ML20127A981
| ML20127A981 | |
| Person / Time | |
|---|---|
| Issue date: | 01/11/1989 |
| From: | Harold Denton NRC OFFICE OF GOVERNMENTAL & PUBLIC AFFAIRS (GPA) |
| To: | |
| Shared Package | |
| ML20127A984 | List: |
| References | |
| FOIA-96-528 SECY-89-004, SECY-89-004-R, SECY-89-4, SECY-89-4-R, NUDOCS 8901260228 | |
| Download: ML20127A981 (84) | |
Text
-
g'
?
fr W
n.m 8
5 l
/
W
(
%,..... $,e, T Li POLICY ISSUE January 11, 1989 sscy_e9_oo4 N
J (Information)
For:
The Comissioners
, g.f From:
Harold R. Denton, Director Office of Governmental and Public Affairs
Subject:
TRANSMITTAL OF REPORT ON THE SAFETY REVIEW 0F NUCLEAR POWER PLANTS IN THE FEDERAL REPUBLIC OF GERMANY
Purpose:
To inform the Comissioners of a report by the Reactor Safety Comission on the results of their two-year safety review of all the nuclear power plants in operation or under construction in the Federal Republic of Germany.
Discussion:
This review was requested by the Federal Minister of the Interior ("BMI") in June 1986 and later confirmed by the Minister for the Environment, Nature Conservation and Nuclear Safety ("BMU").
A sumary of results begins on page 7, some highlights of which include the following:
o Safety Concept:
Because large-scale engineered facilities cannot be operated entirely troublefree in spite of high quality design, manufacture, and construction, the concept of safety at several levels is needed. This includes 1) quality design and manufacture as well as good plant management, 2) use i
of control and limitation equipment to maintain the plantwithindesignlimitswhenmalfunctionsoccur,3) lant design to withstand design basis accidents p(DBA), and 4) establishment of accident management measures.
o Safety-Review: Plants did not reveal any deficiencies which would require imediate action.
Backfits have brought older plants up to current levels of safety.
Accident management measures, some of which need to be implemented, have increased flexibility to control events far beyond the spectrum of DBAs. General safety assessments for plants should be done every ten years.
Contact:
E. Hayden GPA 2
2 hh
- y
. _ _ _ _ ~ _...
+
r c
~
' 2.
F i
o Operatins Safety: The RSK reports that LWRs in the Federal Eepublic of Germany had an average availability of about 87% from 1985 to 1987. At an international level, this is a.high percentage.
Fluctuations were moderate and scrams showed a downward trend. Average radiation exposures were low (less.than 4 person-Sv per unit and year) and discharge of radioactive substances during normal cperation were well below approved limits.
Two related areas of. the report that may be of particular interest to you are the discussions on Unusual Events (page 13) and Procedure for the Evaluation
- o_f Safety-Related Operating Experience (page 15).
' According to the report, all plants evaluate safety-related operating experience obtained from the' plant in question, other plants in the FRG, and foreign plants reported through bilateral agreement information and the incident reports from such organizations as the Nuclear Energy Agency, International Atomic Energy Agency, and the Institute of Nuclear Power Operations. Coordination and active participation of all plant personnel in the evaluation is an important part of the feedback process. =The evaluation of operating experience by the supervisory authorities (similar to the NRC) and the Technical Supervisory Inspectorates (TUV) guarantees an independent review of the subsequent corrective measures of the licensees.
Additionally, the RSK found that none of the events involved a danger to the population, the environment or plant personnel as a rescit of the release of radioactive substances. More specifically, the majority cf events did not have any impact on power operation, safety systems were reqaired. in only a small number of events and operated as designed, and less than one percent of
-the events involved an increased discharge of radioactive substances which in no case exceeded the annual limit ap roved for normal operation.
It is interesting that although the report discussed significant events which occurred at all plants, it does not mention the notable events at Biblis and Stade nuclear power plants that wer? recently publicized.
l k
Harold R. Denton, Director Office of Governmental and Public Affairs
Enclosure:
As stated DISS i3DTION:
Cor e ',oners EDO O'
ACRS 0;-
ACNW GPL ASLBP REGIONAL OFFICES ASLAP SECY~
~,, _
1g 9
~
'~
nasanWhaft tGr Reaktorsicherheit(GRS)mbH 29 JA:13
- f. 8 : " 3 sereichGo.chaft teiion RSK-Geschaftsstelle GRS-Bereich Gescnettsstellen Postfach 1016 50 5000 Koln 1 Schwertnergasse 1
~
Dr. Harold R. Denton 5000 K61n 1 Director, Office of Governmental and Public Affairs US Nuclear Regulatory Commission Washington, D.C. 20555 Telefon(0221)2068 0 U.S.A.
Teletex 2214123 grs d TelefaxNr.2068 442 2
ihr Zeichen Ihr Schreiben Unser Zeichen Tel.-DurchwaN Datum (02 2n 2068329
- 19. Dezember 1988 RSK / A.11 tl Jas/ hot 4
Dear Dr. Denton,
the Reactor Safety Commission (RSK) has completed the safety review of all nuclear power plants in the Federal Republic of Germany, which was initiated in 1986.
The results of the safety review and the final report have been published few days ago by the Federal Minister for the Environment, Nature Conservation and Reactor Safety (BMU).
)
l On behalf of the RSK chairman Prof. Dr. Birkhofer and the BMU l am sending for your information one copy of the final report. An english translation of the report is also enclosed.
Sincerely 7ou1
~
i y yf.A w w 'sW '
2
- Armin Jahns -
Executive Secretary,j Reactor Safety Commission enclosure vorstzender oss Aufacntsrate
'JN Qomens Strootmann Geschaftsuver Prof. Dr. Aeon arttdor. Garett Hennenheter s==cor Sitt Kom, Hrdensregater Kom HRB 7665
Geschaftsstelle der Residor-Sicherheitskommission Final Report Results of the Safety Review of Nuclear Power Plants in the Federal Republic of Germany by the RSK Recommendation by the Reactor Safety animission (RSK)
November 23, 1988 4
1
,1 l
i This is a translation of german original. In case of discrepancies the german text shall prevail.
n.m
~.
'2 Contents
]
i A. Objectives, Procedure and Summary of Results j
1.
Advisory assignment 2.
Procedure 3.
Summary of results
.B. Results of the Safety Review of Light Water Reactors B. l.
Generic results 1.
Proven service record j
1.1 Operating safety 1.2 Reliability of safety-related components 1.3 Discharge 'of radioactive substances during normal operation and occupational radiation exposure
-1.4 Unusual events I
1.5 Procedure for the evaluation of safety-related operating experience 2.
Operating and incident instructions, training issues of the plant personnel i
2.1 Operating and incident instructions in the operating manual 2.2 Simulator training 3.
Information in the control room 4.
Quality of press'ure-retaining components and systems t'
including containment and pressure suppression system 4.1 Quality status 4.2 Maintenance of the quality of components and systems during operation 4
5.
Safety systems 5.1 Electric power supply.
5.2 Instrumentation and control equipment of the
+
safety system 5.3 Incident resistance of electrical equipment 5.4 Reactor scram system 5.5
, Heat removal systems 5.6 Exhaust air system 5.7 Individual issues 5.7.1 Interface between high-pressure and low-pressure systems 5.7.2 Protection of safety equipment against flooding 5.7.3 Design of pipes inside the annulus 5.7.4 Containment penetrations J
5.7.5 Design of the reactor building crane 5.7.6 Mode of operation during steam generator heating
~
tube failure 3
t N
~.
s 6.
Fire protection 7.
Protection against externa! Impacts 8.
Major safety-related backfitting measures 9.
Accident management 9.1 Importance o+ accident management and integration into the design concept of nuclear power plants 9.2 Planning of measures within the scope of accident management l
9.3 Accident management measures 9.3.1 Preconditions for their implementation 9.3.2 Measures planned and/or already implemented 9.3.2.1 Concept for secondary-side and primary-side depressurization and coolant injection in the case of PWRs 9.3.2.2 Hydrogen distribution and hydrogen combustion inside the containment 9.3.2.3 R & D program for the investigation of the hypothetical melt / concrete interaction 9.3.2.4 Sampling system for accident situations 9.3.2.5 Depressurization of the containment of pressurized water and boiling water reactors following events beyond the design basis 9.3.2.6 Follow-up of work relating to accident management B. II.
Plant-specific results S
1.
Nuclear power plants with pressurized water reactor 1.1 Obrigheim Nuclear Power Plant (KWO) 1.2 Stade Nuclear Power Plant (KKS) 1.3 Biblis Nuclear Power Plant (KWB, Units A and B) l 1.4 Neckar-1 Joint Nuclear Power Plant (GKN-1) 1.5 Unterweser Nuclear Power Plant (KKU) 1.6 Grafenrheinfeld Nuclear Power Plant (KKG) 1.7 Mulhelm-Kiirlich Nuclear Power Plant (KMK) 2.
Nuclear power plants with boiling water reactor 2.1 W0rgassen Nuclear Power Plant (KWW) 2.2 Brunsbuttel Nuclear Power Plant (KKB) 2.3 Isar-1 Nuclear Power Plant (KKi-1) 2.4 Philippsburg Nuclear Power Plant (KKP-1)
I 2.5 Krummel Nuclear Power Plant (KKK) 2.6 Gundremmingen Nuclear Power Plant (KRB B/C) l l
C. Results of the Safety Review of Hamm-Uentrop Nuclear Power Plant (THTR-300) 1.
Systems engineering (status /backfitting) 1.1 Operating and safety systems, incident control 1.1.1 Components and pipes o Prestressed concrete vessel o Steam generators, main steam and feedwater pipes including connecting pipes (secondary circuit)
I l 1.1.2 Shutdown systems 1.1 3 Residual heat removal systems 1.1.4 Pressure relief incident and ingress of air into the reactor core l
1.1.5 Exhaust air system 1.1.6 Electric power supply 1.1.7 Fire protection 1.1.8
. Protection against external impacts 1.2 Accident managcment 1.2.1 Filtering of supply air to the control room 1.2.2 investigations of reactivity incidents 1.2.3 Depressurization of and re-injection into the steam generators l
1.2.4 Steam generator heating tube failure without steam generator isolation l
1.2.5 Emergency injection into the liner cooling system 1.2.6 Investigations with respect to core heatup incidents 1.2.7 Activity confinement l
2.
Operation l
2.1 Operating manual, training and preservation of qualification 2.2 Operating experience at the THTR-300
(
D.
Requirements for Future Periodic Safety Reviews i
of Nuclear Power Plants s
l 1.
Introduction 2.
Objectives 3.
Content and scope of the periodic safety review 3.1 Safety status of the plant I
3.2 Evaluation of the safety status and of the service record 3.3 Probabilistic safety analysis 4.
Chronological implementation of future periodic safety reviews 4.,1 Probabliistic safety analyses 4.2 Periodic safety review E.
Appendixes 1
Comments and Recommendations Submitted within the Scope of the Safety Review (Compilation) 2 List of Topics of the 1988 RSK Safety Review 3
List of Abbreviations
i 5-A.
Objectives, Procedure and Summary of Results j
s 1.
Advisory assianment The FederalL Minister of the Interior ("BMl") asked.the j
Reactor Safety. Commission ("RSK") in June 1086 to carry i
j out - apart from the analysis and evaluation of the ac-cident at the Chernobyl Nuclear Power Plant - a safety
]
review of all the nuclear power plants in operation or under construction in the Federal Republic of Germany.
This assignment was confirmed and further extended by 1
the Minister for the Environment, Nature Conservation j
and Nuclear Safety ("BMU") who took over responsibility
.l 3
in mid-1986, i
i The safety review carried out by the RSK. consisted of an examination along the lines of the current further j
{
development of the engineered. safety featurer of nuclear F
power plants, considering operating experience as well i
as new resultr. of both research projects and risk studies.
l-i In this context, it was also examined whether operating l
experience and findings derived from unusual events would be indicative of possible safety-related improve-ments in nuclear power plants.
Within the scope of the permanent advisory assignment of the RSK, the review i
also included the question whether, and if so which,
i measures of accident management will be reasonable, i.e.
how the low probability of reactor accidents can be de-creased further and how their consequences can be fur-j j
ther reduced.
i-Furthermore, the RSK was asked to submit a suggestion j
with respect to requirements for future periodic safety j
reviews of nuclear power plants as a supplement to the I
j' established supervision by the authorities.
)
- 2. Procedure 1
in August 1986, the RSK started asking the manufacturers j
and licensees of nuclear power plants for comprehensive j-plant-specific information as a basis for its safety re-view.
This request was supplemented further in the course of its discussions.
The respective procedure was t
based on a comprehensive discussion plan.
I i
j The discussions concerning the individual nuclear power plants were held within the RSK and its respective com-l j
mittees on the basis of the documents submitted, while hearing both manufacturers and licensees, and with the l
a participation, with respect to a number of topics dis-i 1
cussed, of the authorized experts called in for the nu-
. clear licensing and supervisory process.
The safety re-j i
4 s
- -.. ~..
- - - ~. -
t
, view mainly concerned questions of fundamental importance and is, therefore, not as detailed as the reviews car-ried out within the scope of the expert assessment j.
under the nuclear licensing and supervirory. procedures.
Expert opinions prepared on behalf of the state authori-ties within - the scope of the -latters' supervision under nuclear' law were taken -into acciount as far as their basic statements were concerned,-
e.g.
the safety an-alysis of Stade Nuclear Power Plant prepared by T0v j
Norddeutschland or.. the expert opinion on the nuclear facilities in
-the. State of' North Rhine Westphalla -
prepared by Elektrowatt ingenieurunternehmung' AG
(" EWi " ).
As far as Unterweser ' and Biblis A-Nuclear
. Power-Plants are concerned, comprehensive safety j
- analyses are under way within the scope _ of the nuclear j
supervisory processes of the states in question.
The RSK was Informed on the - respective status during its i
safety review.
I in the course of the safety review, discussion results with respect to topics of both generic and plant-i specific importance were ' approved by the RSK in the 1
form of either comments or recommendations (see com-pilation in Appendix 1).
Operational questions of the safety review of LWR nu-t clear. power plants were dealt with by an ad hoc working j
party specially set up for this purpose.
On the basis of a list of topics established for pressurized water L
and boiling water reactors, the operational questions j
were discussed in the respective plants while at the L
same time hearing the licensees.
Inspection rounds of i
the plants we e a major tool in support of the discussions.
f Scope and depth of the safety review of the individual nuclear power plants varied because of the following reasons:
Nuclear power plants which, at the time of the discus-l sion, were still under construction or whose nuclear commissioning had not yet been initisted although their construction was completed:
Brokdorf (KBR)
Isar 2 (KKl-2)
Emsland (KKE) j Neckarwestheim 2 (GKN-2) 4 Nuclear power plants which, at the time of the discus-i sion,
were in the process of nuclear commissioning or had started nuclear operation shortly beforehand:
i l-
~
Grohnde (KWG)
Philippsburg 2 (KKP-2) i r
-r
,-,,a
Mulhelm-Kurlich (KMK)
Gundremmingen B and C (KRB B/C)
Hamm-Uentrop (THTR-300)
Witn respect to these plants, comprehensive RSK dis-cussions on their safety-related equipment and on op-erational questions have been held recently prior to the grant of the operating license.and were finalized j
by recommendations.
