LA-UR- . 96-8049

Los Alarnos National Laboratory is operated by the University of California for the United States Department of Energy under contract W-7405-ENG-36

TITLE: Use of Quantitative Hazard Analysis to Evaluate Risk Associated with US Department of Energy Nuclear Explosive Operations RECEjVED

MfiR 1 3 1996

AUTHOW): S. R. Fisher, D. A. OBrien, J. Martinez, and M. LeDoux

SUBMITTED TO: International Conference on Probabilistic Safety Assessment and Management June 2626,1996 Crete, Greece

DISCLAIMER

This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsi- bility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Refer- ence herein to any specific commercial product, process, ,or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recom- mendation, or favoring by the United States Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.

BY aCL-,-.- -. published form of this contribution, to to allow others to do so, for U. S. Government purposes.

The Los Alamos National Laboratory requests that the publisher identify this article a s wok performed under the auspices of the U. S. Department of Energy.

Y...VIY, p,uu~lallrl IGW~I I ILC~ oiai UIW u. a. government retains a nonexclusive, royalty-free license to publish or reproduce the

Los A Los Alamos National Laboratory Los Alamos, New Mexico 87545

Use of Quantitative Hazard Analysis to Evaluate Risk Associated With US Department of Energy

Nuclear Explosive Operations

S. R. Fischer, D. A. O’Brien, J. Martinez, and M. LeDoux Los Alamos National Laboratory

Probabilistic Risk & Hazard Analysis Group Engineering Science & Applications Group

1 Introduction Quantitative hazard assessments (QHAs) are being used to support the US Depart- ment of Energy (DOE) Integrated Safety Process (SS-21), Nuclear Explosive Safety Studies (NESS) , and Environmental Safety and Health (ES&H) initiatives. The QHAs are used to identify hazards associated with DOE nuclear explosive operations. In 1994, Los Alamos National Laboratory, Sandia National Laboratory, and the Pantex Plant participated in a joint effort to demonstrate the utility of performing hazard assessments (HAS) concurrently with process design and development efforts. Early identification of high risk operations allow for process modifications before final process design is completed. This demonstration effort, which used an integrated design process (SS-21), resulted in the redesign of the dismantlement process for the B61 center case.

The SS-21 program integrates environment, safety, and health (ES&H) and nuclear explosive safety requirements. QHAs are used to identify accidents that have the potential for worker injury or public health or environmental impact. The HA is used to evaluate the likelihood of accident sequences that have the potential for worker or public injury or environmental damage; identify safety critical tooling and procedural steps; identify operational safety controls; identify safety-class/significant systems, structures and components; identify dominant accident sequences; demonstrate that the facility Safety Analysis Report (SAR) design-basis accident envelops process-specific accidents; and support future change control activities.

To address the multitude of requirements being imposed on process hazard assess- ments, Los Alamos developed a QHA methodology based on HA efforts conducted at the Los Alamos Plutonium Facility. The methodology has now been used in HAS for the B61 L2 and W69 dismantlement efforts and for the W76 surveillance program.

This paper summarizes the evolution of requirements for the conduct of risk or hazard assessments for nuclear explosive operations and the approach that Los Alamos is taking to address those requirements. The Los Alamos QHA approach integrates traditional probabilistic safety assessment tools (fault trees, event trees, uncertainty analysis, importance measures, etc.) with qualitative hazard assessment methods to develop an effective QHA methodology for nuclear explosive operations.

’

. I

2 Early Orders and Guidance Chapter IX of DOE Order 5610.11 (October 10, 1990) requires a quantitative risk assessment (QRA) for all onsite operations and offsite transportation for credible accidents that could disperse plutonium from a nuclear explosive. Shortly after the order was promulgated, DOE began a study, the Tri-Lab study, to determine if mean- ingful QRAs could be performed and whether risk goals could be established for nuclear explosive operations. DOE issued Interim Guidance on February 22,1994, that called for a transition plan to achieve full compliance with DOE Order 5610.11 Qurequirements by January 1,1996. Additionally, in response to Defense Nuclear Facility Safety Board (DNFSB) concerns, the DOE Albuquerque Office initiated the SS-21 program, which requires the use of risk and hazard assessment tools to to reduce the risks associated with nuclear explosive operations.

During this time frame, DNFSB Recommendation 93-1 recommended that DOE address inconsistancies in the safety requirements for DOE nuclear explosive facilities compared with other DOE defense nuclear facilities. The DNFSB also had been reviewing all DOE nuclear explosive safety programs and had identified apparent deficiencies related to the lack of adequate documentation and guidance. Additionally, the DNFSB expressed concern about the mechanisms by which DOE addressed risk associated with the dispersal of other radioactive and toxic materials. A significant portion of the DOE nuclear explosive safety order rewrite initiative addresses SS-21 and DNFSB issues.

