ML19011A424
| ML19011A424 | |
| Person / Time | |
|---|---|
| Issue date: | 01/16/2019 |
| From: | Office of Nuclear Regulatory Research |
| To: | |
| Nathan Siu 415-0744 | |
| Shared Package | |
| ML19011A416 | List:
|
| References | |
| Download: ML19011A424 (44) | |
Text
NPP PRA Models and Results Lecture 2-2 1
Key Topics
Overview
- Lecture focuses on the whats of PRA models; the hows of PRA modeling are addressed in later lectures.
Resources American Nuclear Society and the Institute of Electrical and Electronics Engineers, PRA Procedures Guide, NUREG/CR-2300, January 1983.
F.E. Haskin, A.L. Camp, S.A. Hodge, and D.A. Powers, Perspectives on Reactor Safety, NUREG/CR-6042, Revision 2, March 2002.
U.S. Nuclear Regulatory Commission, Glossary of Risk-Related Terms in Support of Risk-Informed Decisionmaking, NUREG-2122, November 2013. (ADAMS Accession No. ML13311A353) 3 Overview
Other References International Atomic Energy Agency, Development and Application of Level 1 Probabilistic Safety Assessment for Nuclear Power Plants, IAEA SSG-3, 2010.
International Atomic Energy Agency, Development and Application of Level 2 Probabilistic Safety Assessment for Nuclear Power Plants, IAEA SSG-4, 2010.
W.E. Vesely, et al., "Measures of Risk Importance and Their Applications," NUREG/CR-3385,1983.
N. Siu and D.L. Kelly, On the Use of Importance Measures for Prioritizing Systems, Structures, and Components, Proceedings 5th International Topical Meeting on Nuclear Thermal Hydraulics, Operations, and Safety (NUTHOS-5), Beijing, China, April 14-18, 1997, pp. L.4-1 through L.4-6.
M. Kazarians and K. Busby, Use of simplified risk assessment methodology in the process industry, Proceedings International Conference Probabilistic Safety Assessment and Management (PSAM 14), Los Angeles, CA, September 16-21, 2018.
National Fire Protection Association, Guide for the Evaluation of Fire Risk Assessments, 2013 Edition, NFPA 551, 2013.
National Aeronautics and Space Administration, Organizational Risk and Opportunity Management: Concepts and Processes for NASAs Consideration, NASA/SP-2014-615, November 2016.
4 Overview
Other References (cont.)
U.S. Nuclear Regulatory Commission, Reactor Safety Study: An Assessment of Accident Risks in U.S. Commercial Nuclear Power Plants, WASH-1400, (NUREG-75/014), October 1975.
B.J. Garrick, Lessons learned from 21 nuclear plant probabilistic risk assessments, Nuclear Technology, 84, No. 3, 319-339(1989).
U.S. Nuclear Regulatory Commission, Severe Accident Risks: An Assessment for Five U.S. Nuclear Power Plants, NUREG-1150, December 1990.
U.S. Nuclear Regulatory Commission, Individual Plant Examination Program:
Perspectives on Reactor Safety and Plant Performance, NUREG-1560, December 1997.
M. R. Hayns, The evolution of probabilistic risk assessment in the nuclear industry, Transactions Institute of Chemical Engineers, 77, Part B, 117-142, May 1999.
U.S. Nuclear Regulatory Commission, Perspectives Gained from the Individual Plant Examination of External Events (IPEEE) Program, NUREG-1742, April 2002.
5 Overview
NPP PRA Distinguishing Characteristics Levels
- Level 1 (core/fuel damage)
- Level 2 (radioactive release)
- Level 3 (offsite consequences)
Hazards
- Internal events (hardware, human, LOOP)
- Internal hazards (flood, fire, heavy load drops, )
- External hazards (seismic, flood, wind, )
Operating Mode
- At power
- Low power/shutdown Sources
- Core
- Spent fuel pool
- Other (e.g., dry cask storage) 6 Hazards Initiating Events Plant Damage States Source Term Groups Release Categories Offsite Consequences Level 1 Level 2 Level 3 PRA Model Elements
Current Level 1 PRA Model Elements
- Event Trees
- Fault Trees
- Basic Events
- Success Criteria
- Supporting Models
- Data (Evidence)
- Outputs 7
PRA Model Elements
Notes
- Dont confuse definition with approach: different modeling approaches can still be PRA
- Object-centric (e.g., event tree/fault tree PRA)
- Process-centric (e.g., dynamic PRA)
- PRA models are models, i.e., representations of reality created for a purpose.
