ML19011A424
| ML19011A424 | |
| Person / Time | |
|---|---|
| Issue date: | 01/16/2019 |
| From: | Office of Nuclear Regulatory Research |
| To: | |
| Nathan Siu 415-0744 | |
| Shared Package | |
| ML19011A416 | List:
|
| References | |
| Download: ML19011A424 (44) | |
Text
NPP PRA Models and Results Lecture 2-2 1
Overview Key Topics
- Lecture focuses on the whats of PRA models; the hows of PRA modeling are addressed in later lectures.
2
Overview Resources
- American Nuclear Society and the Institute of Electrical and Electronics Engineers, PRA Procedures Guide, NUREG/CR-2300, January 1983.
- F.E. Haskin, A.L. Camp, S.A. Hodge, and D.A. Powers, Perspectives on Reactor Safety, NUREG/CR-6042, Revision 2, March 2002.
- U.S. Nuclear Regulatory Commission, Glossary of Risk-Related Terms in Support of Risk-Informed Decisionmaking, NUREG-2122, November 2013. (ADAMS Accession No. ML13311A353) 3
Overview Other References
- International Atomic Energy Agency, Development and Application of Level 1 Probabilistic Safety Assessment for Nuclear Power Plants, IAEA SSG-3, 2010.
- International Atomic Energy Agency, Development and Application of Level 2 Probabilistic Safety Assessment for Nuclear Power Plants, IAEA SSG-4, 2010.
- W.E. Vesely, et al., "Measures of Risk Importance and Their Applications," NUREG/CR-3385,1983.
- N. Siu and D.L. Kelly, On the Use of Importance Measures for Prioritizing Systems, Structures, and Components, Proceedings 5th International Topical Meeting on Nuclear Thermal Hydraulics, Operations, and Safety (NUTHOS-5), Beijing, China, April 14-18, 1997, pp. L.4-1 through L.4-6.
- M. Kazarians and K. Busby, Use of simplified risk assessment methodology in the process industry, Proceedings International Conference Probabilistic Safety Assessment and Management (PSAM 14), Los Angeles, CA, September 16-21, 2018.
- National Fire Protection Association, Guide for the Evaluation of Fire Risk Assessments, 2013 Edition, NFPA 551, 2013.
- National Aeronautics and Space Administration, Organizational Risk and Opportunity Management: Concepts and Processes for NASAs Consideration, NASA/SP-2014-615, November 2016.
4
Overview Other References (cont.)
- U.S. Nuclear Regulatory Commission, Reactor Safety Study: An Assessment of Accident Risks in U.S. Commercial Nuclear Power Plants, WASH-1400, (NUREG-75/014), October 1975.
- B.J. Garrick, Lessons learned from 21 nuclear plant probabilistic risk assessments, Nuclear Technology, 84, No. 3, 319-339(1989).
- U.S. Nuclear Regulatory Commission, Severe Accident Risks: An Assessment for Five U.S. Nuclear Power Plants, NUREG-1150, December 1990.
- U.S. Nuclear Regulatory Commission, Individual Plant Examination Program:
Perspectives on Reactor Safety and Plant Performance, NUREG-1560, December 1997.
- M. R. Hayns, The evolution of probabilistic risk assessment in the nuclear industry, Transactions Institute of Chemical Engineers, 77, Part B, 117-142, May 1999.
- U.S. Nuclear Regulatory Commission, Perspectives Gained from the Individual Plant Examination of External Events (IPEEE) Program, NUREG-1742, April 2002.
5
PRA Model Elements NPP PRA Distinguishing Characteristics Hazards
- Levels
- Level 1 (core/fuel damage)
Initiating
- Level 2 (radioactive release) Level 1 Events
- Level 3 (offsite consequences)
- Hazards Plant Damage
- Internal events (hardware, human, LOOP) States
- Internal hazards (flood, fire, heavy load drops, )
- External hazards (seismic, flood, wind, ) Source Level 2
- Operating Mode Term Groups
- At power
- Low power/shutdown Release
- Sources Categories
- Core Level 3
- Spent fuel pool Offsite
- Other (e.g., dry cask storage) Consequences 6
PRA Model Elements Current Level 1 PRA Model Elements
- Event Trees
- Fault Trees
- Basic Events
- Success Criteria
- Supporting Models
- Data (Evidence)
- Outputs 7
PRA Model Elements Notes
- Dont confuse definition with approach: different modeling approaches can still be PRA
- Object-centric (e.g., event tree/fault tree PRA)
- Process-centric (e.g., dynamic PRA)
- PRA models are models, i.e., representations of reality created for a purpose.