For this reason, the safety re-view concentrated on questions of accident management.
l Individual safety-related and operational questions were discussed in addition.
Nuclear power plants which have been in operation for a longer period of time:
Obrigheim (KWO) l Stade (XKS)
Biblis A and B (KWB.A/B)
Neckarwestheim 1 (GKN-1)
Unterweser (KKU)
Grafenrheinfeld (KKG)
W0rgassen (KWW)
Brunsbuttel (KKB)
Isar 1 (KKi-1)
Philippsburg 1 (KKP-1)
Krummel (KKK) s With respect to these plants, all relevant groups of 4
subjects were discussed again within the scope of the safety review.
The majer aspects of the generic statements made in Part B.
l.
with respect to light water reactors also apply to the THTR.
Specific recommendations for the THTR are contained in Part C.
Kalkar Nuclear Power l
Plant (SNR-300) is dealt with in a separate recommen-dation.
The experimental reactor at Karlsruhe with Its very low output - the so-called "Kompakte Natrium-
' gek0hlte Kernreaktoranlage" (KNK ll), or compact sodium-will be included in the cooled nuclear reactor plant safety review at some later time, as may - be other nuclear facilities.
- 3. Summary of results Safety concept Experience shows that large-scale engineered facilities cannot be operated entirely troublefree in spite of high quality in terms of design, manufacture and construction.
Therefore, the der.isive thing is to take precautions against malfunctions, incidents and accidents within the scope of a foresighted safety concept. To achieve a
8-sufficient degree of protection, an in-depth safety concept is employed at several safety levels.
This concept is made up of a well-balanced combination of priority measures for the prevention of malfunctions and incidents and measures for their control up to the limitation of the consequences of accidents.
At the operating level (first safety level), design and manufacturing quality as well as the care exercised by plant management contribute to good availability.
With a
view to safety-related considerations, this is.of importance insofar as malfunctions and incidents are thus avoided at the same time.
Nevertheless, malfunctions of components or systems may turn up.
Typical examples include component faldures such as the failure of a pump in the primary system or also in the feedwater/ steam circuit.
When such opera-tional malfunctions
- occur, control and limitation equipment is used to maintain the 5.lant within admis-sible design limits for specified normal operation (second safety level).
This equipment is supported by a
utilization of inherent safety properties of the reactor plant.
The control and limitation equipment responds in a differentiated way and in accordance with i
the respective malfunction, e.g.
by way of power re-duction.
When the cause of the malfunction has been eliminated, it is right away possible to continue operation of the'olant.
At yet another level, the third safety level, nuclear power plants are also designed to withstand postulated accidents (design basis accidents) as a
precaution against damage.
The design basis accidents are defined in such a way that each of them is representative of a group of events taking a similar course, i.e. they are the basis for the representative loads for th6 respec-tive group of events for plant planning purposes.
To cope with the design basis accidents, safety systems are installed which are characterized by reliability, redundancy and, to a far-reaching extent, diversity and which fulfill their tasks even if the external power supply fails.
The efficiency and reliability of these systema is demonstrated in detail in the li-i censing procedure.
The safety features are also sup-ported by inherent safety properties of the reactor plant, such as negative temperature and/or power co-efficients.
A meaningful approach in terms of en-gineering always includes a strengthening of preventive measur
in response to the potential improvements identifi In the area described.
In the past few years, the further development of safe-ty engineering has always been oriented to a strengthen-Ing of prevention, i.e.
the avoidance of serious core j
e
damage.
The concept of staggered in-depth safety levels has proven its worth.
It is a well-balanced concept which does not require any further extension or modification from the point of view of the RSK.
The procedure for the designing of safety systems leads to an over-dimensioning of components and sys-tems and, as a result of the application of the single-failure criterion, to a redundant system design.
When considering things realistically, and when using the safety reserves of components, the systems are consider-ably more efficient so that they can be applied in a flexible approach in order to cope with events exceed-ing the design limits (severe accidents).
This concept also constitutes the precaution against core meltdown accidents, even if a hypothetically postulated failure of safety systems occurs.
Within the framework of safety studies, reactor safety research and risk studies, the safety potential which exists at nuclear power plants is further investigated systematically and t.tllized in a selected approach in the form of the derived measures of accident management.
The inclusion of accident management creates a fourth i
safety level, which is independent of the preceding levels.
This fourth level permits to prevent serious core damage and to warrant the integrity of the con-tainment even in the event of hypothetical failures of safety systems.
Safety r' view e
J In its safety review, the RSK has been dealing with the safety-related equipment of the individual nuclear power plants. In doing so, it also considered the design basis accidents to be postulated in accordance with today's i
practice and examined adherence to the protective aims.
It included operating experience and the feedback of malfunctions and incidents as well as experience made in other countries.
The operatioral organization in 1
the individual nuclear power plants was another impor-tant element.
Moreover, the RSK has dealt with events beyond the design basis.
For the evaluation of the results of its safety review, the RSK set up and adhered to the following categories:
Deficiencies which require immediate action at the plants concerned; i
Indications of improvements as a result of an evaluation of the operating experience relevant for the plant and of the further development of safety engineering;
i.
12 -
i.
i b
teristics were ' determined on the basis of the mainte-i nance. documents of nuclear power plants, and surveys were performed with respect to special components such-i as emergency diesels.
A!! in all, a satisfactory re-liability of the components was determined on the basis of. this information. -The RSK has repeatedly dealt with this question.
Inasfar as there was reason to carry out improvements, it has made corresponding suggestions, e
for example.with respect.to pilot valves of internal l
fluid-controlled valves, with respect to the main steam isolation valves of PWRs and with respect to other com-3 j
ponents.
In this context, the RSK underlines the im-1 3
portance of in-service inspections in l!ne with the j
requirements.
Within the scope of the safaty eview, the RSK has also bsen dealing with the reliability of the containment l{
isolation (cf. Appendix 1).
As a result of the review, design changes of the contrJnment isolation dampers were carried out in a number of plants.
l-1.3 Dischsras of radioactive substances durina j.
normal operation and occupational radiation j
exposure j
With respect to all plants, the discharge of radioactive substances with the exhaust air and with ITquid wastes
)
i during normal operation was far below the approved values, in most cases by about 2 orders of magnitude, over their entire operating livas.
In the course of
)
l the last 10 years, the discharge of radioactive sub-l L
stances has further decreased.
This is the outcome 1
of a number of improvements which were made, among l
other things, in the design of fuel elements and in ventilation and waste gas systems.
s Occupational radiation exposure is first of all due to work during inspections.
The decisive factors in this L
context are the scope of work on activity-containing t
systems and the dose rates involved.
it is in particu-1 lar due tc, backfitting measures on the primary circuit that higher values may occur in Individual years.
For f
example, the exchange of pipes in BWRs involved radia-tion exposures of approx. 20 person-Sv.
During the i
time from 1985 to 1987, the radiation exposures quoted j
in-the following table occurred at light water reactors.
What is quoted is the average collective dose of a l
i plant, and both plant personnel and outside personnel are considered.
Apart from the averaging over all plants, a difference has been made between plants which have been in operation for some time already (commission-ing prior to 1984) and more recent plants.
j i
s
~
~ '
13 i
Year All Plants Commissioned Commissioned No.
Collective
- prior to 1984 in 19,8f or later Dose /NPP No. Collective No Collective i
(Sv)
Dose /NPP Dose /NPP i
(SV)
(Sv)~
3 4
'1985 14 3.5 11 3.8 3
2.4 4
i 1986 16 3.0 11 3.8 5
1.4 1987 16 2.9 11 3.5 5
1.4
?
l
'}
Only plants which have been in operation all - year round 6
In spite of the scope of the nondestructive examinations
'l l
carried out, the radiation exposures are low.
This is l
due to a n9mber of measures and in particular also to l'
the automation of examinations.
Thus, even in the case of the nuclear power plants which have been in operation for a longer period of time, a considerable decrease in occupational radiation exposure was achieved, if compared i
on a long-term basis, despite longer overall operating lives.
The RSK has been dealing with this question for many years.
In its yearly audits in connection with the (ualuation of the operating reports it has worked towards c
a lowering of the doses and had quoted a reference value of 4 person-Sv per unit and year in previous alscussions.
)
i As is shown by the figures quoted, this reference value was not reached if the average of the plants is applied.
in individual plants, the reference value was exceeded in the years from 1985 to 1987, among other things as a i
i j
result of comprehensive work on the' primary system.
The i
highest annual value in a plant during this time was j
7.55 person-Sv.
The lower values for recent plants are 3
not only due to shorter operating lives, but also to i
J the consistent translation, already in the planning stage, of the operating experience gained at other plants.
1 4
1.4 U_nusual events The reportable events which the licensee of a nuclear i
power ' plant has to report to the supervisory authority j'
in charge are laid down in the reporting crite-ia for unusual events which are uniform throughout the Federal Republic.
Irrespective of the measures taken by the state governments concerned, these unusual events are gathered and evaluated in a central system by GRS on 4
behalf of the BMU.
i
=
3-mie
-e r
. - - -.. -. ~ ~
- - - -. - - - - - - - - -. ~.. -. _. Within the scope of. Its, permanent ' a'dvisory assignment, the RSK regularly evaluates unusual events.
It finds that none of these events involved. a danger to the population in the environment or the plant personnel as a result of radioactive substances.
As a result of its discussions - with respect to unusual events, the RSK.has, in a generic approach, recommended a number of. Improvements.
For its discussions, the RSK has available the annual reports of the licensees which contain the reports of all. unusual events to GRS, and also the reports through i
the incident' Reporting Systems of the Organisation for Economic Co-Operation and Development / Nuclear Energy Agency (OECD/NEA) and of the International Atomic En-ergy Agency (IAEA), as well as the transmittal reports j
prepared by GRS with respect to selected events.
Once a year the RSK discusses the operating experience of all the German nuclear power plants on the basis of the annual reports, and in particular the unusual events, j
and several times a year it discusses a selection of events' which also includes relevant events in foreign plants.
Current events are discussed according to the i
prevailing requirements, irrespective of these routine 4
discussions.
The experience with respect to unusual events is sum-marized as follows by the RSK-5.
l The by far overwhelming majority of the unusual events did not have any impact on power operation; j
j they.were e.g. reportable findings during in-ser-vice inspections.
Safety systems were required in a small number of 1
4 events, with a typical value of 1 or 2 times per 1
i year and plant.
j Insofar as safety systems were required during mal-functions they operated as designed.
1 4
Out of the unusual events, less than 1% involved an i.
increased discharge of radioactive substances.
In no case has there been a discharge of radioactive substances as a result of such an even.t that ex-ceeded the annual limit approved for normal opera-tion.
In a total of nine cases, short-term limits for normal operation were exceeded.
As a result of the routine discussions of unusual events by the RSK, a separate evaluation within the scope of the safety review was not necessary.
Instead, major emphasis was placed on the information about measu'es which were recommended and taken on the basis of events, 4
b i
.. ~
..... -.-.~.. - - - --.
{'
also with a view to the ' translation of the experience ga-thered at other nuclear power plants..
5 1.5 Procedure for the evaluation of safety-related j
operating experience in all plants, organizational measures have been.taken in order to evaluate safety-related operating experience' from. the plant in que'stion and from other plants.
The information which the licensees have at their disposal i
with resp-
'o the experience. gathered in other plants include:
s Experience from the Federal Republic of. Germany:
)
Event reports,. transmittal reports and other re-i ports distributed by GRS.
Reports distributed within the scope of the " Tech-I i
nische Vereinigung der GroBkraftwerkbetreiber" (VGB).
f, -
Reports distributed by the manufacturers.
4 Exchange of experience in the corresponding VGB l
I organs.
3 Experience obtained from foreign countries:
J
-incident reports within the incident Reporting Sy-stems of the Organisation for Economic Co-Operation i
and Development / Nuclear Energy Agency (OECD/
NEA) and the International Atomic Energy Agency i
4 i
(I AEA) as well as the related GRS evaluations.
Reports within the scope of the Institute of Nuclear i
Power Operations (INPO) and USERSp Information as a result of bilateral agreements.
The evaluations are handled differently at the various i
plants.
However, in' all cases the professional prepara-tion is made in the departments responsible for the tech-4 nical field concerned.
The reports distributed by GRS with respect to domestic and foreign events are also avall-able to the supervisory authorities and their authorized experts. The supervisory authorities ask their authorized j
experts and the licensees to submit comments on a case-l by-case ' basis, in many cases, the licensee is also ob-liged to submit comments with respect to its own plant in a routine procedure in response to all events occurring at German nuclear power plants.
4 The RSK is of the opinion that the relevant German op-erating experience is covered by the sources of information j
.--,7 w
+,
.-r+.-------4
--w-. -
i 16 -
j j
f referred to.. Similarly, the incident Reporting Systems of OECD and I AEA 'and.the reports by INPO and USERS cover Information 'on foreign experience. As far as the reports of the incident Reporting' Systems are concer-i ned, a preliminary evaluation of their applicability to German plants and a preliminary selection of the reports which are relevant for German conditions, including the preparation of additional information, are effected cen-trally by GRS on behalf of the BMU. The RSK found that a systematic evaluation of the reports by INPO and USERS Is more difficult, as there is no corresponding service.
1.
It holds that the evaluation at the Individual plants should
.be supported by a generic preliminary selection and pre-ilminary discussion of the reports by INPO and USERS.
- l i
f t awaits corresponding suggestions to be made by the licensees. Furthermora it points out that the evaluation 7
i-of operating experitnr beyond the events which have to be reported, remains one of the major tasks of licensees.
That the reports are dealt with by the respective de-1 partments at the nuclear power plants is an adequate procedure, since it is there that the importance of a j
l fact and the consequences to be drawn, if any, can be judged best.
The organization of handling shall be as dictated by the circumstances prevailing at the 'respec-tive plant.
The RSK recommends to make sure that all the departments concerned, and in particular the op-j.
erating personnel, are called in and that further ac-tion is coordinated The RSK underlines that, irre-spective of the form of organization chosen, the inter-departmental follow-up of the evaluation requires a suf-ficient number 'of staff disposing of solid knowledge of 5
the plant. -
1 4
I The active participation of plant personnel in the licen-see bodies for an exchange of experience is an important part of the feedback of experience.
The RSK welcomes these activitie< on the side of the licensees.
i The evaluation of the reports on operating experience by_ supervisory authorities and Technical Supervisory Inspectorates guarantees an independent review of the 3
measures taken by the licensees.
r The RSK will continue to deal: with the question' of the
~
evaluation of operating experience and, _ in doing so, will also treat the contents of the reporting criteria and j-the. classification of reportable events in terms of fur-ther improvement, it recommends to collect, in a central and independent approach for the entire territory of the Federal Republic, not only the events, but also the remedial measures taken.
1
.,..e
i j-2.
Operating and incident instructions, training Issues of the plant personnel 2.1 Operating and incident ' instructions in the l
operating manual With respect to more recent plants, the scope for the safe operation of a nuclear power plant is laid down in j-the. safety specifications.
For older plants, comparable provisions' exist.
These instructions are part of the
+
1 ope-ating manual.
[
lt is the licensee's responsibliity to see to it that the 4
plant is operated in accordance with these provisions and that the highest possible reliability of the safety systen,
I is ensured.
The organizational and administrative pre-
{
cautions for the performance of reviews and tests are also la!d down.