8 All models are wrong; some are useful.
- G.E.P. Box PRA Model Elements
Event Trees
- Inductive logic diagrams (What might happen after event X?)
- Typically defined in terms of safety systems and key operator actions but can also be functionally-oriented
- Typically binary logic; can be multi-valued
- Introduced for computational reasons; still used to conceptualize, organize, and communicate 9
PRA Model Elements
Highway Example
- Car A is driving down the highway at a very slow speed.
Car B is a ways back, but closing the gap.
- Car A comes to a sudden stop. What is the risk of collision?
10 PRA Model Elements A
B
Highway Example - Functional Event Tree 11 Car A Stops Suddenly Recognition and Decision Stopping Safe Collision Collision success failure PRA Model Elements Modeling Notes:
1)
Example considers only one negative consequence (collision).
2)
Example doesnt treat other mitigative strategies (e.g., avoidance maneuvers).
3)
This event tree includes Driver Bs action (applying the brakes) in the Stopping top event. The next event tree parses the sequence differently.
Highway Example - System Event Tree 12 Car A Stops Suddenly Driver B Action Car B Brakes Car B Tires Safe Collision Collision Collision success failure PRA Model Elements Modeling Notes:
1)
Example considers only one negative consequence (collision).
2)
Example doesnt treat other mitigative strategies (e.g., steering).
3)
Alternative modeling: Driver B action (including detection, situation assessment, and decision making, as well as application of brakes) can be included in the model for top event Car B Brakes.
NPP Example (simplified) 13 LOOP-WR EPS ISO EXT DCL OPR DGR LTC LOOP (Weather-Related)
Emergency Power (EDGs)
Isolation Condenser (IC)
Actions to Extend IC Ops Actions to Shed DC Loads Offsite Power Recovery EDG Recovery Long-Term Cooling 1 hr 1 hr 4 hr 4 hr 8 hr 8 hr 12 hr 12 hr CD CD CD CD CD CD CD CD CD CD CD CD CD 1
2 3
4 5
6 7
8 9
10 11 12 13 14 15 16 17 18 19 20 21 22 PRA Model Elements
Fault Trees
- Deductive logic diagrams (What can cause event X? How can X happen?) connecting Top Event with basic events
- Binary logic; gates for Boolean operations (OR, AND)
- Voting logic (e.g., 2-out-of-3) gates can be used as shortcuts (implemented with binary logic)
Highway Example - Braking System
- 1) Braking system is a dual circuit system:
each circuit actuates both front brakes and one rear brake.
- 2) One-out-of-two (1/2) circuits need to succeed for overall system success.
15 Adapted from: http://www.mye28.com/viewtopic.php?p=1134640 Brake rotor Front caliper Master cylinder ABS hydraulic unit Hydraulic line Brake fluid reservoir Vacuum booster Brake pedal Parking Brake cables Parking brake Rear caliper PRA Model Elements
Highway Example -
Braking System Fault Tree 16 Modeling Notes 1)
Success = At least one-out-of-two (1/2) circuits 2)
Vacuum booster neglected -
driver-dependent?
3)
Hand brake not credited; can be treated as a recovery action (top event) in event tree.
4)
Failure of Driver B to take timely action, and failure of Car B tires to function as needed, are treated in separate top events.
PRA Model Elements Car B Brakes Fail Brake Pedal Master Cylinder R & L Circuit Failures ABS System Right Rear Failure RR Caliper RR Disk RR Brake Line Right Front Failure Left Front Failure Right Circuit Failure Left Circuit Failure T1 T2 T3 Brake Fluid
NPP Emergency Power System Example (simplified) 17 PRA Model Elements Testing/Maintenance
Basic Events Level of detail is a modeling decision driven by Resolution of available data Degree of independence from other basic events Needs of decision problem Conventions of application domain Need to be clear in defining element boundaries General classes for NPP basic events include:
Initiating events Failures on demand (e.g., to start, to change position)
Failures during operation (e.g., to continue running, to maintain position, to maintain integrity)
Testing & Maintenance unavailabilities (e.g., due to ongoing service or failure to properly restore after service)
Human failure events Common cause failure events 18 PRA Model Elements Brake Pedal vs.