All models are wrong; some are useful.
- G.E.P. Box 8
PRA Model Elements Event Trees
- Inductive logic diagrams (What might happen after event X?)
- Typically defined in terms of safety systems and key operator actions but can also be functionally-oriented
- Typically binary logic; can be multi-valued
- Introduced for computational reasons; still used to conceptualize, organize, and communicate 9
PRA Model Elements Highway Example
- Car A is driving down the highway at a very slow speed.
Car B is a ways back, but closing the gap.
- Car A comes to a sudden stop. What is the risk of collision?
B A 10
PRA Model Elements Highway Example - Functional Event Tree Car A Recognition Stops and Suddenly Decision Stopping success Safe Collision Collision failure Modeling Notes:
- 1) Example considers only one negative consequence (collision).
- 2) Example doesnt treat other mitigative strategies (e.g., avoidance maneuvers).
- 3) This event tree includes Driver Bs action (applying the brakes) in the Stopping top event. The next event tree parses the sequence differently.
11
PRA Model Elements Highway Example - System Event Tree Car A Stops Driver B Car B Car B Suddenly Action Brakes Tires Safe success Collision Collision Collision failure Modeling Notes:
- 1) Example considers only one negative consequence (collision).
- 2) Example doesnt treat other mitigative strategies (e.g., steering).
- 3) Alternative modeling: Driver B action (including detection, situation assessment, and decision making, as well as application of brakes) can be included in the model for top event Car B Brakes.
12
PRA Model Elements NPP Example (simplified)
LOOP Emergency Isolation Actions to Actions to Offsite (Weather- Power Condenser Extend Shed Power EDG Long-Term Related) (EDGs) (IC) IC Ops DC Loads Recovery Recovery Cooling LOOP- EPS ISO EXT DCL OPR DGR LTC WR 1 2 CD 3
4 CD 5
12 hr 6 CD 12 hr 7 CD 8
9 CD 10 8 hr 11 CD 8 hr 12 CD 13 14 CD 15 4 hr 16 CD 4 hr 17 CD 18 19 CD 20 1 hr 21 CD 1 hr 22 CD 13
PRA Model Elements Fault Trees
- Deductive logic diagrams (What can cause event X? How can X happen?) connecting Top Event with basic events
- Binary logic; gates for Boolean operations (OR, AND) Basic
- Voting logic (e.g., 2-out-of-3) gates Event AND OR can be used as shortcuts (implemented with binary logic)
- Binary logic enables algorithms for efficient solution 14
PRA Model Elements Highway Example - Braking System Rear caliper Parking
- 1) Braking system is a Brake cables dual circuit system: Hydraulic line each circuit actuates both front brakes and Brake fluid Brake reservoir one rear brake. rotor Parking brake
- 2) One-out-of-two (1/2) Brake pedal Vacuum booster circuits need to Master cylinder succeed for overall ABS hydraulic unit system success. Front caliper Adapted from: http://www.mye28.com/viewtopic.php?p=1134640 15
PRA Model Elements Car B Brakes Fail Highway Example -
Braking System R & L Circuit Failures ABS Master Brake Brake Fault Tree System Cylinder Pedal Fluid Modeling Notes
- 1) Success = At least one-out-of- Left Circuit Right Circuit Failure Failure two (1/2) circuits
- 2) Vacuum booster neglected -
T1 driver-dependent?
- 3) Hand brake not credited; can be treated as a recovery action Right Rear Right Front Left Front (top event) in event tree. Failure Failure Failure
- 4) Failure of Driver B to take timely action, and failure of Car B tires T2 T3 to function as needed, are treated in separate top events.
