ML18108A404

From kanterella
Jump to navigation Jump to search
Draft Secy Paper, Functional Containment Performance Criteria for Non-Light Water Reactor Designs.
ML18108A404
Person / Time
Issue date: 05/10/2018
From: Michael Corradini
Advisory Committee on Reactor Safeguards
To: Kristine Svinicki
NRC/Chairman
Widmayer D, ACRS
References
Download: ML18108A404 (9)
v  d  e


Text

UNITED STATES NUCLEAR REGULATORY COMMISSION ADVISORY COMMITTEE ON REACTOR SAFEGUARDS WASHINGTON, DC 20555 - 0001 May 10, 2018 The Honorable Kristine L. Svinicki Chairman U.S. Nuclear Regulatory Commission Washington, DC 20555-0001

SUBJECT:

DRAFT SECY PAPER, FUNCTIONAL CONTAINMENT PERFORMANCE CRITERIA FOR NON-LIGHT WATER REACTOR DESIGNS

Dear Chairman Svinicki:

During the 652nd meeting of the Advisory Committee on Reactor Safeguards, April 5-7, 2018, we reviewed the draft SECY Paper, Functional Containment Performance Criteria for Non-Light Water Reactor Designs. Our Future Plant Designs Subcommittee also reviewed this matter during a meeting on February 22, 2018. During these meetings we had the benefit of discussions with representatives of the NRC staff. We also had the benefit of the referenced documents.

CONCLUSIONS AND RECOMMENDATIONS

1. The concepts of containment, confinement, and functional containment, as well as the need for them, have been under discussion for decades. With one exception (Fort St. Vrain), no commercial reactor has been licensed without a containment. Licensing a plant under functional containment performance criteria will be a major change in the implementation of regulations.
2. The non-light-water reactor functional containment principles proposed in the staff paper provide a vision for setting licensing policy and developing functional containment performance criteria.
3. A technology-inclusive, risk-informed, performance-based methodology should be adopted for establishing performance criteria for structures, systems, and components, and corresponding programs serving to limit the release of radioactive materials from non-light-water reactor designs.
4. A functional containment should include multiple barriers as defense-in-depth features that should be minimally dependent upon each other and diverse in nature.

BACKGROUND The ACRS entered this review with a long history of considering the concepts of containment, confinement, and functional containment as alternative approaches to ensuring retention of radioactive materials under normal operations and accident conditions. We have authored more than ten letter reports and other reports on the subject over the past fifty years. This history, augmented by memories of the kinds of discussions that led to these letters, offers a helpful perspective for examining the staff paper on functional containment and the proposed methodology for establishing performance criteria for structures, systems, and components, and corresponding programs serving to limit the release of radioactive materials from non-light-water reactors (non-LWRs).

The first nuclear power plant containment was built at West Milton, NY, in the early 1950s and it set a precedent that has been followed by all light-water reactors (LWRs) in the U.S. All have included some type of containment system and physical structure. The original plan for the West Milton site was based on a fast breeder reactor with the entire plant enclosed in a steel sphere. To ensure that an accident did not lead to immediate failure of the containment, it was designed to be capable of containing any reactor accident produced by a reactivity-induced energy release. Plans changed to a sodium-cooled prototype reactor, also with a steel sphere containment. Again, to prevent immediate failure, it was designed to withstand the pressure from burning sodium coolant. Later the sodium-cooled reactor was replaced with a LWR prototype. Soon after, the first commercial LWR was built at Shippingport, PA, and it had a containment. The containment design pressures and temperatures were based on the assumption of an instantaneous double-ended pipe break to ensure the containment would not fail immediately in the case of a loss-of-coolant accident. The same concept was used for other early LWRs.

An ACRS letter report in 1964 noted that while the first reactors used remote siting to protect the public, remoteness may be only a temporary condition and that there was economic advantage to building power plants closer to population centers. This called for increased engineered safeguards. The safeguards under consideration included containment/confinement concepts, containment pressure and temperature reducing systems, air cleaning to remove fission products, and core spray or safety injection systems to cool the reactor. At about the same time, LWRs were becoming larger with higher power densities and regulators became concerned about the ability of a containment structure to retain fission products in the case of a significant fraction of the core melting because of loss of ability to remove decay heat.

The Reactor Safety Study in 1975 provided evidence that the probability of severe accidents could be sufficiently large that they should not be ignored in reactor system design. This marked a serious effort to predict containment system performance under severe accident conditions. A number of failure modes were postulated for each containment type, and the fission product releases were categorized partly on the basis of the character of containment system failure. Failure to isolate was also identified as a possible failure mode. The experience of the accident at Three Mile Island reinforced the value of containment systems. Furthermore, the accident established the value of integrated, quantitative risk assessment.