Brake Pedal Failure Improperly Adjusted Foreign Object Mechanical Failure
Sticking
Success Criteria Define failure (and success) for binary events in logic model Provide connection with real-world phenomena; often computed using mechanistic models NPP examples Mission times Number of redundant pumps needed Highway example:
Stopping distance depends on speed, conditions, force applied => continuous range of possibilities => range of time windows for successful action Need to choose representative scenario to define Driver B action failure 19 PRA Model Elements stopping distance distance before action A
B
Supporting Models
- Uses include:
- Determine success criteria
- Compute basic event probabilities
- Estimate hazard levels
- Examples:
- Time-reliability curves
- Task simulations
- Thermal-hydraulic system models (e.g.,
RELAP, MAAP, MELCOR)
- Fire models (e.g., CFAST, FDS) 20 PRA Model Elements
NRC PRA Models and Tools SPAR* Models
79 operating plant models (event tree/fault tree)
4 new reactor plant models SAPHIRE** code
Idaho National Laboratory (NRC-sponsored)
Features to support event and condition analysis 21
- Standardized Plant Analysis Risk
- Systems Analysis Programs for Hands-on Integrated Reliability Evaluation PRA Model Elements
Other PRA Codes
- CAFTA
- RISKMAN
- Risk Spectrum 22 PRA Model Elements
Data (Evidence)
- Decision support application => need to use all available, relevant evidence
- Performance data, e.g.,
- Operational experience
- Tests
- Training simulations
- Model predictions
- Expert judgment
- See Lecture 5-1 23 PRA Model Elements OECD-NEA Halden Reactor Project
Outputs
- Sequences
- Cut sets
- Risk metrics
- Point estimates
- Uncertainty distributions
- Importance measures 24 Qualitative Quantitative PRA Outputs Risk {si, Ci, pi }
Sequences 25 LOOP-WR EPS ISO EXT DCL OPR DGR LTC LOOP (Weather-Related)
Emergency Power (EDGs)
Isolation Condenser (IC)
Actions to Extend IC Ops Actions to Shed DC Loads Offsite Power Recovery EDG Recovery Long-Term Cooling 1 hr 1 hr 4 hr 4 hr 8 hr 8 hr 12 hr 12 hr CD CD CD CD CD CD CD CD CD CD CD CD CD 1
2 3
4 5
6 7
8 9
10 11 12 13 14 15 16 17 18 19 20 21 22 PRA Outputs
Example Sequences (LOOP/SBO)
Core Damage Frequency (/yr)
Simplified Description Rank 5th 50th Mean 95th SBO, battery depletion 1
3.1E-8 3.4E-7 1.6E-6 4.1E-6 SBO, injection fails 5
3.3E-9 4.6E-8 1.9E-7 6.5E-7 SBO, 1 open SRV, battery depletion 6
1.1E-9 2.1E-8 1.3E-7 3.5E-7 SBO, battery depletion 7
1.2E-9 1.7E-8 1.3E-7 3.0E-7 LOOP, 2 open SRVs, LPI fails 9
5.6E-10 1.4E-8 8.7E-8 3.5E-7 LOOP, ATWS, SLC fails 13 4.2E-10 6.7E-9 3.3E-8 1.4E-7 SBO, open SRV, HPI fails 18 1.3E-10 3.3E-9 1.7E-8 6.8E-8 26 PRA Outputs ATWS = anticipated transient without scram EDG = emergency diesel generator HPCI = high pressure coolant injection HPI = high pressure injection LOOP = loss of offsite power LPI = low pressure injection SBO = station blackout SLC = standby liquid control SRV = safety relief valve LOOP, failure of all EDGs, HPCI fails late (harsh environment or battery depletion)
Cut Sets and Minimal Cut Sets Cut Set: set of failures ensuring system failure Minimal Cut Set: minimal set of failures ensuring system failure (minimal => if one element is removed, failure of remaining elements no longer ensures system failure) 27 PRA Outputs Cut sets: {P}, {V}, {P, V}
Minimal cut sets: {P}, {V}
P V
Valve (Motor-Operated)
Pump
Cut Sets: Another Simple Example 28 P1 P2 V
PRA Outputs If each pump can supply 100% needed flow:
- Cut sets: {P1, P2}, {V}, {P1, P2, V}
- Minimal cut sets: {P1, P2}, {V}
Example Minimal Cut Sets (SBO Sequence 1)
No.