Should there be special occasions for reviews i
or tests which necessitate certain modes of operations which have to deviate from these provisions, the consent
(
of the supervisory authority shall be obtained.
in the incident chapter II, the operating manual contains l
the description of the automatic measures in the short-term phase as well as.further instructions for the plant i
personnel to enable it to cope with the incident. For l
design basis accidents, there are so-called event-orien-ted instructions each of which is tailored to a group of event sequences characterized by a design basis accident.
j Possible variations within the event sequence are taken into consideration by ramifications within an instruction or by more than one instruction (e.g. SG heating tube rupture).
The application of these instructions presup-poses that the type of incident is identified by the plant personnel.
For this purpose, the incident chapters con-tain a compilation of the identification criteria for the various types of incidents.
These event-oriented instructions are supplemented by state-oriented (also referred to as protective aim or symp-tom-oriented) instructions.
They do not require any knowledge of the type of incident (event) that has occur-red in order to cope with the incident but are oriented to the observed state of the plant and are exclusively l
directed towards the protective alms.
The superordinate protective aims to ba quoted include the assurance of sub-i criticality, sufficient core cooling and the safe confine-ment of the radioactive substances.
For each protective aim, the operating manual quotes the parameters which can
{
be used to check whether the aim is adhered to, as well l
I This chapter covers design basis accidents
]
4 -,
as the ' measures which are' provided for its adherence and for coping with the incident.
i With the exception of the KMK _ plant, the operating
' manuals currently contain the event-oriented incident instructions.
The state-oriented supplements are-alt'eady available at a number of plants whereas they J
are still being prepared. with respect to others.
The KMK incident chapter is mainly characterized by a state-i t
oriented structure.
Event-oriented descriptions are also provided as supplements-for the design basis ac-cidents.
These docu nents are available to the control j'
room personnel and serve above all. training purposes.
The introduction of an additional state-oriented chapter l
as' a supplement ot the: event-oriented instructions cot-responds to the RSK recommendations.
In this way, ac-tions are also made available for cases where the per-
, ' sonnel does not succeed in identifying an incident or where an incident takes an unexpected course, in part, this covers also event sequences which were not postu-l lated for the design of the plant.
Furthermore, per-sonnel training is supported by making the safety-j related background of the measures -to be taken in ac-j cordance with the respective event more transparent.
j The RSK has repeatedly discussed the measures and in-('
structions for coping with incidents, and in particular the state-oriented supplement of the operating manual for pressurized water reactors as well as the state-oriented procedure for the KMK..
The discussions of the i
corresponding concept for BWRs are being continued.
A 8
i detailed review of the incident instructions would have been beyond the scope of the safety review.
The RSK l
assumes that this is carried out by the supervisory authorities and authorized experts.
It takes it for granted that the experience derived from actual events is taken into consideration in the operating manuals.
4 I
Accident management measures which can be taken against events exceeding the design basis up to serious hypothe-tical accidents are described in a separate emergency manual and not in the operating manual. This is further discussed in Section 9.2.
1 i
I
., 2.2 Simulator training in the past, questions of the training of plant per-sonnel have been treated in detail, e.g. by way of the suggestions of the RSK when laying down the training contents or the information on the level of training at the time of the commissioning of nuclear power plants.
Within the scope of the safety review, the RSK has mainly been dealing with the scope of the simulator training.
Training on the simulator is part of the plant-specific training of the responsible shift personnel.
Among other
- things, simulator training has confirmed its j
necessity as a result of unusual events where human failure played an essential role.
~
Both power plant engineering and simulator engineering are in a process of continuous development.
The simu-lators which are in operation are backfitted in accord-ance with the current requirements.
New simulators were made available for a number of plants.
With respect to the scope of simulation it can be said that the PWR simulators are practically capable of simu-lating their reference plants 100%.
They cover all the 3
major parts, systems and components of the plant (e.g.
the nuclear steam generation system and the auxiliary, ancillary and supply systems).
I Moreover, all major operating states and operating func-tions (such as burnup states, startup phases) can be simulated.
Anomalous operation and incidents are taken into consideration by more than 150 basic events.
In addition, numerous combinations of malfunctions and in-cidents may be simulated.
As far as the scope of simu-lation is concerned, it can be said with respect to the PWR plants that the full-scale simulators used in the i
f Federal Republic of Germany correspond to the inter-national state of the art in terms of controi room and modelling engineering.
The layout of the training concept is such that in spite of partially different plant data and plant engineering i
as compared to the reference plants, the learning aims j
can be achieved by substitute measures, if necessary.
A plant-specific simulator is available for the plant at Mulhelm-KHrlich.
As far as the BWR plants are concerned it can be said that. the scope of simulation of the BWR-1 Simulator is i
approximately comparable to that of the PWR-1 Simulator used for the older German PWRs.
The contract for a plant-specific simulator (BWR-2) for the KRB-Il twin unit plant has already been awarded.
As a result of its discussions within the scope of the safety review, the RSK arrives at the following state-ments with respect to simulator training in the Federal Republic of Germany:
The RSK is of the cpinion that a continuous further development of the simulation quality is necessary for both PWR and BWR simulators.
.~.- -.
t.
- Another major aim of future activities should be the treatment.of events beyond the design basis. In this context, _ the preventive measures dealt with'in' the' emergency manuals (cf. Section 9.2) should be taken into consideration. A decision on the extent of. participation of the internal plant emergency staff in emergency excercises which also include.
J the simulator must be made in due time.
i
~
The program of simulator training should be follow-ed up by an independent authorized expert.
J Substitute training events should be organized in l
particular if the full extent of the training objec-
. tive for a specific plant cannot be achieved with the available simulators (e.g. because of plant-spe-cific features).
j During a first-time training on the simulator, about l
50% malfunction / incident situations should be dealt i
with as a rule. During retraining measures, the portion of malfunction / Incident training should l
clearly prevail. In order to use the time spent ~
on simulator, training as effectively as possible, a preparation in the plant which should be in kee-ping with the intended simulator training is neces-sary r.nd appropriate, in its further discussions of the training of personnel, the RSK will again deal with the duration of retraining.
For this purpose, it will also deal further with the que-stion of simulator use, and in particular with the appro-priateness of specific simulators at the nuclear power site in question.
3.
Information in the control room In connection with the safety review, the RSK asked the licensees to submit plant-specific inventories with re-spect - to the information which is avaliable in the con-trol 1 room and/or at the emergency control. room and with respect to the equipment of the control room and/or emer-gency control room areas with a view to longer stays of personnel.
In nuclear power plants in the Federal Republic of Ger-many, the control room is, as a rule, allocated to the switchgear building.
Because of its comprehensive sur-veillance and intervention possibilities, the control room is the central. location at which accident management measures can be taken in the case of events beyond the design basis in order to keep _the plant in a safe condi-tion or transfer it into a safe condition (cf. Section 9).
i 1
. As a matter of principle, there is a physically separst-ed emergency control room which, as a rule, is protected against external impacts and is provided with an indepen-dent power supply.
This station is used to keep the plant in a safe condition if a control room failure occurs.
For the ergonomic design of the control room, the con-trol room personnel was, in many cases, included in the-development. The RSK will continue to deal with this subject, cons!dering the development of the technology of information display and information processing.
The RSK points out that, as far es a few older plants are concerned, improvements should be made within the area of incident and wide-range instrumentation in ac-cordance with the requirements of the RSK Guidelines and KTA 3502 (Incident and Wide Range instrumentation) within a reasonable period of time. In individual plants, improvements have already been planned and/or implemen-ted.
In how far the existing control room instrumentation is suitable for measures of accident management will have to be dealt with when considering the individual measu-res.
4.
Quality of pressure-retaining components and systems including containment and pressure suppression system 4.1 Quality status 2
The requirements with respect to the Quality of the pres-sure boundary and of the outer systems are laid down in the RSK Guidelines for Pressurized Water Reactors, in-cluding the General Spec!fication " Basic Safety".
The same requirements are made with re "ct to the components of boiling water reactors.
Within the scope of its discussions accompanying the com-missioning of new plants, the RSK satisfied itself in each individual case of the adherence to the requirements for pressure-retaining components and systems as contained in the Guidelines.
With respect to the plants construc-ted after 1979, the requirements of basic safety are met.
In the older plants, numerous safety-related pressurere-talning components and systems have been replaced and substituted by components and systems of a higher quality in terms of design, materials and processing which fulfill l
the basic safety requirements.
The necessary backfitting measures were carried out either already during the con-
~
[
^
22 -
i struction ' phase or during inspection outages. ' Examples include vessels of the outer systems of PWRs and.BWRs, i
the exchange of. containment ' plates and measures taken
[
with respect to the - pressure suppression system and pipes :containing - reactor coolant, above all in the case of BWRs (also see Section 8).
}
With. respect 'to components and systems which were not replaced, the results of the BMFT research and develop-1 ment projects for component safety-and the results of the investigations initiated by the BMU showed that the safety level with respect.to' the required. plant moni-t
= toring 'and the in-service inspections is ensured.
]
. Moreover, the refitting and backfitting measures led to
.a considerable improvement in the preconditions for the successful application of nondestructive examinations.
l This applies above ali to. the extension of accessibility,
~
also - for the use of manipulators and for. the processing of surfaces..
In all other respects, the in-service inspections. so far l=
carried out with regard to the pressure-retaining walls of the reactor pressure vessels and the reactor coolant j
pipes of the PWRs and refitted BWRs have so far not in-dicated any operation-related damage.
4.2 Maintenance of the quality of components and
['
systems during operation j
The. pressure-retaining components are designed for the safe absorption of mechanical and thermal stresses, also j
considering neutron irradiation as well as operating and incident conditions, including anticipated transients, 4
for their entire operating lives.
The input data of fatigue analyses are checked by rep-4 resentatNe - comprehensive measurements of operating i
stresses.
l The demonstration concerning adherence to the fatigue conditions has to be made on the basis of actual operat-ing conditions.
If necessary design improvements or an adjustment of the operating mode are made.
In the re-p actor. pressure vessels of all plants, the neutron fluen-ce was and/or is monitored, among other things, by su-sp' ended accelerated irradiation capsules of the materials.
i It is thus ensured that the safety margin against compo-nent failure Is questioned -at no time.
I i
With respect to the influence of neutron irradiation on the wall of the reactor -pressure vessel it has to be sta-ted that the investigations of accelerated irradiation capsules '. carried out so far, together with the results i
i 4
1 4=
s
-.m,..
~.,. - -.,.,,. - -,, -
, of research projects, have confirmed the decrease in toughness postulated in the safety analyses, with the exceptions mentioned in the plant-specific part of this recommendation.
The integrity of the steam generator heating tubes is en-sured by a suitable mode of operation and monitored by means of nondestructive examinations performed during in-service inspections.
The incoloy 800 material used in the U tube steam generators of German PWR plants has been found to be, to a far-reaching extent, insusceptible to operational damage caused by stress corrosion cracking.
As a result of the wall thickness wastage identified du-ring the nondestructive examinations at the beginning,
measures were taken by which it was possible to mitigate
~
the deposition of corrosionpromoting wastage in the se-condary chamber above the tube plate.
In particular, the water quality was improved at most of the plants by discontinuing the use of phosphates. The procedures pre-ferred for the non-destructive examination, and in par-ticular the multifrequency eddy current process, have proven their worth as reliable testing methods.
The RSK will continue to deal with the questions involved in the influences of neutron irradiation and, in doing so, concentrate above all on the anisotropy of material properties and the spectral distribution of the' neutron energy.
For the detection of corrosion and erosion influences, monitoring measures are taken, including nondestructive examinations, in this context, no inadmissible corrosion-1 supported damage has so far been identified on the large components of the pressure boundary, and in particular on the pressure. vessels and the reactor coolant pipes (PWRs, BWRs), which meet the requirements of the RSK Guidelines and of the other engineering codes and guides, or which have been upgraded for adjustment to the stipu-lations laid down in these codes and guides.
The corrosion-supported cracks identified on a few other components which had not been refitted gave rise to the far-reaching elimination of the preconditions for the occur-rence of strain-induced stress corrosion cracking. These include j
further refitting measures, for adjustment to the conditions of basic safety; reduction of the amount and frequency of thermal loads (optimization of the operating mode);
i improvement of the water quality (in particular adherence to a low oxygen content);
i,
aimed selection of the locations to be examined dur-
-Ing in-service inspections as a result of the loading collective and the existing damage.
Besides, the RSK constantly deals with the questions of the influences of corrosion on pressure-retaining compo-nents of light water reactors and their internals.
On the-basis of the previous experience of many years of operation and the results of selected monitoring measu-res, improvements have been implemented against the dama-due to erosive corrosion in the secondary circuit.
ge Countermeasures concerned e.g. the use of chromium-al-loyed ferritic or austenitic meterials, the alkalinity of the coolant in the secondary circuit of pressurized water reactors, the prevention of high local flow speeds and pronounced flow disturbances.
I The tightness of the valves between drywell and wetwell of BWRs is also reviewed within the scope of the in-ser-vice inspections.
Inadmissible values did not result in any one case. The RSK requests the submission of analy-sis results with respect to the development of the diffe-rential pressure between drywell and wetwell in the cour-se of a loss-of-coolant accident for the individual BWRs.
i The review has left no doubt that the closed position of l
the valves in the early phase of a loss-of-coolant acci-dent is ensured in any case.
1 5.
Safety systems 5.1 Electric power supply At the nuclear power plants in the Federal Republic of Germany, the electric power supply to the safety-related l
equipment during normal operation is effected from the J
auxiliary power supply) of the power plant, which is in j
turn supplied from its own unit generator or the connec-ted power grid.
At all nuclear power plants, at least j
two decoupled grid connections are available for supply from the grid, in addition, most of the nuclear power plants dispose of another grid connection which can be used to get emergency power.
For the remaining nuclear power plants, the refitting of the further grid connec tion is being planned or implemented at present. Should the supply from the auxiliary power supply system fall, the emergency diesels of the emergency power system with its redundant layout will assume power supply to the equipment that is important in terms of safety.
Grid connection Operating experience shows that the connections to the high-voltage grid (110 kV to 380 kV) constitute a rell--
.. - - -- ~..
25 A
able potential supply for the important safety-related i
equipment of ' nuclear power plants.
This reliability is l
achieved'in particular by means of engineered and organi-zational precautions for the control of grid disturbances and for the restoration of the grid following a regional or supraregional failure of the grid.
1 The grids of the interconnected partner organizations are ' characterized by a sturdy design..They are re-motely controlled to a far-reaching extent and are monitored automatically.
Faulty means of operation j
and faulty grid sections can be isolated in a.' selective j
approach and bypassed for power transmission purposes.
In the case of an imminent grid breakdown, loads will be separated from the grid under a five-stage plan in order. to be able to continue the operation - of the grid in the area of the nuclear power plants.
For the resto-ration of the grid, a sufficient number of power plants are available which can be started up without power supply from the grid (pumped-storage power plants, gas-turbine power plants).
The sites of these power plants are widely distributed geographically so that power transmission to the nuclear power plant will be possible l
via at least one route.
s in the case of disturbances, the protection of the auxiliary power supply of the nuclear power plants is j
given top priority.
The necessary measures are laid down.
In addition, there are specifications for the interconnected partners in the Federal Republic of Germany and in Western Europe for the control and limi-i tation of disturbances in the interconnected grid and the restoration of the grid following a grid breakdown.