In 1999, a seminal paper, On the Role of Defense in Depth in Risk-Informed Regulation, was issued as an attachment to an ACRS letter report [Reference 4]. The letter stated that improved capability to analyze nuclear power plants as integrated systems is leading us to reconsider the role of defense-in-depth. Two different perceptions of defense-in-depth were identified. In one

view (the "structuralist" view), defense-in-depth is considered to be the application of multiple and redundant measures to identify, prevent, or mitigate accidents to such a degree that the design meets the safety objectives. This is the general view taken by plant designers. The other view (the "rationalist" view) sees the proper role of defense-in-depth in a risk-informed regulatory scheme as compensation for inadequacies, incompleteness, and omissions of risk analyses.

As stated in the paper, the structuralist and rationalist models need not be in conflict. Both can be construed as a means of dealing with uncertainty. Neither incorporates any reliable means of determining when the degree of defense-in-depth achieved is sufficient. In the final analysis, they both depend on knowledgeable people discussing the risks and uncertainties, and ultimately agreeing on the provisions that must be made in the name of defense-in-depth. The fundamental difference is that the structuralist model accepts defense-in-depth as the fundamental value, while the rationalist model would place defense-in-depth in a subsidiary role.

Adopting a high-level structuralist view and a low-level rationalist view is a pragmatic approach to reconciling defense-in-depth with risk-informed regulation. There can be little doubt, however, that the rationalist model will ultimately provide the strongest theoretical foundation for risk-informed regulation. As more experience has been gained with the application of probabilistic risk assessment (PRA) in the design and regulation of nuclear power plants, when PRA models can adequately treat most of the phenomena of interest, the role of defense-in-depth can and should be changed to one of supporting the risk analyses. This transition will need to be supported by the development of subsidiary principles from which necessary and sufficient criteria could be derived.

To summarize, functional containment is not a new idea. The value of functional containment is scenario-specific; therefore, we need general performance criteria that must be specialized to the scenario spectrum of a specific reactor design.

DISCUSSION The staff paper begins by acknowledging that one of the fundamental safety functions for any nuclear reactor is limiting the release of radioactive materials from the facility. It also points out that it is possible to rely on plant features other than a containment structure to limit the release of radioactive materials - hence the phrase functional containment - a set of barriers that effectively limit the physical transport and release of radioactive materials to the environment.

This is not a new idea, but it is one that allows defining performance criteria based on a wide range of accident scenarios rather than specifying design criteria that may or may not be successful against all such scenarios.

As the paper was developed, the staffs goal changed from one of defining functional containment performance criteria to one of defining a methodology that could be used to develop performance criteria for structures, systems, and components, and corresponding programs to limit the release of radioactive materials from non-LWR designs. The staff seeks Commission approval to continue development of that methodology, and they expect that it would be used as part of the industry-NRC Licensing Modernization Project to set performance criteria for specific non-LWR designs. Functional containment performance criteria then would be developed only on a design-specific basis. to the staff paper explains that the policy issue addressing the retention of fission products using a functional containment was partially resolved in previous Commission decisions. The ultimate objective for protection of public health and safety is defined in

10 CFR Part 100 and the Commissions Safety Goal Policy Statement. What remains is to define appropriate performance criteria for design features serving to limit the release of radioactive materials. The NRC and reactor developers have long recognized the need to resolve this issue. While that has yet to be accomplished, the methodology outlined in is a valuable step in that process. Fully developing the methodology can provide the basis to allow applicants to develop their own functional containment performance criteria.

At this time, the methodology remains a rough description of what will eventually be needed.

We agree with the staff that their bow tie analysis provides a simple diagrammatic way of describing the pathways (scenarios) from causes to consequences, i.e., elements of a risk analysis. Its display of barriers makes the concept clear and allows that sometimes barriers at different points in different pathways could be the same. For high consequence pathways, multiple independent barriers are desired. Of course, the risk analysis will evaluate the effectiveness of barriers and account for any interactions. The details of how the analysis would proceed remain to be specified, but we note that it is nearly impossible to achieve high reliability without some form of redundancy, diversity, and independence. Importantly, the methodology specifies that the analysis must address the state-of-knowledge (epistemic) uncertainties. The requirement for mechanistic source terms means that appropriate source terms will be applied to each scenario analyzed.

