all computer I&C systems
Loss of normal operation I&C ESFAS
Total loss of feed water Loss of main feed water Emergency feed water supply
CCF at LOCA Small LOCA High pressure emergency injection system.
“Heavy” commercial aircraft crush
Extremely external impact Dismantling of safety building and loss of all safety systems in it
Some examples of common cause failure events postulated
in the design are presented in the following table.
19-22 November, 2013 INPRO Forum, IAEA, Vienna
Conclusions
Assessment in accordance with INPRO methodology
hadn’t been implemented for AES-2006 design, but
All necessary information for the assessment is
contained in the design documentation
Analyzes implemented by other method had improved
that Criterion 1.6.1 is met
THANK YOU FOR THE ATTENTION !
19-22 November, 2013 INPRO Forum, IAEA, Vienna