Freq.
Minimal Cut Set 1
7.3079E-08 IE-T1
- ESW-XHE-FO-EHS
- ACP-DGN-FR-EDGC
- L0SPNR1GHR
- ACP-DGN-FR-EDGB
- DGHWNR12HR 2
5.6465E-08 IE-T1
- ESW-AOV-CC-CCF
- BETA-3AOVS
- L0SPNR13HR 3
3.6972E-08 IE-T1
- L0SPNR13HR
- EHV-AOV-CC-CCF
- BETA-6AOVS 4
1.9931E-08 IE-T1
- ESW-XHE-FO-EHS
- ACP-DGN-FR-EDGC
- L0SPNR18HR
- DGMANR12HR
- ACP-DGN-MA-EDGB 5
1.9931E-08 IE-T1
- ESW-XHE-FO-EHS
- L0SPNR18HR
- ACP-DGN-FR-EDGB
- DGMANR12HR
- ICP-DGN-MA-EDGC 6
1.6021E-08 IE-T1
- L0SPNR13HR
- ACP-DGN-LP-CCF
- BETA-4DGNS
- DGCCFNR12HR 7
1.5225E-08 IE-T1
- ACP-DGN-FR-EDGC
- L0SPNR18HR
- DGHWNR12HR
- ESW-CKV-CB-C515B 8
1.5225E-08 IE-T1
- ESW-CKV-CB-C515A
- L0SPNR18HR
- ACP-DGN-FR-EDG8
- DGHWNR12HR 9
1.4159E-08 IE-T1
- ESW-XHE-FO-EHS
- ACP-DGN-FR-EDGC
- L0SPNR18HR
- DGHWNR12HR
- ESW-PTF-RE-DGB 10 1.4159E-08 IE-T1
- ESW-XHE-FO-EHS
- LOSPNR1GHR
- ACP-DGN-FR-EDGB
- DGHWNR12HR
- EGW-PTF-RE-DGC 29 PRA Outputs Available from: https://prod.sandia.gov/techlib-noauth/access-control.cgi/1986/862084-4-1-2.pdf
Risk Contributors 30 PRA Outputs SAMA License Extension NFPA 805 Risk-Informed License Amendment
CDF Uncertainties - Historical Studies 31 PRA Outputs
Recent Results: CDF and LERF 32 PRA Outputs 0.00 0.05 0.10 0.15 0.20 0.25 0.30 0.35 10-8 10-7 10-6 10-5 10-4 10-3 Fraction Frequency (/ry)
Recent and Past CDFs 33 PRA Outputs 0.00 0.05 0.10 0.15 0.20 0.25 0.30 0.35 0.40 10-8 10-7 10-6 10-5 10-4 10-3 Fraction Frequency (/ry)
Recent IPE/IPEEE
CDFs: BWR vs PWR 34 0.00 0.05 0.10 0.15 0.20 0.25 0.30 0.35 Fraction 10-6 10-5 10-4 10-3 Frequency (/ry)
All Initiators BWR PWR 0.00 0.05 0.10 0.15 0.20 0.25 0.30 0.35 10-6 10-5 10-4 10-3 Frequency (/ry)
Internal Events BWR PWR PRA Outputs
CDF Contributors - LOOP 35 PRA Outputs 10-7 10-5 10-4 10-3 10-6 10-7 10-5 10-4 10-3 10-6 Internal Events CDF (/ry)
Some Importance Measures*
Commonly used
- Risk Achievement Worth (RAW) and Risk Increase Ratio (RIR): measures of how large a risk metric can be if a specified element is failed
- Fussell-Vesely (FV) importance: degree of contribution of a specified element to the risk metric of interest Others
- Risk Reduction Worth (RRW) and Risk Reduction Ratio (RRR): measures of how small a risk metric can be if a specified element is successful
- Birnbaum: maximum effect of changes in a specified elements performance
- Uncertainty Importance: effect of uncertainty in a specified element on the overall uncertainty 36
- Formal definitions are provided in Lecture 3-2.