The methodology proposes developing an appropriate frequency/consequence curve for evaluating the acceptability of a design, although the details of the curve and its application remain to be worked out. This approach follows those proposed by the modular high temperature gas-cooled reactor application in 1989, the technology-neutral framework of NUREG-1860 of 2007, and the Department of Energy/Idaho National Laboratory Next Generation Nuclear Plant white papers of 2010. Both the modular high temperature gas-cooled reactor developers and NUREG-1860 provided example applications of similar processes to actual designs. In those cases it was necessary to overcome practicalities of applying a conceptual framework to the detailed results of the associated PRAs. Clearly, no single event should exceed the bounds of the curve. The difficulties arise when developing ways to aggregate PRA results into scenario groups that must also meet the criteria. It will be essential to exercise the methodology against a number of actual designs (pilot applications or test cases) to ensure that it is practical to use and that it produces useful and convincing results.

In our letter of March 26, 2018, on principal design criteria for non-LWRs, we noted our sense that having multiple definitions of containment in each set of design criteria in Appendices A, B, and C of draft final Regulatory Guide 1.232 is logically inconsistent. It is the staffs intent to reconcile and integrate the containment sections of the three sets of design criteria, if the Commission approves the functional containment policy. If that occurs, we note that, although developed for non-LWRs, such a technology-inclusive approach for functional containment will likely apply to any design.

We find the methodology proposed by the staff to be worthy of further development. It appears that, if it can be successfully developed, it could provide a rational basis for developing functional containment performance criteria for new designs. Development of these performance criteria is no easy task, and implementing them to ensure sufficient reliability of functional containment may be even more difficult. To be effective and workable, a means must be provided for addressing uncertainties remaining in the calculated results to decide where additional structuralist defense-in-depth barriers or barrier enhancements should be applied.

This process should help reconcile the structuralist and rationalist points of view. Going further, we see no reason why the methodology should not support simple analysis approaches in cases where the consequences can be shown to be small.

Additional comments by ACRS Member Jose March-Leuba are presented below.

Sincerely,

/RA/

Michael L. Corradini Chairman

Additional Comments by ACRS Member Jose March-Leuba These added comments are intended to provide a balanced argument from the point of view of a so called structuralist, and to provide supporting arguments for Recommendation 4 in our letter: A functional containment should include multiple barriers as defense-in-depth features that should be minimally dependent upon each other and diverse in nature.

In short, the value of a risk-informed regulatory decision is only as good as the quality of the underlying risk information. If the risk analysis does not provide an accurate, or at least bounding, value for the risk, the regulatory decision is not sound. Often, a defensible uncertainty value is not provided with the risk analysis and for severe accidents, where the containment function plays a crucial role, one could argue that the risk uncertainty is dominated by event sequences that were not anticipated in the analysis, i.e. uncertainty of omission.

Quantifying this uncertainty is a difficult task.

Historically, safety has been accomplished with a combination of accident prevention and mitigation features. This is represented by the bow tie diagram in the NRC staffs paper. With advanced reactors, which have excellent passive safety characteristics, there is a risk that a future applicant can make an argument that severe accidents are so unlikely that mitigation features (i.e. containment function) are not required or not required to be reliable. Such a decision would not be prudent. Especially in view of the inherent uncertainty of any risk calculation because of omission of unanticipated events.

Thus, we have included Recommendation 4 as a consensus recommendation. These added comments amplify the recommendation as follows:

Regardless of the calculated risk, all functional containment designs must assume that one of the barriers fails. The failure of one barrier must have a very low probability of consequential failure of the remaining barriers, which by themselves can provide compliance with the safety objectives.