RR Brake RR RR Line Caliper Disk 16
PRA Model Elements NPP Emergency Power System Example (simplified)
Testing/Maintenance 17
PRA Model Elements Basic Events
- Level of detail is a modeling decision driven by
- Resolution of available data
- Degree of independence from other basic events Brake Pedal
- Needs of decision problem vs. Failure
- Conventions of application domain Brake
- Need to be clear in defining element boundaries Pedal
- General classes for NPP basic events include:
- Failures on demand (e.g., to start, to change Mechanical Improperly Sticking Foreign position) Failure Adjusted Object
- Failures during operation (e.g., to continue running, to maintain position, to maintain integrity)
- Testing & Maintenance unavailabilities (e.g., due to ongoing service or failure to properly restore after service)
- Human failure events
- Common cause failure events 18
PRA Model Elements Success Criteria
- Define failure (and success) for binary events in logic model
- Provide connection with real-world phenomena; often computed using mechanistic models
- NPP examples
- Number of redundant pumps needed
- Highway example:
B A distance stopping before distance action
- Stopping distance depends on speed, conditions, force applied => continuous range of possibilities => range of time windows for successful action
- Need to choose representative scenario to define Driver B action failure 19
PRA Model Elements Supporting Models
- Uses include:
- Determine success criteria
- Compute basic event probabilities
- Estimate hazard levels
- Examples:
- Time-reliability curves
- Task simulations
- Thermal-hydraulic system models (e.g.,
RELAP, MAAP, MELCOR)
- Fire models (e.g., CFAST, FDS) 20
PRA Model Elements NRC PRA Models and Tools
- SPAR* Models
- SAPHIRE** code 79 operating plant models Idaho National Laboratory (NRC-(event tree/fault tree) sponsored) 4 new reactor plant models Features to support event and condition analysis
- Standardized Plant Analysis Risk **Systems Analysis Programs for Hands-on Integrated Reliability Evaluation 21
PRA Model Elements Other PRA Codes
- CAFTA
- RISKMAN
- Risk Spectrum 22
PRA Model Elements Data (Evidence)
- Decision support application => need to use all available, relevant evidence
- Performance data, e.g.,
- Operational experience
- Tests
- Training simulations
- Model predictions
- Expert judgment
- See Lecture 5-1 OECD-NEA Halden Reactor Project 23
PRA Outputs Outputs Risk {si , Ci , pi }
- Sequences Qualitative
- Cut sets
- Risk metrics
- Point estimates Quantitative
- Uncertainty distributions
- Importance measures 24
PRA Outputs Sequences LOOP Emergency Isolation Actions to Actions to Offsite (Weather- Power Condenser Extend Shed Power EDG Long-Term Related) (EDGs) (IC) IC Ops DC Loads Recovery Recovery Cooling LOOP- EPS ISO EXT DCL OPR DGR LTC WR 1 2 CD 3
4 CD 5
12 hr 6 CD 12 hr 7 CD 8
9 CD 10 8 hr 11 CD 8 hr 12 CD 13 14 CD 15 4 hr 16 CD 4 hr 17 CD 18 19 CD 20 1 hr 21 CD 1 hr 22 CD 25
PRA Outputs Example Sequences (LOOP/SBO)
Core Damage Frequency (/yr)
Simplified Description Rank 5th 50th Mean 95th SBO, battery depletion 1 3.1E-8 3.4E-7 1.6E-6 4.1E-6 SBO, injection fails 5 3.3E-9 4.6E-8 1.9E-7 6.5E-7 SBO, 1 open SRV, battery depletion 6 1.1E-9 2.1E-8 1.3E-7 3.5E-7 SBO, battery depletion 7 1.2E-9 1.7E-8 1.3E-7 3.0E-7 LOOP, 2 open SRVs, LPI fails 9 5.6E-10 1.4E-8 8.7E-8 3.5E-7 LOOP, ATWS, SLC fails 13 4.2E-10 6.7E-9 3.3E-8 1.4E-7 SBO, open SRV, HPI fails 18 1.3E-10 3.3E-9 1.7E-8 6.8E-8 ATWS = anticipated transient without scram EDG = emergency diesel generator HPCI = high pressure coolant injection HPI = high pressure injection LOOP, failure of all EDGs, HPCI LOOP = loss of offsite power LPI = low pressure injection fails late (harsh environment or SBO = station blackout battery depletion)