3 Tri-LabStudy In response to concerns about fulfilling requirements of Chapter IX of DOE Order 5610.11 (10/10/90), DOE investigated the feasibility of performing QRAs and of setting quantitative risk goals for nuclear explosive operations. As part of this effort, Los Alamos, Lawrence Livermore National Laboratory, and Sandia performed QRAs of nuclear explosive operations associated with a Los Alamos-designed conventional high explosive (HE) weapon system and a Livermore-designed insensitive HE weapon system. The primary goal of the Tri-Lab Study was to investigate the feasibility of quantitative standards based on the public risk of radiation exposure from accidental plutonium dispersal. Risk included the likelihood (or frequency) and the consequence. In addition to estimating risks, the study quantified the QRA’s uncertainties, identified significant contributors to risk, and recommended measures for reducing risks and analysis uncertainties. A detailed discussion of the Tri-Lab study was provided by O’Brien?

The QRA was limited to analyzing the risks of plutonium dispersal during operations involving the nuclear explosive operations. The risks considered for the study were limited to offsite risks; the study did not address potential risks to onsite personnel or onsite contamination. The QRA was limited to estimating latent cancer fatalities within offsite populations and offsite area contamination.

The risk associated with the disassembly process was found to be very small. The expected individual risk for latent cancer fatality was calculated to be many orders of magnitude less than the Secretary of Energy’s goal for nuclear facilities (2 x per individual per year-less than a 0.1 % increase in an individual’s risk of cancer).

The study concluded that the real benefit of the QRA was in facilitating risk reduction during process design and development. By providing importance meas- ures for basic events, the analyst can determine which events contribute most to the accident frequency early in the process design. Tooling and processes may then be modified to minimize the likelihood of the important base events from occurring or to mitigate the consequences. This iterative risk reduction process forms the basis for the Seamless Safety or SS-21 process.

4 SS-21 Program The philosophy of the SS-21 Process is to achieve the highest level of safety and provide defense in depth. The purpose of the SS-21 Process is to produce safe, efficient, and effective operations that are driven by design, not by review. The principle of defense in depth includes such items as

using conservative design margins and quality assurance, designing processes to eliminate accident scenarios, employing configuration management across the board, ensuring the use of highly trained and qualified personnel, ensuring facility and operational readiness, using controlled, conservatively developed and tested procedures, and employing safety analysis to evaluate the entire process.

At the highest level, all DOE nuclear explosive operations must meet qualitative safety standards to prevent unintended nuclear detonation or fissile material dispersal. These standards require positive measures to

minimize the possibility of accidents, inadvertent acts, or authorized activ- ities that could lead to fire, HE deflagration, or unintended HE detonation; minimize the possibility of fire, HE deflagration, or HE detonation given accidents or inadvertent acts; and minimize the possibility of deliberate unauthorized acts that could lead to HE deflagration or HE detonation.

5 Los Alamos Quantitative Hazard Assessment Process As noted above, to address the HA requirements being promulgated, Los Alamos developed a QHA methodology that provides a systematic approach for identifying hazards associated with nuclear explosive assembly/disassembly activities and for assessing the risk associated with those hazards qualitatively or quantitatively. A QHA is performed to answer three questions.

What can happen? How likely is it (frequency estimate)? What is the impact (consequence estimate)?

A QHA is a formal, systematic, in-depth method for evaluating a set of possible accident scenarios associated with an activity. Frequency estimates of occurrence for all scenarios are assessed along with estimates of the damage level. Credit is taken for any existing protective features to reduce the likelihood of occurrence of each accident scenario and for mitigative features that may limit the consequences of a scenario. Each accident scenario is assigned a “risk rank” based on the estimates of the frequency of occurrence and the consequence level. The entire set of accident scenarios then can be sorted in several ways-by the severity of the risk rank, by consequence level, or by disassembly activity.

The primary objectives of the QHA are

to facilitate the integration of safety into the design of the assembly/dis- assembly process through early identification of hazards, to support the identification of possible initiating events and accident sce- narios for the risk assessment of the assembly/disassembly process, and to aid in meeting the Occupational Safety and Health Administration (OSHA) process safety management requirements for the assembly/dis- assembly process.