REFERENCES

1. U.S. Nuclear Regulatory Commission, Draft SECY Paper, Functional Containment Performance Criteria for Non-Light Water Reactor Designs, March 2018 (ML18031A721).
2. Advisory Committee on Reactor Safeguards, Report on Engineered Safeguards, November 18, 1964.
3. U.S. Nuclear Regulatory Commission, WASH-1400 (NUREG-75/014), Reactor Safety Study: An Assessment of Accident Risks in U.S. Commercial Nuclear Power Plants, October 1975 (ML083570090).
4. Advisory Committee on Reactor Safeguards, The Role of Defense in Depth in a Risk-Informed Regulatory System, May 19, 1999 (ML0912180427).
5. U.S. Nuclear Regulatory Commission, NUREG-1338, Draft Preapplication Safety Evaluation Report for the Modular High-Temperature Gas-Cooled Reactor, March 1989 (ML052780497).
6. U.S. Nuclear Regulatory Commission, NUREG-1860, Feasibility Study for a Risk-Informed and Performance-Based Regulatory Structure for Future Plant Licensing, December 2007 (ML073400763, ML073400800).
7. Idaho National Laboratory, INL/EXT-09-17139, Next Generation Nuclear Plant Defense-in-Depth Approach, December 2009 (ML093480191).
8. Idaho National Laboratory, INL/EXT-10-19521, Next Generation Nuclear Plant Licensing Basis Event Selection White Paper, September 2010 (ML102630246).
9. U.S. Nuclear Regulatory Commission, Regulatory Guide 1.232, Guidance for Developing Principal Design Criteria for Non-Light-Water Reactors, Draft Final, March 2018 (ML18011A659).
10. Idaho National Laboratory, INL/EXT-14-31179, Guidance for Developing Principal Design Criteria for Advanced (Non-Light Water) Reactors, Revision 1, December 2014 (ML14353A246 and ML14353A248).
11. U.S. Nuclear Regulatory Commission, NUREG-0739, An Approach to Quantitative Safety Goals for Nuclear Power Plants, October 1980 (ML12198A239).
12. U.S. Nuclear Regulatory Commission, SECY-93-092, Issues Pertaining to the Advanced Reactor (PRISM, MHTGR, AND PIUS) and CANDU 3 Designs and Their Relationship to Current Regulatory Requirements, April 8, 1993 (ML040210725).
13. U.S. Nuclear Regulatory Commission, SRM-SECY-93-092, Issues Pertaining to the Advanced Reactor (PRISM, MHTGR, AND PIUS) and CANDU 3 Designs and Their Relationship to Current Regulatory Requirements, July 30, 1993 (ML003760774).
14. U.S. Nuclear Regulatory Commission, SECY-03-0047, Policy Issues Related to Licensing Non-Light-Water Reactor Designs, March 28, 2003 (ML030160002).
15. U.S. Nuclear Regulatory Commission, SRM-SECY-03-0047, Policy Issues Related to Licensing Non-Light-Water Reactor Designs, June 26, 2003 (ML031770124).
16. Advisory Committee on Reactor Safeguards, Reactor Safety Research Program, October 12, 1966.
17. Advisory Committee on Reactor Safeguards, ACRS Report on Draft Task Action Plan -

Containment Performance Guidelines - January 4, 1984, March 20, 1984.

18. Advisory Committee on Reactor Safeguards, ACRS Comments Regarding NRC Review of Advanced Reactor Designs, April 16, 1986.
19. Advisory Committee on Reactor Safeguards, Report on Proposed Research to Reduce Source Term Uncertainty, May 13, 1987.
20. Advisory Committee on Reactor Safeguards, Next Generation Nuclear Plant (NGNP) Key Licensing Issues, May 15, 2013 (ML13135A290).
21. Okrent, David. Nuclear Reactor Safety: On the History of the Regulatory Process. Madison:

University of Wisconsin Press, 1981.

22. Kerr, William, Development of Containment Performance Criteria for Light Water Power Reactors, 1989 (ML18106A080).
15. U.S. Nuclear Regulatory Commission, SRM-SECY-03-0047, Policy Issues Related to Licensing Non-Light-Water Reactor Designs, June 26, 2003 (ML031770124).
16. Advisory Committee on Reactor Safeguards, Reactor Safety Research Program, October 12, 1966.
17. Advisory Committee on Reactor Safeguards, ACRS Report on Draft Task Action Plan -

Containment Performance Guidelines - January 4, 1984, March 20, 1984.

18. Advisory Committee on Reactor Safeguards, ACRS Comments Regarding NRC Review of Advanced Reactor Designs, April 16, 1986.
19. Advisory Committee on Reactor Safeguards, Report on Proposed Research to Reduce Source Term Uncertainty, May 13, 1987.
20. Advisory Committee on Reactor Safeguards, Next Generation Nuclear Plant (NGNP)

Key Licensing Issues, May 15, 2013 (ML13135A290).

21. Okrent, David. Nuclear Reactor Safety: On the History of the Regulatory Process.

Madison: University of Wisconsin Press, 1981.

22. Kerr, William, Development of Containment Performance Criteria for Light Water Power Reactors, 1989 (ML18106A080).

Accession No: ML18108A404 Publicly Available Y Sensitive N Viewing Rights: NRC Users or ACRS Only or See Restricted distribution OFFICE ACRS/TSB SUNSI Review ACRS/TSB ACRS ACRS NAME DWidmayer DWidmayer MBanks AVeil MCorradini (AVeil for)

DATE 4/24/2018 4/24/2018 5/10/2018 5/10/2018 5/10/2018 OFFICIAL RECORD COPY

Retrieved from "https://kanterella.com/w/index.php?title=ML18108A404&oldid=1936822"