L i
As a result of their precautions and investigations the 4{
licensees have demonstrated that the nuclear power plants can be supplied again with auxillaidy power from the grid within one to two hours following a large-scale failure of the grid caused by an electric disturbance.
As far is mechanical damage in the area of the overhead transmis;sion routes is concerned, the RSK requests that j
in the case of a steel tower collapse and the postulated consequential damage, at least the further connection to j
the grid will remain intact so that this can be used by j
the respective nuclear power plant to get power in order j
to supply the necessary emergency power loads.
For this reason, the RSK considers a two-hour plan ing
)
value for accident management measures as realistic and sufficient, measured from the beginning of the failure i
]
of supply until the restoration of supply to the nu-clear power plants from the grid.
i
,n,-
,-,n-m
,q,-
d
- ~
Auxiliary power station 4
During normal operation, feeding into the emergency power system will be from the auxiliary power station.
In the case of a failure of ' supply from the auxiliary power station, the connections to the - emergency power system are opened, and the autonomous emergency. power diesel generator of the emergency power system will assume ' supply to the emergency power loads. In a few j
older nuclear power plants, there is no consistent phy-sical separation in the area of the auxiliary power j
stations, partly only at certain voltage levels. To the extent this has not yet been done, the RSK recommends to' check at these nuclear power plants and/or to make sure by means of additional measures that even in the 4~
i case of an internal failure-initiating event in the area of the auxillary power station ' (e.g. fire) a short-term substitution of the emergency power diesel generators by some other ' kind of supply (e.g. grid or adjacent unit) remains a possibility.
Moreover, the RSK recommends - to the extent this has 1
not yet been implemented - that a chronologically grad-uated addition of loads be provided for the long-term changeover inside the auxiliary power system, or that i
a demonstration be submitted showing that the admis-l sible voltages for the loads are adhered to in change-i-
over processes.
l
[
Emergency power system i
in the Federal Republic of Germany, each unit of a nu-l clear power plant has its own autonomous emergency power system.
At the individual nuclear power plants, the design (power capability, number of trains) of the
}
emergency power systems basically corresponds to the l
design of the process systems to be supplied.
At some older nuclear power plants, several trains of the emergency power system are not characterized by a i
consistent physical separation.
The RSK recommends that - to the extent this has not yet been implemented -
It should be checked, while considering the respective emergency system, which consequences an internal failure-initiating event (e.g.
fire) can have with respect to i
the plant (process engineering, instrumentation, dis-i plays in the control room).
It must. be made sure f. hat ir, case such an event occurs not only the'superordir. ate aims of protection (shutdown, residual heat removal, lo1g-1 i
1 4
9 e ps m 6
a
e
- j
^
1 l
term _ subcriticality) are fulfilled,. but also that the j
plant condition is displayed sufficiently, i
i l
in addition, the RSK recommends that - to the extent this has not yet been implemented - emergency power op-eration be initiated via two diverse activation criteria (as a rule, voltage and frequency) and that overvoltage protection for direct voltage' equipment be protected with j
i diode-decoupled load feeding against single failures.
Moreover, the RSK will continue to deal with the admis-1 sible periods of time for maintenance and servicing pro-4 cedures in the emergency power system.
l 5.2 Instrumentation and control equipment of the
~
r, safety system The instrumentation and control system of the safety sy-stem comprises the pickup and processing of measured val-i-
ues, the logic and evaluation circuits as well as the con-trol of the active safety. features. It monitors and eva-t l
luates the process variables which are of importance for j
the safety of a nuclear power plant and its environment and controls the active safety features in the case of malfunctions -and incidents in order to maintain the state of the reactor facility within safe limits.
in all nuclear power plants, the instrumentation and con-4 trol equipment of the safety system is designed redun-dantly and is reviewed at regular intervals, important events are discussed within the RSK.
All in all, opera-ting experience with the instrumentation and control equip-l ment of the safety system is good.
The instrumentation and control equipment of the safety 4
system is designed in accordance with the requirements derived from the incident analysis. It consists of several i
subsystems which are redundant to each other and which are, in general, separated physically and electrically.
l The demonstration of suitability is furnished by type and qualification tests, by operation and by in-service 1
inspections at periodic intervals. In this context, plant-specific features with ' respect to electrical, mechanical j
and process impacts on the instrumentation and control j
equipment of the safety system are taken into considera-tion.
{
.T_he RSK attaches great importance to the independence i
(electrical and ' physical separation) of the subsystems of_ the instrumentation and control equipment of the safe-ty system, including. their decoupling from the operatio-1 nai instrumentation and control equipment. For this area, i
4 and within the scope of the safety review, it recommen-j j
b
I ded investigations by authorized experts at the older nu-clear power plants.
The results of these investigations have not yet been made available completely. The RSK will continue to deal with this subject.
in adoition, the RSK will deal with the Instrumentation and control equipment of the safety system with a view to sufficient insensitivity (sturdiness) with respect to environmental and disturbing influences.
The RSK points out that the licensees are required to make special efforts to maintain the specific competence for servicing the instrumentation and control equipment of their plants.
5.3 Incident resistance of electrical equipment 2
The electrical equipment which is necessary for the operability of the safety system during incidents must perform its function also during the incident conditions then prevailing.
This electrical equipment is designed in accordance with the state of the art at the time of the construction of the respective nuclear power plant.
Electrical equipment was adjusted to the updated state of the art, also v 'th respect to its capability of with-stand incidents, when modifications and backfitting mea-l sures were carried out.
j Within the scope of its safety review, the RSK recommend-ed that differences which may still exist at individual nuclear power plants as compared with modern plants be identified and described in investigations carried out by authorized experts.
For some nuclear power plants, opinions by authorized experts are already available.
i in addition, the licensees have prepared and submitted reports on the capability of their plants to withstand incidents.
in general, these reports show that there is a sufficient incident resistance of the electrical equipment.
For a In particular of the useful life of furtner support the incl dent-resistant components - the RSK recommends a systematic review of the incidant-resistance of the electrica! equipment of ine esiety rystem and the in-cident instrumentation with a view to the incident con-ditions to be postulated, the selection of components and circuits to be designed in an incident-resistant way, and the test requirements for the demonstration of incident-resistance over their useful lives in nuclear power plants.
The RSK recommends to lay down, as a result of these in-vestigations, whethe'r and which groups of components l
4
.n.
should be subjected to practical tests on a random sample 4
- basis in order to establish their resistance to incidents, i
An essential precondition for the maintenance of the Incident-resistance of components is their suitable and sturdy. design.
The RSK recommends that the suitability and sturdiness of the respective design be evaluated as well when the incident-resistance is reviewed.
i 5.4 Reactor scram system l
The reactor scram system of the PWR uses control ele-monts which are kept in the withdrawn position, i.e. at the upper edge of the reactor core, by means of electro-magnets during power operation of the reactor.
If a i
reactor scram is initiated, the power supply to the i
holding magnets is interrupted and the control elements, as a result of their dead weight, drop into the core.
The effect of the scram system is fail-safe, i.e.
it i
reaches the safe state in the case of a power failure.
1 in the case of the BWR, the reactor scram is effected by a hydraulle insertion of the control rods.
The re-l quired pressure is generated by means of nitrogen blankets in water tan ks.
The insertion is initiated by opening the reactor scram valves.
Following a re-
)
actor scram, a spindle nut is repositioned as an ad-j i
ditional means to keep the shutdown rods in the reactor l
Core.
l Within the scope of the safety review, there have been
-)
i no doubts with respect to the efficacy and reliability l
of the reactor scram systems.
In connection with the discussion of the failure of the automatic reactor scram system at Salem 1 nuclear power i
plant (USA) in 1983, the RSK recommended to check the operating nuclear power plants with pressuri:.ed water reactors as to whether the reliability of the reactor scram system could be further increased by means of a second independent possibility of activating the reactor scram.
As a result of this recommendation, a second activation feature was backfitted.
The safety review has confirmed this approach.
1 i
5.5 Heat removal systems H
Nuclear power plants are provided with heat removal sys-tems which remove the heat from the reactor, both during 4
specified normal operation and after incidents. The safety-4 n.
.n
i L f'
related systems are redundant and provided with diverse drives in some instances, depending on the plant concer-
~ ned. These systems are connected to the emergency power supply system.
1 the case of. lealks, the emergency and l
In particular in residual heat removal _ system assumes. the function of cooling the. reactor sufficiently.
The emergency and residual heat removal system is made up of several sub-systems which are capable of feeding in against the sys-tem pressures resulting as a function of-the incident
~
in question.
For the BWR, the pressure suppression
' system - is also of importance in this context.
Below certain. leak sizes in the case _ of a PWR, additional heat must be removed via the steam generators for a cor-tain period of time.
Emergency feedwater systems are available to feed into the steam generators in these cases.
in the case of a failure of operational systems or parts of the safety systems as a result of external impacts,
e emergency systems or other suitable features will as-i sume the residual heat removal.
I The above-mentioned systems differ for different plants 4
j and series.
The RSK finds that, in some cases, even j.
comprehensive bar.kfitting measures were carried out in j
this area, in particular with respect to older plants.
The safety review has not resulted in any objections.
l 5.6 Exhaust air system Areas of a nuclear power plant where the room air may be contaminated are ventilated by ventilation systems.
An uncontrolled discharge of radioactive substances to the environment is prevented by the maintenance of sub-atomospheric pressure and graduated pressures and/or directed flows,
or also by the closing of isolation dampers.
Exhaust air _ from restricted access areas is monitored in accordance with the RSK Guidelines and, if necessary, directed through aerosol filters for the elimination of particulate radioactive substances and through iodine sorption filters for the elimination of gaseous idoine.
Exhaust air from compartment areas involving - a greater contamination potential, such as plant compartments of the containment of a pressurized water
_ reactor, is filtered continuously.
Incident filter systems are available In addition to the operat-Ing filter systems although they are not used during normal -operation - so as to have available the highest possible degree of filter efficiency.
Inadmissible
. operating states are. prevented by additional components
- such as droplet separators, heaters and pressure surge valves.
w gv
~
w
-~
' 4
^
Doth number and efficiency of-the exhaust air systems i*
were increased and improved with the increasing output of the nuclear power plants, the extended requirements and as a result of the further development of the state of the art.
In older nuclear power plants, filter sys-tems were backfitted in some cases so that additional requirements ere fulfilled, such as the filter systems w
for the exhaust air of the turbine hall in a number of 4
boiling water reactors, or the possibility of compartment-wise filtering of the exhaust air of the reactor auxil-lary building in the case of pressurized water reactors, l
as recommended by the RSK. As far_ as the older pressu-rized water reactors with single-train-annuius exhaust air handling (incident filters) are concerned, a further j
possibility for annulus exhaust air handling was provi-l ded in the majority of cases by the installation of a filter system operating when required, However, some, of the fil-ter systems which operate when required are not provided with droplet separators and secondary heaters and are nel-i ther ' designed for making avaliable the separating effi-ciency of the incident filters. A differing status of the i
exhaust air systems can be found which is, among other things, also due to the fact that more recent plants are provided with larger and, in some cases, additional filter systems, also for reasons of operation, e.g. In order to save time when preparing refueling.
l Adherence to the requirements of the guidelines was che-cked by the RSK in its discussions with respect to the commissioning of new plants.
i As recommended by the RSK, additional features are being installed at the nuclear pcwer plants within the scope of
)
accident management (see Section 9.3).
i.
5.7 Individual issues 5.7.1 Interface between high-pressure and low-pressure systems j'
On the basis of findings made in the course of the safety review, it shall be checked, in all nuclear power plants i
how the low-pressure systems connected to the reactor
,i cooling circuit are protected against an inadmissible ap-plic5 tion of pressure by means of isolation valves, safety valves, pressure measurements, position indicators of the valves, etc. The RSK requests information to be submitted with respect to connections between reactor cooling cir-cult and low-pressure systems.
The RSK is of the opinion that it is necessary to ensure that any internal overpressurization of pipes or other com-
1 l
. i e
ponents is - prevented whose failure may involve a. loss of i
- coolant outside the containment. The RSK asks for sug-
.ges on s.,with. respect tr such improvements'. It will dis-ti cuss the matter on the oasis of 'the suggestions made by i-the licensees.
I
)
5.7.2 Protection of safety equipment against flooding As far as the question of a flooding of building areas.
i is concerned which accommodate safety equipment, the RSK finds that a necessity of short-term operator interven-tion may result 'In the case of large-size leaks. This que-i stions' has been discussed repeatedly in the past, and se-lected precautions have been taken. In order to get a sur-vey of. the circumstances prevailing at ' all the nuclear power plants, the RSK asks for plantspecific information l'
concerning precautions against - flooding,
identification possibilities and statements covering the resulting con-3 1
sequences. The RSK. will discuss this subject as soon as the'information is avaliable.
5.7.3 Design of. pipes Inside the annulus in PWRs of more recent design, the ventilation pipes in the annulus are designed tq withstand pressures. This means that even in the case of a hypothetical combina-
~
tion of a loss-of-coolant accident and the postulated fal-lure of the containment isolation, the safety systems will retain their operability although they are not designed
- l against corresponding temperatures and the humidity.of the containment atmosphere in such a case. The RSK will continue to deal with this question for plants where the ventilation pipes in the - annulus are not of a pressure-1 resistant design. In this context, it will also check whether this question is of importance with respect to other kinds of pipes as well.
5.7.4 Containment penetrations Following a penetration isolation in the case of a loss-of-coolant accident, the water volume between the double i
Isolation features is heated up and expands as a result
)
of the heat conduction ' from the containment atmosphere.
The RSK asks' all nuclear power plants. to check the re-sulting stresses on the respective penetrations and, if necessary, provide relief possibilities for the section between the isolations.
The ' RSK wishes to be Informed on the results of these checks.
w.
ri,
.wr r-
,r--
+
'm
--m--
e
+ - *
. 5.7.5 Design of the reactor building crane The RSK gathered information as to how the design and mode Of operation of the reactor building crane are used to rule out, render sufficiently improbable or cope with a crash of a fuel element transport cask or of any other heavy load onto the spent fuel pit. It was found in this context'that the reactor building crane was designed and/
or backfitted in accordance with the relevant Safety Stan-l dard KTA 3902 in a number o( plants. The RSK takes l
note-of the fact that backfitting is planned for a couple of further plantss it asks the licensees of those plants for which no backfitting has so far beer, planned to state how the abovementioned protective aims are achieved (cf.
Pa rt B. 11. ).
2 5.7.6 Mode of operation during steam generator heating tube failure When designing PWR nuclear power plants, damage to I
steam generator heating tubes shall also be considered, and measures to control such damage shall be provided.
The RSK dealt with this issue in its discussions of the i
safety concept and the commissioning of plants. it dis-cussed again in detall special precautions for steam ge-nerator heating tube damage at plantr commissioned in i
l 1984 or later. It will again discuss the question with l
respect to plants commissioned before that date.
6.
Fire protection The measures taken to ensure fire protection have gained in importance in the course of the technical development I
of the nuclear power plants, !n particular the develop-ment towards greater output, in the course of time, an integrated fire protection concept was developed which is subdivided into the categories of fire protection mea-sures in terms of civil engineering, fire protection mea-sures in terms of plant engineering and fire protection measures in terms of plant operation. As this concept and the requirements laid down by it have undergone.a certain i
deveicpment in the course of time, its present form could not have been used in its entirety at the plants which were the first to be constructed.