SLC = standby liquid control SRV = safety relief valve 26
PRA Outputs Cut Sets and Minimal Cut Sets
- Cut Set: set of failures ensuring system failure
- Minimal Cut Set: minimal set of failures ensuring system failure (minimal => if one element is removed, failure of remaining elements no longer ensures system failure)
V Valve (Motor-Operated)
P Pump
- Cut sets: {P}, {V}, {P, V}
- Minimal cut sets: {P}, {V}
27
PRA Outputs Cut Sets: Another Simple Example P1 V P2 If each pump can supply 100% needed flow:
- Cut sets: {P1, P2}, {V}, {P1, P2, V}
- Minimal cut sets: {P1, P2}, {V}
28
PRA Outputs Example Minimal Cut Sets (SBO Sequence 1)
No. Freq. Minimal Cut Set IE-T1
- ESW-XHE-FO-EHS
- ACP-DGN-FR-EDGC
- L0SPNR1GHR
- ACP-DGN-FR-1 7.3079E-08 EDGB
- DGHWNR12HR 2 5.6465E-08 IE-T1
- ESW-AOV-CC-CCF
- BETA-3AOVS
- L0SPNR13HR 3 3.6972E-08 IE-T1
- L0SPNR13HR
- EHV-AOV-CC-CCF
- BETA-6AOVS IE-T1
- ESW-XHE-FO-EHS
- ACP-DGN-FR-EDGC
- L0SPNR18HR
- DGMANR12HR
- 4 1.9931E-08 ACP-DGN-MA-EDGB 1.9931E-08 IE-T1
- ESW-XHE-FO-EHS
- L0SPNR18HR
- ACP-DGN-FR-EDGB
- DGMANR12HR
- 5 ICP-DGN-MA-EDGC 6 1.6021E-08 IE-T1
- L0SPNR13HR
- ACP-DGN-LP-CCF
- BETA-4DGNS
- DGCCFNR12HR 7 1.5225E-08 IE-T1
- ACP-DGN-FR-EDGC
- L0SPNR18HR
- DGHWNR12HR
- ESW-CKV-CB-C515B 8 1.5225E-08 IE-T1
- ESW-CKV-CB-C515A
- L0SPNR18HR
- ACP-DGN-FR-EDG8
- DGHWNR12HR IE-T1
- ESW-XHE-FO-EHS
- ACP-DGN-FR-EDGC
- L0SPNR18HR
- DGHWNR12HR
- 9 1.4159E-08 ESW-PTF-RE-DGB IE-T1
- ESW-XHE-FO-EHS
- LOSPNR1GHR
- ACP-DGN-FR-EDGB
- DGHWNR12HR
- 10 1.4159E-08 EGW-PTF-RE-DGC Available from: https://prod.sandia.gov/techlib-noauth/access-control.cgi/1986/862084-4-1-2.pdf 29
PRA Outputs Risk Contributors SAMA License Extension NFPA 805 Risk-Informed License Amendment 30
PRA Outputs CDF Uncertainties - Historical Studies 31
PRA Outputs Recent Results: CDF and LERF 0.35 0.30 CDF LERF 0.25 Fraction 0.20 0.15 0.10 0.05 0.00 10-8 10-7 10-6 10-5 10-4 10-3 Frequency (/ry) 32
PRA Outputs Recent and Past CDFs 0.40 0.35 Recent IPE/IPEEE 0.30 0.25 Fraction 0.20 0.15 0.10 0.05 0.00 10-8 10-7 10-6 10-5 10-4 10-3 Frequency (/ry) 33
PRA Outputs CDFs: BWR vs PWR All Initiators Internal Events 0.35 0.35 0.30 0.30 BWR BWR PWR PWR 0.25 0.25 Fraction 0.20 0.20 0.15 0.15 0.10 0.10 0.05 0.05 0.00 0.00 10-6 10-5 10-4 10-3 10-6 10-5 10-4 10-3 Frequency (/ry) Frequency (/ry) 34
PRA Outputs CDF Contributors - LOOP 10-3 10-4 LOOP CDF (/ry) 10-5 10-6 10-7 10-7 10-6 10-5 10-4 10-3 Internal Events CDF (/ry) 35
PRA Outputs Some Importance Measures*
- Commonly used
- Risk Achievement Worth (RAW) and Risk Increase Ratio (RIR): measures of how large a risk metric can be if a specified element is failed
- Fussell-Vesely (FV) importance: degree of contribution of a specified element to the risk metric of interest
- Others
- Risk Reduction Worth (RRW) and Risk Reduction Ratio (RRR): measures of how small a risk metric can be if a specified element is successful
- Birnbaum: maximum effect of changes in a specified elements performance
- Uncertainty Importance: effect of uncertainty in a specified element on the overall uncertainty
- Formal definitions are provided in Lecture 3-2.