PRA Outputs
Relationship Between Birnbaum and F-V
- F-V and RAW (or equivalently, Birnbaum) provide different views on importance 37 PRA Outputs N. Siu and D.L. Kelly, On the use of importance measures for prioritizing systems, structures, and components, Proc 5th Intl Topical Meeting Nuclear Thermal Hydraulics, Operations, and Safety (NUTHOS-5), Beijing, China, April 14-18, 1997, pp. L.4-1 through L.4-6.
Example Importance Measure Results No.
Event Description Prob.
RAW 1
RPSM Reactor Protection System (mechanical) 1.00E-05 1.90E-01 2
ESF-XHE-MC-PRES Pressure sensor miscalibration 5.32E-04 8.28E-04 3
DCP-BAT-LF-CCF CCF of batteries 9.00E-04 2.16E-04 4
P2 Two SRVs fail to close 2.00E-03 1.17E-04 5
ESW-AOV-CC-CCF CCF of AOVs for EDG jacket cooling 1.00E-03 9.74E-05 6
BETA-5BAT Beta factor, CCF of at least 5 batteries 2.50E-03 7.77E-05 7
EHV-AOV-CC-CCF CCF of AOVs for EDG room cooling 1.00E-03 6.34E-04 8
ESW-CKV-HW-CV513 ESW check valve fails to open 1.00E-04 4.25E-05 9
ESW-CKV-CB-C515B ESW check valve fails 3.00E-03 4.14E-05 10 ESW-CKV-CB-C515A ESW check valve fails 3.00E-03 4.14E-05 38 PRA Outputs
Some Level 2 Outputs 39 PRA Outputs NUREG-2201 Large Early Release Frequency (LERF)
NUREG-1150 Conditional Containment Failure Probability (CCFP):
Early Failure
Some Level 3 Outputs (WASH-1400)*
- Notes Complementary cumulative distribution function (CCDF):
Results are provided only to illustrate types of outputs. Actual outputs are accompanied by important qualifiers (e.g., level of uncertainty) omitted from this slide.
40 PRA Outputs Early Fatality Risk Latent Cancer Fatality Risk Land Contamination Risk
> =
Example Comparison of Level 3 Outputs 41 PRA Outputs
Positive Characteristics of PRA*
- Useful properties for decision support
- Top-down
- Engineering oriented
- Integrated
- Systematic
- Sufficiently realistic
- Supportive of what-if
- Openness
- Has led to actual improvements (see Lecture 8-1) 42
- See Lecture 2-3 for a discussion of criticisms
Comment - Alternate Approaches
- Alternate risk assessment approaches are widespread in other industries (e.g., chemical process industry).
- Example: Layers of Protection Analysis (LOPA)*
- Intended to reduce inconsistency in qualitative assessments without requiring resources of Quantitative Risk Assessment (QRA)
- Aimed at estimating risk (order-of-magnitude frequencies, qualitative consequences) and assessing adequacy of protection layers
- Adequacy assessed using a qualitative risk matrix Risk matrices also used in many other industries (see, for example, NFPA 551 and NASA/SP-2014-615.
43
- See M. Kazarians and K. Busby, Use of simplified risk assessment methodology in the process industry, Proceedings International Conference Probabilistic Safety Assessment and Management (PSAM 14), Los Angeles, CA, September 16-21, 2018.
PRA Model Elements
Example Risk Matrix (LOPA) 44 Likelihood Class 5 (10-5/yr) 4 (10-4/yr) 3 (10-3/yr) 2 (10-2/yr) 1 (10-1/yr)
Severity Class A
Marginal Undesirable Undesirable Critical Critical B
Marginal Marginal Undesirable Undesirable Critical C
No Action Marginal Marginal Undesirable Undesirable D
No Action No Action Marginal Marginal Undesirable E
No Action No Action No Action Marginal Marginal Adapted from M. Kazarians and K. Busby, Use of simplified risk assessment methodology in the process industry, Proceedings International Conference Probabilistic Safety Assessment and Management (PSAM 14), Los Angeles, CA, September 16-21, 2018.
PRA Model Elements