I Within the scope of this safety review, the RSK asked the licensees, al=o with the assistoce of GRS, in how far the requirements were met at the individual plants.
The RSK finds that the conceptual differences are not Indicative of differing safety levels. It points out that, in the meantime, the fire protection measures for the ol-
. der plants now in operation are being adjusted step by step to the current state of the art. As a result of the generally unchanged structural features, additional plant engineering measures were applied to enable an early de-tection and fighting of fires, in addition, the RSK finds that it is in particular the emergency systems either in existence or under construc-tion that make a contribution to the improvement of the incident situations ini,tiated by fires.
Another essen-tlai improvement is the inerting of the containments of BWR3.
As a matter of principle, it has to be made sure that even in areas which are not easily accessible a suitable release will provide early fire fighting.
In this con-text, it has to be checked in how far the older plants are provided with a sufficient number of effective fire extinguishing equipment at the safety-related locations.
This global review carried out by the RSK - which can-not replace a detailed review by authorized experts has not bd to any basic complaint concerning the fire safety of these nuclear power plants.
Nevertheless, the RSK will continue to deal with this question and considers it necessary for the licensee to describe for each plant the fire protection measures in terms of civil engineering, plant engineering and plant op-eration.
7.
Protection against external impacts Of the various possibilities of external impacts affect-Ing a reactor, plant, those which hold the potential of massive damage to plant components are of particular safety-related importance.
They may be the effects of l
an earthquake, an explosion of chemicals, an aircraft j
crash or third-party impacts.
i All the riuclear power plants have been designed against earthquakes on the basis of the requirements valid at the time of their construction and/or the site-specific circumstances.
After 1975, a uniform design approach was made on the basis of a KTA safety standard (KTA 2201). Moreover, research work such as the shaker tests on the superheated steam reactor (HDR) has shown that the mechanical equipment in the plants la based on a very conservative design and is not endangered.
Man-made external impacts such as an aircraft crash on the reactor building or an explosion of chemicals in-
)
volving potential damage to safety-related features are
(
characterized by a very low probability of occurrence.
,~_
i Because of their low ris k, these. cases are not among the design basis accidents.
Nevertheless, _ since the early seventies, the RSK has recommended an increased structural protection against external impacts, includ-Ing in particular also protection against third-party r
!mpacts and againct the crash of military aircraft traveling at high speeds.
r Older plants are not fully provided with the structural protection which is a feature of modern plants.- However.,
It should be considered that, in the past, features for an autonomous residual heat removal were backfitted at a number of older plants.
Within the scope of its further discussions concerning accident management, the RSK will also deal with the question in how far these plants may use accident management measures to limit the consequen-ces of an aircraft crash and/or of third-party impacts.
en addition, the RSK recommends that the restrictions concerning flights over nuclear power plant sites be tightened and monitored more effectively.
8.
Major safety-related backfitting measures Within the scope of its safety review, the RSK obtained a survey of the major safety-related backfitting measures S
in the various nuclear power plants.
In the past, de-talled discussions were held in the RSK for the evalua-tion of measures of particular importance.
The examples to be quoted include the exchange of main steam and feedwater pipes in the nuclear power plants with boiling 1
water reactor, the backfitting of emergency systems, the exchange of vessels with large energy content, the exchange of the steam generators at the Obrigheim nuclear power plant, modifications of the high-pressure emergency core cooling injection system of pressurized water re-actors for the prevention of excessive thermal stresses on the reactor pressure vessel wall when feeding in as well as features supplementing the exhaust air systems.
The RSK finds that the backfitting measures it has re-commended in the course of time, e.g. following the TMI accident, have in the main been implemented.
As far as the backfitting measures as a whole are concerned, it states further that, in the tourse of the operating lives of the nuclear power plants, the backfitting measures have resulted in an adaptation to the state of more re-cent safety considerations.
As an example for this aspect, the independent autonomous emergency systems are quoted again which were constructed in response to the development of the consideration with re'nect to the physical separation of systems and the independence of redundant system for coping with both internal and external events acting upon the plants.
~
~
.~
. 9.
Accident management 9.1 Importance of accident management and integra-tion into the design concept of nuclear power plants As a precaution against damage, nuclear power plants are also designed against incidents to be postuiated (design basis accidents).
The design basis accidents are defined in such a way that each of them is representative of a group of similar events, i.e. they constitute the repre-sentative stresses for these groups of events for purposes of plant planning (cf. Guidelines for the Assessment of the Design of PWR Nuclear Power Plants against incidents, so-called design basis accidents, pursuant to Sec. 28, para. (3) of the Radiological Protection Ordinance: Decem-ber 1983).
In order to cope with the design basis acci-dents, safety systems are installed which are reliable, redundant and, to a far-reaching extent, diverse and which perform their functions even if the outside power supply falls. The efficiency and reliability of these systems is demonstrated in detall in the course of the licensing process. A meaningful approach in terms of engineering al-ways involves the utilization of identified potential im-provements by strengthening preventive measures. Thus, the further development of safety engineering in recent years has always been oriented to the strengthening of 3
preventive measures. This design principle also includes sufficient precautions against core meltdown accidents.
The concept of incident control has proven its worth. It j
is a well-balanced concept and does not need any further extension or mofidication from the point of view of the RSK.
Irrespective of this aspect, the consequences of hypo-thetical system failures and combinations of failures,
which have not been taken into account explicitly when designing the plant (Gvents beyond the design basis, severe accidents), were and are also being investigated within the scope of safety studies, reactor research and risk studies.
Analyses for the flexible use of existing systems and additional measures within the scope of accident manage-ment are based on the results of these investigations.
The starting point for the analyses with respect to such measures is the existing safety potential of nuclear power plants which results from the design of the plant for safe operation and against postulated design basis accidents.
Because of deterministic postulates in the analyses, which constitute the design basis, such as the single failure concept or the postulate of the inefficiency of operating systems for the control of design basis accidents, and be-cause of additional pessimistic analysis boundary condi-l 1
4 1
37 _
l 4
. tions, the existing - systems, if viewed-realistically, show considerably higher efficiencies than determi,ned in the j
analyses. This means that the existing systems, including l
i'
' the operating systems, can also be used for coping with events beyond the design basis.
The recommenM. tion of accident management measures does i
not mean that the safety features installed in the plants
{
are insufficient.- Such measures further add to the flexi-4
- bility of the plants when coping with events far beyone'
.l 1
the spectrum of design basis accidents (boundary conside-1 rations, area of severe accidents). Thus, they have to be allocated to the fourth level of the' in-depth safety con-q l
cept (safety levels).
In accordance with ' their protective aims, acc{ dent man-
,l agement measures permit an early control of the state of the plant and the retention of fuel and fission _ products 4
in the reactor pressure vessel and in the primary circuit i
with a high degree of reliabillt'y even if the events ex-ceed the design basis. _ And even if this were not success-ful, the broad spectrum of accident management measures provides for a decisive limitation of fission product re-lease. and the prevention of long-term contamination.
l The implementation of additional measures of accident ma-nagement is thus, in the opinion of the RSK, not a pre- -
i -
condition for the safe operation of the plant. These mea-sures are not part of the design basis accident concept, but plant-internal measures in the sense of a supplement to emergency planning (accident management).
i 4
f 9.2 Planning of measures within the scope of accident management j
Measures of accident management must be analyzed in par-1 ticular with respect to their efficacy, implementability, j
and compatibliity with the safety concept. On the basis i
of the analyses, the decision-making and organizational structures required for such measures will have to be laid down. For the individual measures, implementation instruc-tions have to be prepared whit.h shall be laid down in a document separate from the operating manual, i. e.. the 1
emergency manual. The RSK will continue to deal with the-se questions.
4 Within. the scope of the safety review, it has discusud the concept of the emergency manuals in accordance with which such instructions are tseing prepared at the various
- plants, in a number of plants, this work has already pro-j gressed very far. The personnel training is also extended to events exceeding the design basis, with accident mana-1 m
_e,
_~,
gement measures being included in accordance with the emergercy manual. The discussions of the concept of the emergency manual will also be contin 0ed.
9.3 Accident management measures 9.3.1 Preconditions for their implementation Within the scope of the safety review, the RSK has first dealt with the creation of the preconditions for the im-plementation of accident management measures. In the main, these concern the specification that, because of the com-prehensive supervisory and intervention possibilities, the control room should be the central location inside the plant where accident management measures are plan-ned, initiated, implemented and supervised. The importan-ce of the emergency control room and/or auxiliary shut-down Mation remains unaffected.
Moreover, the preconditions for the necessary power supp-ly must exist. As a result of experience with respect to the reliability of the power supply while using the mani-fold possibilities of the interconnected g rid, the RSK specified that, as a planning basis for accident manage-ment mea.iu res, the restored avaliability of an external power supply may be assumed again two hours after failure of this supply (cf. Section 5). In this context, the RSK assumes that the personnel at the grid switchgear stations have suitable instructions available for the switching of ilnes for the priority supply of the nuclear power plants.
The RSK recommends that the operator of the grid carry out a responsible check of the appropriateness of the in-structions and of the planned switching measures.
In the case of a total failure of the auxiliary power sy-stem, or in the case of a failure of the main and standby grids in the near range of the nuclear power plant, those loads which are needed for the safety of the facliities within the scope of accident management shall be capable of being fed by a cable buried in the near range of the nuclear power plant. The cable connection must be physi-cally separated from the main and standby grids in such a way that a simultaneous failure is practically excluded.
The licensees were asked to submit a plant-specific con-cept for their respective plants.
in addition, following a separation of the power plant unit from the grid, a fast return to the grid must be possible as soon as this is available again. It shall be investiga-ted and specified for each nuclear power plant which mea-sures have to be implemented after an interruption of the supply from the auxiliary power supply system (grid and f
i
s.
i generator) in order to be able'to establish a connection to i
the grid again as soon as this is avaliable, even if the emergency power dieseis are not available, in this context, the two cases of the emergency power diesels failing to i
i start and falling after having started shall be considered.
]
The RSK recommends to plan and design these measures in
'such a way that the connection to the grid can be estabil-shed at short notice as soon as the grid is again available.
4-To secure the direct voltage supply for accident manage-
- ment measures, the-RSK recommended to design - the - dis-charge times of the batteries in the einergency power sy-stem in such a way that the loads can' be supplied by the batteries alone for about 2 to 3 hours3.472222e-5 days <br />8.333333e-4 hours <br />4.960317e-6 weeks <br />1.1415e-6 months <br />. Corresponding mea-sures have been implemented or !nitiated.
1 j.
The investigation of the feasibliity of the measures of i
}
accident management also comprises, with respect to each i
!ndividual measure, the review of a sufficient instrumen-tation and availability of information as well as an unam-biguous specification of the criteria to be derived for j
the initiation of accident management measures.
F 9.3.2 Measures planned and/or already implemented l
As a ? result of the discussion in the RSK,. the ilcensees i
of German nuclear power plants with light water reactors have so far planned or already implemented the following accident management measures for which the RSK has sub-i mitted comprehensive recommendations or comments (cf.
the list in Appendix 1). Aspects which have turned up in the course of the implementation of the Individual measu-res will be addressed in the following.
i 9.3.2.1 Concept for secondary-side and primary-side
[.
depressurization and coolant injection in the case of PWRs i
j The primary aim in the implementation of measures for the flexible use of existing systems is the, prevention of a
~
core meltdown accident, or at least the retention of a da-maged reactor core inside the reactor pressure vessel, in j
order to-prevent any further progressing of the accident.
Moreover, in the case of such events, pressures in the primary system within the range of the response pressure e
j of the pressurizer valves shall be prevented. An early de-j/
pressurization increases the possibilities for flexible mea-sures for coolant injection into the primary system.
1-I f
f k
1 J
.-. - = _ - - -
-g.
i i
i' The licensees of the KWU pressurized water reactors in l
the Federal Republic of Germany have developed a concept -
which is based on the complete failure of the secondary l
1 side heat sink as a result of the failure of all operat-i ing and safety-related injection systems of the steam i
generators.
Priority is given to measures for a de-i pressurization of the steam generators and injection
~
into the depressurized steam generators, e.g. using the i'
feedwater tank as an accumulator, or mobile systems.
As a backup. measure,' the opening of the pressurizer valves on the primary side - is considered.
For this purpose, modifications in the activation and, in the case of older-plants, modifications of the valves and pipes are necessary in order to cope with the water loads.
j The RSK agrees to the concept.
It asks to be informed i
on the further development steps.
As far as the KMK plant is concerned, the licensee has so far not finalized an investigation of a primary-side depressurization as the time history of the KMK plant differs from that of the KWU PWR plants.
The RSK asked the licensee to submit investigations of the adequateness and possibilities of a primary-side depressurization.
9.3.2.2 Hydrogen distiibution and hydrogen combustion inside the containment BWR By means of a selected reduction of the oxygen ' content-in the atmosphere of the containment, inadmissible q
stresses acting on the containment as a result of hy-i drogen/ oxygen recombination in hypothetical events with a great prcduction of hydrogen can be excluded.
This is of particular importance for the boiling water re-actors of the 69 series, because of the relatively low containment volume.
An inerting concept was developed and has already been implemented in a number of plants.
This' provides for continuous inerting during operation and also takes into consideration the accessibility re-quirements with respect to the containment during normal operation.
The containments of the BWRs of the 72 series (KRB B/C) differ consider ably from those of the BWRs of the 69 series.
At present, the licensee of the KRB is in the process of developing an inerting concept and a pressure suppression concept which will take account of the different circumstances.
The RSK discussion will follow as soon as the correspond-ing documents are available.
l
4 PWR Th'e inclusion of accident management measures also con-stitutes a far-reaching precaution for the prevention of core meltdown accioents 'and the related formation of 1
If it is assumed as a hypothesis that in spite of the existing redundant and diverse safety features and pos-sible accident management measures the reactor core will remain insufficiently cooled for a longer period of time, and cannot be retained inside the reacter pressure ves-sel in the further course of the accident, the produc-tion of great amounts of hydrogen has to be anticipated as a result cf steam / metal reactions during the first few hours and the melt / concrete interaction in the long run.
The earlier this ignition and combustion of the hydrogen, the lower the stresses acting on the contain-ment and its internals.
if the production times of the hydrogen are considered and the fact that in such an accident scenario various i
Ignition sources exist for the hydrogen / air / steam mix-tures (e.g. hot surfaces, electrostatic charges by gas /
particle flows),
an early uncontrolled combustion of the hydrogen inside the containment at an uncritical point in time may be ~ assumed.
Together with the inert-ing effect of the steam, this combustion would not jeopardize the integrity of the containment.
in addition, comprehensive investigations.and develop-ments as suggested by the RSK were carried out for the early elimination of hydrogen inside the containment by means of a controlled ignition with the aid of autonomous fuses and films having a catalytic effect.
At present, the RSK is in the process of evaluating j
the results of these development activities and will l
make a respective recommendation in a few months' time.
l 9.3.2.3 R & D program for the investigation of the hypothetical melt / concrete interaction if it is assumed as a hypothesis (cf. Sec. 9.3.2.2) that, in spite of the existing redundant and diverse safety features and in spite of possible accident man-agement measures, the reactor core will remain insuf-ficiently cooled for a longer period of time, that it cannot be retained in the reactor pressure vessel in the subsequent course of the accident, and that the molten core penetrates the foundations as a result of thermal and chemical interaction with the concrete, it will spread both axially downward and radially inside the concrete.
i l
\\
' 1 To achieve a better understanding of these phenorrena, the RSK will assess - at a later time the results of re-spective research and ' development projects currently
+
under Way.