36
PRA Outputs Relationship Between Birnbaum and F-V
- F-V and RAW (or equivalently, Birnbaum) provide different views on importance N. Siu and D.L. Kelly, On the use of importance measures for prioritizing systems, structures, and components, Proc 5th Intl Topical Meeting Nuclear Thermal Hydraulics, Operations, and Safety (NUTHOS-5), Beijing, China, April 14-18, 1997, pp. L.4-1 through L.4-6.
37
PRA Outputs Example Importance Measure Results No. Event Description Prob. RAW 1 RPSM Reactor Protection System (mechanical) 1.00E-05 1.90E-01 2 ESF-XHE-MC-PRES Pressure sensor miscalibration 5.32E-04 8.28E-04 3 DCP-BAT-LF-CCF CCF of batteries 9.00E-04 2.16E-04 4 P2 Two SRVs fail to close 2.00E-03 1.17E-04 5 ESW-AOV-CC-CCF CCF of AOVs for EDG jacket cooling 1.00E-03 9.74E-05 6 BETA-5BAT Beta factor, CCF of at least 5 batteries 2.50E-03 7.77E-05 7 EHV-AOV-CC-CCF CCF of AOVs for EDG room cooling 1.00E-03 6.34E-04 8 ESW-CKV-HW-CV513 ESW check valve fails to open 1.00E-04 4.25E-05 9 ESW-CKV-CB-C515B ESW check valve fails 3.00E-03 4.14E-05 10 ESW-CKV-CB-C515A ESW check valve fails 3.00E-03 4.14E-05 38
PRA Outputs Some Level 2 Outputs Conditional Containment Failure Probability (CCFP):
Early Failure NUREG-2201 Large Early Release Frequency (LERF)
NUREG-1150 39
PRA Outputs Some Level 3 Outputs (WASH-1400)*
Early Fatality Risk Latent Cancer Fatality Risk Land Contamination Risk
- Notes
- Complementary cumulative distribution function (CCDF): > =
- Results are provided only to illustrate types of outputs. Actual outputs are accompanied by important qualifiers (e.g., level of uncertainty) omitted from this slide.
40
PRA Outputs Example Comparison of Level 3 Outputs 41
Positive Characteristics of PRA*
- Useful properties for decision support
- Top-down
- Engineering oriented
- Integrated
- Systematic
- Sufficiently realistic
- Supportive of what-if
- Openness
- Has led to actual improvements (see Lecture 8-1)
- See Lecture 2-3 for a discussion of criticisms 42
PRA Model Elements Comment - Alternate Approaches
- Alternate risk assessment approaches are widespread in other industries (e.g., chemical process industry).
- Example: Layers of Protection Analysis (LOPA)*
- Intended to reduce inconsistency in qualitative assessments without requiring resources of Quantitative Risk Assessment (QRA)
- Aimed at estimating risk (order-of-magnitude frequencies, qualitative consequences) and assessing adequacy of protection layers
- Adequacy assessed using a qualitative risk matrix
- Risk matrices also used in many other industries (see, for example, NFPA 551 and NASA/SP-2014-615.
- See M. Kazarians and K. Busby, Use of simplified risk assessment methodology in the process industry, Proceedings International Conference Probabilistic Safety Assessment and Management (PSAM 14), Los Angeles, CA, September 16-21, 2018.
43
PRA Model Elements Example Risk Matrix (LOPA)
Likelihood Class 5 (10-5/yr) 4 (10-4/yr) 3 (10-3/yr) 2 (10-2/yr) 1 (10-1/yr)
A Marginal Undesirable Undesirable Critical Critical Severity Class B Marginal Marginal Undesirable Undesirable Critical C No Action Marginal Marginal Undesirable Undesirable D No Action No Action Marginal Marginal Undesirable E No Action No Action No Action Marginal Marginal Adapted from M. Kazarians and K. Busby, Use of simplified risk assessment methodology in the process industry, Proceedings International Conference Probabilistic Safety Assessment and Management (PSAM 14), Los Angeles, CA, September 16-21, 2018. 44