Figure 1 shows the integrated HAprocess developed at Los Alamos to support the SS-21 and DOE NESS activities. A brief description of the activities shown in Fig. 1 is presented below:

5.1 Hazard Assessment Preparation

The success of a QHA relies heavily on the composition and competency of the analysis team, the availability of information about the process, the hazards associ- ated with the individual process components, the facilities in which the process takes place, and the skills and training of the personnel performing process operations. Each member of the HA team must be knowledgeable in one or more aspects of the weapon disassembly being studied. Process information should be collected and organized to facilitate its use during the QHA consistent with the maturity of the process design. When only conceptual information about procedures, the facility, and tooling and equipment design is available, the QHA focuses on identifying and minimizing activities with the potential to pose the dominant risks.

As the process matures, procedures can be used to develop a block diagram of the process that focuses the analysis activities. Information related to tooling should be evaluated to identify possible failure modes or possible misapplications that could create or contribute to an accident. Incident information should be analyzed to identify unusual occurrences or circumstances that need to be considered in deter- mining what types of accidents are likely or credible. Weapons component hazard information should be summarized in a manner that supports HA team evaluation of the possible consequences of the response of the weapon component to the types of stimuli that can result from postulated unusual occurrences or circumstances. Facility information should be analyzed to identify facility responses to natural phenomena and external events that could affect the safety of disassembly

Accident Sequence Identification

I I I i f b-HTi‘k-YF1 Assessment Redesign Development

- Existing Prccess - Tooling I - WeaponHazards - Procedures

-scope - Team - Dala

I I

I I I

!

Identify Acddent Positive

Measures

- NESFS - uncectainly Design - SSCS - lnportance

NESS - DonhntAaldents

Fig. 1. Flow chart of integrated HA process operations, possible faults in facility support systems that could cause or prevent mitigation of accidents, and possible effects of concurrent operations on the safety of disassembly operations. Personnel skills and training information should be reviewed to identify situations in which a lack of required skills or training defi- ciencies may increase the likelihood that operators will take inappropriate action and to support estimation of the probability that operators will take appropriate action under both normal and unusual circumstances.

5.2 Accident-Sequence Identification

During the accident-sequence identification phase, the team members should review the procedure steps associated with each “block” of the process to identify potential hazards and possible human errors or equipment failures that could be initiating events in an accident scenario involving these hazards. Actual walkthroughs or videotapes of a walkthrough of the process combined with traditional hazard analy- sis techniques, such as the use of “what if’ questions or guide words can be used to assist the QHA team in this process. The team should develop accident scenarios for all cases where there is an initiating event with consequences to public health and safety, the environment, or facility employees. For these accident sequences, the event frequency and consequence should be estimated.

When the accident sequences have been developed, a risk matrix should be employed to provide a consistent estimate of their overall significance (i.e., risk). Consensus recommendations should be developed for reducing risks for significant accident scenarios and transmitted to the various SS-21 Task teams.

5.3 Accident-Sequence Analyses

Per guidance in Draft DOE-STD-XXXX-95, accident-sequence likelihoods are analyzed using rigorous analytical probabilistic techniques and a graded approach; i.e., more rigorous techniques, including uncertainty analyses, are used for high- consequence scenarios. For the high-consequence accident sequences involving HE detonatioddeflagration and nuclear detonation positive measures are also identified and documented.

5.4 Documentation

After the final process design has been developed and the associated risks reduced to the maximum extent practicable, the results of the HA are documented in the NEHA and HAR. This minimally should include a brief description of the dominant risk accidents and their associated frequencies and consequences, the methodology used to identify and quantify these accidents, the risk reduction recommendations made to the SS-21 teams, and the disposition of these recommendations. Apeer review of the entire HA should be conducted before finalizing documentation.

6 Conclusions The B61 and W69 SS-21 dismantlement efforts indicated that HAS can be conducted in parallel with process design and development and can contribute to risk reduction efforts by identifying the major contributors to risk. The Los Alamos QHA methodology, which uses traditional probabilisitic safety assessment tools combined with HA methods, has proven to be an effective approach to address current DOE requirements for risk assessments of nuclear explosive operations.

References 1. Bott, T. F., and S . W. Eisenhawer. A hazards analysis of a nuclear explosives dis-

mantlement. Los Alamos National Laboratory document LA-UR-95-1774,1995 2. Fischer, S . R., H. Konkel, T. E Bott, S . W. Eishenhawer, L. DeYoung, and

J. Hockert. Use of hazard assessment to achieve risk reduction in the US DOE stockpile stewardship (SS-21) program. Los Alamos National Laboratory document LA-UR-95-1670,1995.

3. O’Brien, D. A., T. R. Bement, and B. C. Letellier. Probabilistic risk assessment of disassembly procedures. Proceedings of PSAM-II, Volume 3, San Diego, California, March 20-25, 1994.