7 J
l 9.3.2.4 Sampling system for accident situations The RSK considers it necessary for all nuclear power i
plants to have a corresponding system for drawing
' samples from the containment atmosphere and from the 4
coolant folicwing design basis accidents.
The RSK is of the opinion that the determination of i
concentrations of radionuclides in the containment at-t mosphere and in the sump allows to draw conclusions
- l j
with respect to the condition of the reactor core fol-lowing an event beyond the design basis.
It - should i
therefore be examined how a corresponding measuring j
system can be implemented.
i it ' Is - the opinion of the RSK that when conceiving a sampling system for events beyond the design basis it must be clearly understood from which compartment L
areas and/or sumps the samples are drawn so that mean-ingful,, measuring results are obtained.
At present, the licensees are preparing a concept which will be discussed in detail in the RSK.
4 9.3.2.5 Depressurization of the containment of p' res-surized water and boiling water reactors l
following events beyond the design basis in December 1986, the RSK specified the requirements to be put forward, from its point of view, for a de-i pressurization system for the containment of PWRs, to be followed in June 1987 by those for BWRs, with re-spect to design and modes of operation, stresses to be taken into accou'nt, and layout.
1 i
The licensees of the nuclear power plants have taken up the RSK suggestions and, in the majority of cases, have
. olready submitted suggestions for the implementation l
of a depressurization system with filters.
. The RSK also discussed various filter systems which I
i permit an effective retention of aerosols and iodine (cf. Appendix 1).
i j
With respect to the safety-related importance of a
j measuring system for the monitoring of the emissions of radioactive substances during depressu'rization of the containment following an event beyond the design
t l
i 43 -
j i
basis, the RSK - feels that corresponding measuring val-1 ues should not be used in the decision on the depres-L surization, since unrestricted priority is given to the l
assurance of the integrity of the containment, and thus 1
the time for opening the corresponding relief valves is determined by the pressure buildup inside the contain-ment.
1 l
In the main, the emission values determined shall be used for the implementation of accident management measures and for a subsequent preservation of evidence. Details of the measuring equipment are still being discussed,
{
and a separate comment will follow.
9.3.2.6 Follow-up of work relating to accident manage-li ment 4
The RSK follows the results of the investigations carried j
out under BMU assignments with respect to measures of accident management, the results of work on risk studies i
for PWRs and BWRs, as well as further research results which are of relevance for the area of accident manage-j ment.
In due time, it will discuss the corresponding conclusions.
1 i
l 4
1 1
1 l~
l e
4 J
s n
L l
r e
e I
f-i 44 B.11. Plant-specific results In Part B.
l.,
the RSK reported on the results of the i eview and made recommendations which apply to all plants.
For Grohnde (KWG), Philippsburg 2 (KKP-2) and Brokdorf l
(KBR) nuclear power plants as well as for the so-called convoy plants, there are no additional recommendations.
The fo!!owing statements have to be made with respect l
to the other plants:
?
1.
Nuclear power plants with pressurized water reactor 2
1.1 Obrichelm Nuclear Power Plant (KWO) i
)
Reactor pressure vessel In the reactor pressure vessel of Obrigheim Nuclear Power Plant, the copper content !n part of the weld metal is higher than at the plants constructed after KKS.
There-fore, the toughness reduction as a result of neutron irradiation has progressed more rapidly in part of the beltline circumferential weld of the vessel at the begin-ning than had been assumed in the design.
By means of selected operational
- measures, and in particular the use of shielding dummy fuel elements and an adequate arrangement of the fuel elements in their different burnup states, the fluence increase could be reduced to 4
such an extent that the toughness decrease over the scheduled lifetime will remain within limits which do not pose any problem in terms of safety.
As in.the case of a loss-of-coolant accident caused by a small leak, i.e.
Involving only a slow pressure re-
- duction, the high-pressure emergency injection will j
preferably ta ke place via the hot-side pipe and the 3
emergency coolant is preheated to at least 70
- C in the case of a possible injection on the cold side after completion of the additional safety injection, the cold water injection loading case, which is de-cisive for the demonstration of the fracture safety of the beltline circumferential
- weld, can be excluded.
The condition of the beltline circumferential weld is monitored by fluence measurements and nondestructive i
examinations.
Analyses have shown that the toughness remaining over the lifetime will be sufficient, even under incident conditions, with respect to faults which cannot be detected during the nondestructive examination.
This means that the partial toughness reduction in the beltline weld, which is caused by neutron fluence, is sufficiently protected.
I
P Pipes of the pressure boundary The RSK expects that, considering the analyses still to be completed with respect to the reactor coolant pipe, an application of the leak postulates pursuant to the la-test version of the RSK Culdelines will be justified.
Electrical equipment The RSK takes note that at Obrigheim Nuclear Power Plant a short-term replacement of the emergency power diesel generators of emergency grid 2 by another supply remains possible in the case of an internal failure-initiating event in the area of the auxiliary power system (e.g. by fire).
At Obrigheim Nuclear Power Plant, the two trains of emer-gency grid 1 of the emergency power system are not con-sistently separated physically. While considering the emer-gency system, the RSK r ocommends to check which conse-quences may result for the plant (process engineering, in-strumentation, displays in the control room) in the case of an internal failure-initiating event (e.g. a fire), it must be ensured that in the case of such an event not only the superordinate aims of protection are fulfilled (shut-down, residual heat removal, long-term subcriticality),
but that the state of the plant is also displayed suffi-ciently.
in addition, the RS'K recommends to initiate emergency power operation in both emergency grids via two diverse activation criteria (voltage and frequency).
Exhaust air system At present, there is only one train of the annulus ex-haust air handling system.
The RSK takes affirmative note of the fact that a backfitting to 2 x 100% (Incident filters with droplet separator and secondary heater) is planned.
Control room and emergency control room The RSK takes affirmative note of the fact that an adap-tation to the requirerpents of KTA Po? Is planned.
Fire protection At present, improvements are being made with respect to compartmentalization, and a stationary fire extinguish-
- 4S -
l ing system is being backfitted.
The RSK makes reference to its statements listed in B. l. 6.
Depressurization of the containment following events beyond the design basis The pipes of the system have been implemented.
No final decision has as yet been made with respect to the filter concept.
The RSK will discuss this as soon as the concept documents are avaliable.
Filtering of supply air to the control room A mobile filter system near the control room is ready for operation.
The RSK requests that it be informed about the concept.
1.2 Stade Nuclear Power Plant (KKS)
Reactor pressure vessel In the reactor pressure vessel of Stade Nuclear Power Plant, the copper content of the weld metal is higher than at the plants constructed later.
Therefore, the toughness reduction as a result of neutron irradiation has progressed more rap!dly in the beltline circumfe-1 rential weld of the vessel at the beginning than had been assumed in the design.
By means of selected op-erational measures, and in particular a careful opera-tion of the reactor and a suitable arrangement of the fuel elements with their different burnup states, the fluence increase could be reduced to such an extent that the toughness decrease over the scheduled lifetime l
I will remain within limits which do not pose any problem in terms of safety, As in the case of a loss-of-coolant accident caused by a small leak, i. e.
Involving only a. slow pressure re-duction, the high-pressure emergency injection will take place via the hot pipe, the cold water injection load-ing case, which is decisive for the demonstration of the fracture safety of the beltline circumferential weld, can be excluded.
The condition of the beltline j
circumferential weld is monitored by fluence measure.-
ments and nondestructive examinations.
Analyses have shown that the toughness remaining over the Ilfetime will be sufficient, even under incident conditions, with respect to faults which cannot be detected during the nondestructive examination.
This means that the toughness reduction in the beltline weld, which is j
caused by neutron fluence, is sufficiently protected.
. Main steam pipes The licensee not'fied the RSK that it will replace the pipes in the main steam system 'between steam generator and valve station (feedwater head) outside the reactor building.
- Moreover, an internal valve station with control bypass will be available.
The RSK takes af-firmative note of this.
l l
l Electrical equipment At Stade Nuclear Power Plant, there is no consistent i
i physical separation in the area of the auxiliary power l
system. The RSK recommends to check and, if necessary, to make sure by additional measures that even in the case of an internal failure-init'ating event in the l
area of the auxiliary power system (e.g. fire) a short-term replacement of the emergency pow;er diesels by an-other supply system will remain possible.
At Stade Nuclear Power Plant, the two trains of emergency grid 1 of the emergency power system are not consistently separated physically.
While considering the emergency system, the RSK recommends to check which consequences may result for the plant (process engineering, instrumen-tation, displays in the control room) in the case of an internal failure-initiating event (e.g. fire).
It has to l
be ensured that in the case of such an event not only the superordinate aims of protection are fulfilled (shutdown, residual heat removal, long-term suberiticality), but that the state of the plant is also displayed sufficiently.
i In addition, the RSK recommends to initiate emergency i
power operation in both emergency grids via two diverse activation criteria (voltage and frequency).
Exhaust air system At present, there exists only one train of the annulus exhaust air handling system.
There is a multi-train filter system which responds when required, although it does not have any additional features for the reduction of the humidity of the air.
The RSK recommends the backfitting of one of the trains of the existing filter system, which can be switched to the annulus, with drop-let separator and secondary heater.
As an alternative, a second complete filter system for annulus air handling (incident filters) can be backfitted.
Control room and emergency control room
~The RSK takes affirmative note of the fact that an adap-tation.to the requirements of KTA 3502 is planned.
Design of the reactor. building crane The RSK takes affirmative note of the fact that-it is
' planned to backfit the reactor building crane in accord ance with the requirements of KTA 3902.
5 1.3' Biblis Nuclear Power Plant (KWB, Units A and B)
Pipes of the pressure boundary i
considering the analyses still to The RSK : expects that,
.be completed with respect to the reactor coolant pipe, t
an application of the leak postulates pursuant to the latest version of the RSK Guidelines will be justified.
Emergency system KWB A/B do not have unit-allocated emergency systems (of their. own). _ Support is ' from the adjacent unit. In the safety analysis mentioned (cf. Section A.
2.) for i
Unit. A, this will be assessed. The RSK requests that it F
be informed about the results.
L p
Design of the reactor b;.; ding crane It was explained to the RSN how the crash of a fuel j'
element transport cask or of any other heavy load on the spent fuel pit is' ruled out, rendered sufficiently improbable or. coped with.
'"he RSK will discuss this.
Y Electrical equipment J
2 At Sibils A Nuclear Power Plant, there is no consistent j
physical separation in the area of the auxiliary power -
j system.
In connection with the discussions of the emer-t gency power case on April 19, 1988, the RSK recommen-i ded to make sure' by additional measures that even in the i
case of an' internal failure-initiating event in the area j
of the auxiliary power system (e.g. fire) a short-term replacement of the ' emergency power diesels by another e
j supply system (e.g. grid or adjacent unit) will remain i
pos 'ble, in addition, the RSK recommended to arrange i
the.nain' grid' connections for Unit D along two separate overhead routes.
i
.49 -
At Biblis A Nuclear Power Plant, ' It is planned to ar-range two trains each of the four-train emergency power system in pairs and to provide consistent physical sep-aration.
While considering these changes and the smer-gency system, the RSK recommends to check which conse-quences may result for the plant (process engineering, Instrumentation, displays in the ' control room). In the case of an internal failure-Initiating event (e.g..
a
. fire).
It must be ensured that in the case of such an event not only the superordinate aims of protection are
. fulfilled (shutdown, residual heat removal, long-term subcriticality),
but also that the state of the plant is displayed sufficiently.
In addition, the RSK recommends to. Initiate emergency power operation in both units via two diverse activation criteria (voltage and frequency) and to protect the ex-cess. voltage protection for the 220 V direct voltage systems with. diode-decoupled load feeding against single faults.
Exhaust air system At present, the KWB A and B Plants only have a single-train annulus. exhaust air handling system.
The exhaust air filtering for the annulus and the reactor auxiliary building is effected only via aerosol filters.
The RSK takes affirmative note of the fact that a filter system which responds when required will be backfitted.
Control room and emergency control room 1
i j
The RSK takes affirmative note of the fact that _an adap-tation to the requirements of KTA 3502 is planned.
Depressurization of the containment after i
events beyond the design basis
}
A concept for the depressurization of the containment i
will be extended to cover lodine filtration.
The RSK asks for the concept to be submitted to it.
i Supply air. filtering for the control room l
A concept for the supply air filtering for the control j
room exists and will be dealt with by the RSK.
i
\\
3
.r e
a 1.4 Neckar-1 Joint Nuclear Power Plant (GKN-1)
Pipes of the pressure boundary The RSK expects that, considering the analyses still to be completed with respect to the reactor coolant pipe, an. application of the leak postulates pursuant to the latest version of the RSK Guidelines will be justified.
Fuel pit cooling system A third fuel pool cooling system will be backfitted during one of the next inspection outages. The RSK requests that corresponding documents be submitted to it.
Exhaust air system The RSK takes affirmative note of the fact that a filter system which responds when required will be backfitted.
Control room and emergency control room Following the modifications still under way, the incident instrumentation will correspond to KTA 3502.
Electrical equipment The RSK recommends to provide a chronologically gradua-ted addition of loads for the long-term changeover in the auxiliary power system, or to demonstrate that the admis-slble voltage values for the loads are adhered to when changing over, in this context, particular attention shall be paid to power supply to the heat sink.
In addition, the RSK recommends to initiate emergency power operation via two diverse activation criteria Ivol-tage anc frequency).
Design of the reactor building crane The RSK mquests an explanation of how the crash of a fuel element transport cask or of any other heavy load on the spent fuel pit is ruled out, rendered sufficient-ly improbable or cope with.
b 1.5 Unterweser Nuclear Power Plant (KKU)
High-pressure injection from the containment sump As a substitute measure for high-pressure injection from the containment sump, the licensee provides the sump /
residual heat removal system / volume control system pathway which permits injection at a rate of 14 kg/s.
Electrical equipment The RSK takes note of the fact that a long-term change-over feature exists in the auxiliary power system. The graduated addition of loads must be implemented in such a way that it does not fall below the admissible voltage limits nor trip the overcurrent protection. In this con-text, particular attention shall be paid to power supply to the heat sink.
At Unterweser Nuclear Power Plant, there is no consis-tent physical separation in either of the two + 24V trains in emergency grid 1 of the emergency power sys-tem. While considering the emergency syttem concerned, the RSK recommends to check which consequences may re-sult for the plant (process engineering, instrumenta-tion, displays in the control room) in the case of ar internal failure-initiating event (e.g.
a fire). It must be ensured that in the case of such an event not only the superordinate aims of protection are fulfillec (shutdown, residual heat removal, long-term suberiti-cality), but that the state of the plant is also dis-played sufficiently, in addition, the RSK recommends to initiate emergency power operation in both emergency grids via two diverse activation criteria (voltage and frequency) and to pro-tect the excess voltage protection for the 220 V direct voltage systems with diode-decoupled load feeding against single faults.
Control room and emergency control room The RSK takes affirmative note of the fact that an adap-tation to the requirements of KTA 3502 is planned.
l 4
- 1.6 Grafenrheinfeld Nuclear Power Plant (KKG)
High-pressure injection from the containment sump j
The RSK takes affirmative note of the fact that correspond-Ing backfitting measures are planned.
4 Control room _ and emergency control room
]
The RSK takes affirmative note of the fact that an adap-l tation to the requirements of KTA 3502 is planned.
Electrical equipment j
The RSK takes affirmative note of the fact that the excess voltage protection for the 220 V direct voltage systems is i
protected against single faults with diodedecoupled load i
feeding.
a l
1.7
. Mulhelm-K5rlich Nuclear Power Plant (KMK)
Exhaust air system The annulus exhaust air handling system of the KMK Plant is a two-train system.
The exhaust air of the annulus and of the reactor auxiliary building is passed only through i
an aerosol filter. The systems for the maintenance of sub-atmospheric pressure in the containment and in the annuius as well as the recirculation air fliter systems in the containment are equipped with both aerosol and activated I
charcoal filters.
The possibility of iodine filtering for the compartments of the reactor auxiliary building with corresponding con-tamination potential shall be reviewed.
Accident management The RSK will again deal with the concept of depressuri-zation on the primary side (cf.
B.
i., Sec.
9.3.2.1).
ii
'2.
Nuclear poer plants with boiling water reactor i
~
1 2.1 W0rgassen Nuclear Power Plant (KWW)
In-service inspections 1
- With respect to the recirculation water circuits, the scope of.the nondestructive' examinations has been ex-4' tended considerably since 1982.
Most of the correspond-ing baseline measurements have been completed.
Thc, test-
. ing areas with ultrasonic measurement displays which must he' recorded will be included in the program of the in-service. inspections and monitored for modifications.
e Electrical equipment i
1 l
At KWW, there is no consletent physical separation in the area of the auxiliary power systems.
In the case l
l of failure-in!tiating events in the area of the auxil-l J
iary power system- (e.g. a fire), the safety of the plant is ensured by the independent residual heat removal l
l system.
i i
The RSK takes affirmative note of the fact that the feeder provided to supply the independent residual
'~
heat removal system is independent of the auxiliary i
power system.
At KWW, two or three trains of emergency grid 1 of the
- i emergency power system are not consistently separated j
physically. While considering the emergency system, the RSK recommends to check which consequences may result 1
);
for the plant (process engineering, instrumentation,
displays in the control room) in the case of an internal i
failure-Initiating event (e.g. a fire). It must be ensu-red that in the case of such an event not only the super-j ordinate aims of protection are fulfilled (shutdown,
residual heat
- removal, long-term suberiticality),
but that the state of the plant is also displayed sufficient-1
]
ly.
1 In addition, the RSK recommends to protect the excess voltage protection for the 220 V direct voltage systems by means of diode-decoupled load addition against single failures.
Exhaust air system 1
The purge air system of the KWW is only a single-train system.
Filtering of the exhaust air from the turbine hall is not possible.
In the reactor building, exhaust i
\\
l h air. filtering of the. operating platform is possible.
The RSK recommends to backfit, and provide for. Incidents, a second filter system which responds when required and 1
can be changed over to the reactor building or the tur-bine hall.
i Control room and emergency control room I
l The 'RSK takes affirmative note of the fact that. adapta-tion to the requirements of KTA 3502 is planned.
Emergency measures Concepts for an additional reactor pressure vessel in-
[
jection and possible make-up feeding within the scope
{
~
of accident management are being prepared.
The RSK
)[
requests th&t the concepts be submitted in due time.
i i
2.2 Brunsbuttel Nuclear Power Plant (KKB)
L Pressure relief system Concerning the diversity of the safety and relief valves a concept of the licensees of the Series 69 BWR is be-Ing prepared.
It is planned to - Install bypass valves 1.
supplementing the main valves.
The RSK requests that i
the concept be submitted.
Diverse pilot valves exist on two safety and relief valves.
]
[
Postulated loss of water from the wetwell into the reactor building within the scope of incident control As a precaution against the postulated loss of water from the wetwell into the reactor
- building, it is planned to depressurize the reactor and transfer it into the residual heat removal mode of operation be-fore the orifice nozzle relief pipes of the relief valves emerge.
The operator is alarmed to a lack of water. In the wetwell by way of a hazard signal.
The measures to be taken are described in the operating manual.
The RSK requests that it be informed of the times available for manual intervention and tnat a draft concept be submitted as to how a postulated leak in the wetwell which cannot be isolated can be con-
- trolled, if ' necessary without manual intervention that J
would ' have to be effected within a relatively short pe-riod of time.
This will be discussed further by the RSK.
l i
j
55 -
Electrical equipment At KKB Nuclear Power Plant, there is no consistent physical separation of the trains of emergency-grid 1 of the emergency power system.
While considering the emergency system, the.RSK recommends to check which consequences may result for the plant (process engineer-ing, instrumentation, displays in the control room) in the case of an internal failure-initiating event (e.g.
a fire).
It must be ensured that in the case of such an event not only the.superordinate aims of protection are fulfilled (shutdown, residual heat removal, long-term subcriticality), but that the state of the plant is also displayed sufficiently.
The RSK recommends to protect the excess voltage pro-taction for direct voltage system.* with diode-decoupled load feeding against single faults.
i Control room and emergency control room The RSK takes affirmative note of the fact that an adap-tation to the requirements of KTA 3502 is planned.
Design of the reactor building crane The RSK takes affirmative note of the fact that a re-fitting of the reactor building crane in accordance with the requirements of KTA 3902 is planned.
Emergency measures a
Concepts for an additional reactor pressure vessel in-jection and make-up feeding within the scope of accident management are being prepared.
The RSK requests that the concepts be submitted in due time.
2.3 isar-1 Nuclear Power Plant (KKl-1)
Pressure relief system Concerning the diversity of the safety and relief valves, the licensees of the 69 BWR Series are preparing a con-cept.
The RSK takes note of this fact. It is planned to install two diverse pilot valves on two safety and relief valves.
4
.- ~
56 -
Postulated loss of water from' the wetwell j
i into the reactor building within the scope l
+
of incident control 1
2-As a precaution against the. postulated loss of. water l
4 from.the. wetwell into the reactor
- building, it is planned to depressurize the reactor and transfer it into the residual heat removal ' mode of operation be-j fore the orifice nozzle relief pipes of the relief i
valves emerge.
The operator is alarmed to a lack of j
water in - the wetwell by way of a ' hazard signal.
The j
measures to be taken are described in the operating j
manual.
The RSK requests' that it be informed of the
' times available for' manual intervention and that a i
draft concept be submitted as to how a postulated leak In the wetwell which cannot be isolated can be con -
trolled, if necessary, without manual intervention that
-- 1 l
would have to be effected within a relatively short pe-riod of time.
This will be discussed further by the RSK.
i j.
Electrical equipment l
l At K K l-1 Nuclear Power Plant, there is no consistent physical separation of two trains each of the four-s
]
train emergency power system (two trains are protected against external impacts).
While considering the
[
emergency system, the RSK recommends to check which consequences may result for the plant (process engineer-Ing, instrumentation, displays in the control room) in 4
1 the case of an internal failure-initiating event (e.g.
i a fire),
it must be ensured that in the case of such a.
i
]'
an event not only the superordinate aims of protection are fulfilled (shutdown, residual heat removal, long-term subcriticality),
but that the state of the plant j
is also adequately displayed.
l a
)
1 Control room and emergency control room i
The RSK takes affirmative note of the fact that an 3
adaptation to the requirements of KTA 3502 is planned.
)
l Design of the reactor building crane j
The RSK takes affirmative note of the fact th&t it is 2
1 planned to refit the reactor building crane in accord-1 l
ance with thh requirements of KTA 3902.
Emergency measures 4
Concepts for an additional reactor pressure vessel in-i jection and make-up feeding within tis scooe of accident i
management are being prepared. The RSK asks for submis-sion in due time.
9 e
e-
___.-_,-_----_.,____,---,____.-----w-
~
t 2.4 Philippsburo Nuclear Power Plant (KKP-1)
Pressure relief system Concerning the diversity of the safety and relief valves, the licensees of the 69 BWR Series are preparing a con--
cept.
It.is planned to Install bypass valves for the j
main valves.
The RSK requests that the concept be sub _
mitted.. Diverse - pilot valves - exist on two safety and relief valves.
i Electrical equipment i
l The RSK takes affirmative note of the fact that a second i
diverse activation criterion (frequency) is provided for the initiation of emergency power operation.
4.
Design of the reactor building crane '
l The RSK took affirmative note of the fact that it is planned to backfit the reactor building crane in accord-ance with the requirements of KTA 3902.
l' Control room and emergency control room i
The RSK takes affirmative note of the fact that an adap-tation to the requirements of KTA 3502 is planned.
i Emergency measures l
s Concepts ~ for an additional reactor pressure vessel in-Jaction and make-up feeding within the scope of accident management are being prepared.
The RSK requests that I
the concepts be submitted in due time.
2.5 Krummel Nuclear Power Plant (KKK)
)
Pressure relief system Concerning the diversity of the safety and relief valves, the licensees of the 69 BWR Series are preparing a con-cept.
It is planned to install bypass valves on the main valves. -The RSK requests that the concept be sub-mitted.
A diverse pilot valve system already exists on two safety and relief valves.
l
_=.
l 2.6 Gundremmincen Nuclear Power Plant (KRB B/C)
Pressure relief system i
The RSK asks for submission of the suggestions for a diversification of the safety and relief valves.
i Emergency measures With respect to accident management, the RSK is awaiting the submission of concepts by the licensee.
4 e
S
+.....
~....
L
~
. i
.C.
Results of the. Safety Review of Hamm-Uentrop.
1 Nuclear Power Plant (THT R-300) 1.
Systems engineerina (status /backfittina) 1.1 Operatina and safety systems, incident control 1.1.1 Components and pipes i
o' Prestressed concrete vessel i
The primary circuit of the THTR-300 with its continuous operating pressure of 39 bar is contained in a' prestressed concrete pressure vessel the interior of which is lined l
with a cooled steel liner.
The design pressure is 46 bar.
i The following statements are 'made.concerning its safety against failure:
As a result of the distribution of the l
tensile stresses to several hundreds of tendons each con-1 sisting of approx. 150 individual wires, even the failure of individual tendons (which need not~ be postulated) would not lead to a failure of the vessel. The failure of tendons would be identified by continuous monitoring of representa-tive tendons as a result of the increase in stress before the load-bearing capability of the concrete support struc-ture would be endangered.
The integrity of the vessel closures is such that they withstand 1.5 times the design pressure.
The integrity of the liner was demonstrated at 64 bar.
These facts and circumstances are evidence of the con-siderable safety potential of the prestressed concrete vessel.
o Steam generators, main steam and feedwater pipes including connecting pipes (secondary circuit) l The heat is removed through 6 steam generator / circulator units which are located in the prestressed conc ete vessel.
With respect to the decisive areas, the water /
steam circuit meets the criteria of basic safety.
1.1.2 Shutdown systems The THTR-300 has 2 independent and diverse shutdown
- systems, i.e.
the reflector rods and the core rods.
For reasons of safety, all reflector rod and core rod drives are embedded in the ceiling of the prestressed concrete vessel.
The reflector rod system is used for reactor control and scram purposes.
The 36 reflector rods can move freely in vertical boreholes of the side reflector.
L
- A They ' are-moved by an electric motor and a chain.
For scram purposes, - they will drop into-the reflector by-gravity. -..The same applies in the event of a power failure.
The core rod system is ' used for long-term shutdown and i
can render the reactor subcritical from any state of operation. _ The system consists of 42 core rods which are pneumatically inserted into the pebble Sed.
Any ' fast ejection of either core or reflector rods can
'[
be ruled out for reasons of design.
In the case.of an inadmissible reactivity gain, if any, or.in the case of a failure of the reactor scram system when required (ATWS), the physical design (negative tem-j perature coefficient of reactivity),
in combination with the high temperature strength of the reactor core, ensures the limitation of the reactor power.
Within the scope of the safety review, no doubts resulted concerning either the efficiency or the reliability of 1
i the shutdown systems (also see Sec.1.2.2).
i 1.1.3 Residual heat removal systems During incidents where the operating heat removal system i
and the startup grid supply' are available, heat removal i
is effected via the operating circuit within the scope of an automatic fast shutdown procedure.
In the case of incidents which lack the conditions of the fast shutdown procedure, a decay heat removal pro-cedure is ' automatically activated via the residual heat removal system.
This consists of two cooling loops (capacity of 100% each in' a ' pressure relief incident and 200% each with the reactor pressurized) each of i
which holos two of each of the active components.
To cover the case of a long-term interruption of the residual heat removal as a result of a failure of the l
two cooling loops,
the operating manual contains in-structions ("LUNWA") as to how a minimum emergency cooling chain can be made operative by manual inter-vention.
For this purpose, 3 hours3.472222e-5 days <br />8.333333e-4 hours <br />4.960317e-6 weeks <br />1.1415e-6 months <br /> are available after the interruption of the heat removal.
The safety revjew did not lead to any complaints.
i i
l
e,
1.1.4 Pressure relief incident and ingress of air into the reactor core in the case of an ingress of air into the primary cir-cult following a pressure relief, it is ensured that the amounts of air entering as a result of gas contraction in the primary circuit, air pressure fluctuations and natural convection will remain limited to levels which l
are insignificant in terms of safety.
The formation of i
a stack draft effect can be ruled out.
l l
The residual heat removal systems provide for a rapid l
cooling down of the primary circuit to temperatures at which the graphite corrosion of the fuel elements which are affected most becomes insignificant.
The resulting release of fission products can be neglected; the fo r-ms; ion of ignitable mixtures of gases can be ruled out.
Even in the case of the extremely unlikely combination of a pressure relief incident and a failure of the re-1 sidual heat removal systems, the calculations performed showed that the graphite corrosion of the bottom reflec-l tor which may be caused by the ingress of air will remain insignificant.
1.1.5 Exhaust air system The exhaust air system is designed in such a way that a l
negative pressure, as compared with the remaining compart-ments, !s maintained in those compartments where radioac-tivity may cccur as a result of operational leakages out of the reactor cooling system.
The measurements which have so far been carried out with respect to the activity in the primary circuit (coolant gas) resulted in levels for the various groups of nucli-des which are far below the design levels.
1.1.6 Electric power supply It is a plant-specific characteristic of the THTR-300 that two trains each of the four-train emergency power system have not been consistently separated physically. To the extent this has not yet been done, the RSK recommends to check which consequences a failure-initiating internal event (e.g. a fire) may have on the plant (process engi-neering, instrumentation, displays in the control room).
In the case of such an event, it must be ensured that not only the superordinate aims of protection are fulfilled,
but also that the state of the plant is displayed adequa-tely.
L__ __
. 1.1.7 Fire protection This global review carrled out by the RSK - which can-not replace a detailed review by an authorized expert -
did not result in any serious complaints concerning fire protection.
Nevertheless, the RSK will further deal with this question and considers it necessary for the licensee to submit the essential fire protection measures in terms of structures, plant engineering and l
operation.
l t
1.1.8 Protection against external impacts l
l Within the scope of its further discussions of accident management at this plant, the RSK will also deal with l
the question in how far accident management measures will permit a mitigation of the consequences of an air-craft crash or third-party impacts.
1.2 Accident Management i
1.2.1 Filtering of air supply to the control room The licensee showed that it will be possible to make a l
mobile filter system available which can be used when required.
The RSK recommends to implement this measure.
3 1.2.3 Investigations of reactivity accidents Within the scope of the safety review, no doubts re-suited with respect to the efficiency and reliability of the shutdown systems, including the associated con-trol and instrumentation equipment.
The licensee investigated the behsvior of the plant in the case of a failure of the core rods when required.
This investigation covered a representative spectrum of initial states of the plant.
The licensee showed that, if the long-stroke and short-stroke drive systems fall, the core rods can be insertad if pressurized gas cylinders (He or N ) are connected in time to the. long-2 stroke cylinders of 2 core rods each.
Moreover, a re-i criticality could be delayed by an injection of nitrogen into the primary circuit.
In addition, it is found that even a recriticality will be compatible with the system, since the reactor, as a I
result of its negative temperature coefficient of re-activity, will get stabilized at a level where the re-spective power can be removed by means of the residual heat removal system.
]
1
f l
I l
L
~
1.2.3 Depressurization of and re-injection into the i.
The licensee showed.that, ' beyond the procedures of the j
automatic residual heat removal and the procedure of heat removal after.3 - 5 hours5.787037e-5 days <br />0.00139 hours <br />8.267196e-6 weeks <br />1.9025e-6 months <br />' of interruption (LUNWA procedure), various steam generator valves can be opened by ' manual. intervention within the scope of the accident 2-
- management so that both pressure relief of and re-injec-tion into the steam generators will be possible.
t Y
1.2.4 Steam generator heating tube failure without l'
steam generator isolation i
l In the course of the licensing procedure, a hypothetical F
ivater ingress accident without steam generator isolation was investigated.
The analysis of this acccident had
]
been required prior to' the decision with respect to the omission of a safety valve on the prostressed concrete vessel.
The maximum pressure was calculated at 54.3 bar i
4 and does not constitute any danger to the prestressed i
concrete vessel (cf. Secs.1.1.1 and 1.2.7).
i l
1.2. 5 -
Emergency injection 'into the liner cooling l
system r
The occurrence probability of core heatup accidents i
with a simultaneous failure of the liner cooling sys-tem is determined by the long-term failure of the emergency power supply system.
It is smaller by ap-
,i proximately one order of magnitude than that of core i
heatup accidents with an operative liner cooling sys-l tem.
A minimum period of 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> is available for i
j the restoration of the liner cooling.
+
l The licensee explained the possibility,, of emergency l
1 injection into the liner cooling system from a fire-fighting pipe.
The fire extinguishing water system is i
independent of the' power supply system of the THTR-300.
After the implementation of a few modifications of the pipe network of the. liner cooling system, an emergency injection would be possible within 1 to 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> after being required. -
g i
t The RSK recommends to effect those changes of the pipe l
network of the liner cooling systems as are necessary 1 e to start emergency injection into the liner cooling
)
i
- system, when
- required, from the fire extinguishing system.
l s
l
+
l
_.. _ ~. -,
t 4
64 -
I 1.2.6 investigations with respect to core heatup l
accidents 4
j If it is postulated as a hypothesis that, in spite of l
the existing redundant and. diverse safety features and j
in spite of possible emergency measures, the reactor core - will remain insufficiently cooled over a longer period of time, then the reactor core will continue to j
. heat up and, with an increasing temperature gradient, j
more and more heat will be transferred via the core j
surface to.the surrounding components.
if the liner cooling system is in operation the pre-stressed concrete vessel will remain at operating tem-4 perature.
The liner cooling system constitute a heat sink.
This means that all the temperatures in the 3
primary circuit will gradually decrease again after j
7 days.
During this period of time, the mean coolant gas temperature will reach a maximum of 560
'C.
In j
this context, the thermal insulation of the liner of j
the prestressed concrete vessel is not endangered; the tendons will remain cold.
The possible failure of the j
top reflector and of the top thermal shield as a result of a failure of their suspensions, would not lead to any additional release of fission products.
I During the heating-up phase, the most essential aspect is the limitation of the pressure buildup associated with the heating-up of the coolant gas.
This is done by reconnecting the gas purification plant to the pri-mary circuit by manually opening again the penetration valves of the plant which are closed automatically dur '
ing this accident.
This measure has been prepared both technically and administratively.
The gas purification 3
plant is provided with a number of safety valves which limit the pressure to approx. 50 bar, and discharge fil-tered gases (aerosols) to the stack.
The release of fission products to the environment was investigated with respect to core heatup accidents for the period following the accident and without considera-tion of a filtering of the primary gas discharged via the i
I stack.
Even in the case of an unfavorable combination of release mechanisms for dominant fission products, the plant remains accessible for accident management measures.
This applies even if a long-term failure of the liner cooling system is postulated in addition.
i The RSK finds that the gas purification plant is of im-portance for the mitigation of the consequences of a
~
care heatup incident.
The,RSK considers the following emergency measures as meaningful:
let primary helium flow into the purified gas
- store, i
c
. discharge filtered gas from the primary circuit to the stack.
it recommends that the preconditions required for imple-menting these accident management measures be fulfilled within a closed concept.
In this context, measures de-laying the accident sequence, such as the moving of cir-culator isolation devices, should be taken.into conside-ration.
1.2.7 Activity confinement The most important activity barrier lies in the spheri-cal fuel element itself and in particular in the coated fuel particles.
Even in the case of high tetgeratures due to an accident, this barrier maintains its retention capability to a far-reaching extent.
Thus, the acces-sibility of the plant for accident management measures is also ensured in the accident scenarios under review.
The reactor core and the helium as the primary coolant l
~
are confined in the prestressed concrete vessel.
Ex-periments and investigations were carried out with respect i
to the behavior of the prestressed concrete vessel under extreme stresses which would only have to be anticipated
- in the case of a long-term failure of the liner cooling system. When a pressure of 70 bar is reached, the tight-ness of the vessel closures %ould be lost, and the ves-l sel would begin to discharge.
The load-bearing capabil-ity of the prestressed concrete support structure with a reduced concrete strength as a result of the tem-perature was estimated at 135 bar at the time of the latest opening of the pressure vessel closures.
The liner would fall only at even higher pressures, due to f
its large strain reserves.
Without any pressure relief, i,
a maximum pressure of 110 bar would not be exceeded in the course of the accident, and the load-bearing cap-ability of the x nforced concrete structure would al-j ways be greater than the pressure in question.
i The release cf steam and gas (CO ) when heating up the 2
concrete was also investigpted.
On the basis of the j
results obtained it can be assumed that for both steam and gas there are sufficient pathways - e.g.
along the i
armoured tubes and between liner and concrete as well as, j
at higher temperatures, through porcsities and the system of cracks beginning to form in the concrete - so that any inadmissible pressure buildup between liner and concrete l'
can be ruled out.
The RSK is of the opinion that although this vessel has j
considerable safety reserves against accident-related
- stresses, further in-depth investigations should follow I
with respect to.the discharge of steam and gases which A
t
-,+-,4 i---
r n,, - -
r
.yy
i 66 -
are discharged from the concrete during the heating-up process and might lead to a pressure buildup between concrete and liner.
2.
Operation 4
2.1 Operating manual, trainina and preservation of i -
Qualification 1
The ' RSK was informed as to the measures concerning the
]
4 acquisition of-qualification by the responsible nuclear 1
power plant personnel and the proof of such qualification i
as well= as the measures for the preservation of qualifi-i cation.
Both training and the measures for.the preserva-tion of qualification are_in compliance with the guide-lines of the BMU for, among other things, the proof of qualification, the content of the qualification examina-tion and programs for the preservation of the qualifica-tion of the responsible shift personnel at nuclear power plants.
Accordingly, the knowledge referred to as quali-fication is trained repeatedly at regular intervals.
It is intended that all shift supervisors, deputy shift su-parvisors and reactor operators attend, as a rule, a min-Imum of 100 hours0.00116 days <br />0.0278 hours <br />1.653439e-4 weeks <br />3.805e-5 months <br /> of such events a year.
The training
{
measures also include the observation of startup and i
shutdown procedur9s in the control room as well as the
" planning and practising of emergency measures.
Instead of the simulator training, the licensee places par-ticular emphasis on the regularl*-
epeated theoretical Instructions and practical exercises.
in its further discussions of personnel training, the i
RSK will again address the duration of retraining.
In this context, it will also continue to deal with questions of simulator use, and in particular with the suitability of a plant-specific simulator for the THTR-300.
As far as the state-oriented approach in incidents and i
accidents. is concerned, the licensee showed on the basis of a draft of the revised Chapter 3.1 " Incident treatment" how it intended to apply the state-oriented approach for the control of design basis accidents. The fulfillment of the protective aims of reactor shutdown, residual heat 4
removal and activity confinement is reviewed, i.ad instruc-J tions for action in the case of nonfulfillment are given, on the basis of flow charts.
in principle, the RSK is in agreement with the licensee as far as the state-oriented approach is concerned.
It recommends to also take into consideration 'another aim i
of protection, i.e.
to finish as quickly as possible an 4
5
l l s Ingress of water into the primary circuit during a steam generator leakage.
It requests that the draft of the modified ope rating manual be submitted to it again for discussion as soon as the the assessment will have been finalized.
In this context, it is also necessary to prepared an emergency manual which will have to be a separate document f rom the operating manual.
Manufacturers and licensee informed the RSK on the pre-paration and implementation of maintenance and modifi-cation work.
The preparation and implementation of maintenance and modification work are laid down in the s
operating manual.
Prior to their implementation, all the essential modification and maintenance activities i
will be evaluated in terms of safety by licensee, au-
~
thorized expert and supervisory authority.
i 2.2 Operatina experience at the THTR-300 The RSK was informed on the operating experience with the THTR-300.
Following the successful commissioning operation the plant was handed over to the licensee on June 1,1987. The RSK has discussed in detail the THTR-300 events that have occurred so far, and it will con-tinue this discussion.
The following were noteworthy events:
S Relatively frequent automatic shutdown with residual heat removal via the residual heat removal system The " automatic shutdown with residual heat removal",
which occurred relatively frequently at first, was re-leased, among other things, by limits which had been set too narrow. Thereafter, unjustified releases of the auto-matic residual heat removal procedure could be avoided by resetting the limits on the basis of commissioning ex-
]
perience.
j Increased occurrence of damaged operating efe-1 ments (absorber, graphite and fuel elements) beyond what had been anticipated N
The increased occurrence of damaged operating elements beyond what had been anticipated is attributed by both vendor and licensee to ' processes during the commissio-ning phase of the reactor. Because of ~ trials, the core rods were inserted into the core more frequently than is k
.-,,,.,n,.-
a 68 -
i i
normal, and the core had undergone a certain densifica-j-
tion. as an insufficient number of spheres had been cir-culated in the meantime. This meant.that unusually strong stresses acted on the operating elements. In addition, one core rod trial was performed without injection of ammonia which is normally added as a lubricant. The with-i drawal of the damaged operating elements from the reactor takes more time than had originally been anticipated, since the flow behavior of the reactor core, as quoted by both vendor and licensee, differs from the calcula-3 tions insofar as the operating elements traverse the reactor core more quickly in the center, and more slowly towards the rim, than had.been calculated. According to the licensee's estimate, operating elements which were damaged during the abovementioned trials will continue to be_ encountered for at least another six months of full-load operation when withdrawing t' s operating ele-ments from the reactor.
Difficulties when withdrawing operating elements from the reactor When ciruciating the operating elements of the reactor, it was found in the course of the power increase to 60%
of nominal power that the operating element throughput is considerably reduced by the singulizer / helical scrap
, separator.
The cause was considered to be a coolant gas stream which cools the sphere discharge tube and counter-acts the movement of the spheres (operating elements) to
+
be discharged from the reactor core.
For reasons of process engineering, this coolant gas stream was further increased with the rise in reactor power, since this al-i so involved an increase in the speed of the coolant gas j
circulator.
By means of design changes during the 1987 inspection outage, the coolant gas stream was redistributed in such i
a way that the withdrawal of the spheres at the neces-sary sphere withdrawal rate will also be possible at rated raactor power.
2 Failure of a helical scrap separator for the iden-4:
tification and separation of damaged and undamaged l
i operating elements There was a break in operation in April 1987, as one of the. helical scr*ap separators did no longer withdraw ans/
- spheres, its operability could be restored by a minor change in design.
j l.
i a
t 1
I
i Emergency pnwer case t
In the early phase of commissioning, an emergency power case occurred.
The event initiating the emergency po.wer case was the attempt to switch the electric feedwater pump over from a supply bus to a redundant bus.
The immediate cause for the separation of the transformer supplying the bus was identified as the short sequence of approx. 1 s between the cutoff and the renewed ad-dition of the pump.
This resulted in several changes in certain
- details, optimizations and process-related t
specifications.
i The RSK gathered information on the operating experience with and events so far encountered at the THTR-300 and 3
is in agreement with the measures taken by the licensee.
It does not see any reasons that would speak against the
}
licensee's explanation of the increased occurrence of damaged operating elements which has so far cantinued.
The RSK requests that it be also informed about any fur-4 ther occurrence of damaged operating elements and recom-3 l
mends an intensive investigation into the causes.
Within the scope of the current phase of inspection, the i
licensee has examined 6 hot gas channels and parts of l
the hot gas plenum by means of a probe.
In doing so, 3
it was found that the heads of some incoloy 800 central l
bolts and of two incolay 800 corner bolts, which are l
used for the fixation of metallic insulation packages, j
were missing in the channels.
t In addition, an inspection of 4 hot gas channels showed that a total of 5 graphitic parts were found to have become detached from the graphitic areas of three hot gas channels.
I Following the submissiorf of detailed information the RSK will discuss these findings.
4 I
4 i
)
b
_ _ 1 D.
Requirements fcr Future Periodic Safety Reviews of Nuclear Power Plants s
a 1.
Introduction The BMU asked the RSK to suggest requirements for fu-ture periodic safety reviews.
On the basis of the re-i suits of the current safety review and the continuous further development of safety engineering by taking into consideration both operating experience and un-usual events as well as new results of research proJ-ects and risk studies, the RSK makes the following suggestion:
2.
Objectives The. periodic safety review is to supplement the current review within the scope of the supervision of operation under nuclear law.
The periodic safety reviews are to be carried out ap-proximately three times during the operating life of a plant.
A first-time comprehensive review is to be carried out about 10 years after commissioning.
There-after, further reviews are to be carried out,at inter-
. vals of 10 years.
The RSK intends to deal with generic results of the safety reviews of the individual plants.
3.
Content and Scope of the Periodic Safety Review The RSK is of the opinion that the periodic safety re-view should have the following scope:
safety status of the plant evaluation of safety status and service record probabilistic safety analysis.
3.1 Safety status of the plant The safety status of the plant shall be described and explained by the licensee:
Systems engineering
. operating and safety systems
. accident management
. - -.. ~..
t i
Operation normal operation, unusual events and j
incidents
. accident manag'ement Multi-Unit Aspects (as far as relevant)
Fulfillment of safety-related requirements status report on the fulfillment of the
- j applicable safety-related requirements
[j-i Consideration of developments
~
. description of how the further develop-ment of safety engineering and of acci-dont management has been taken into consideration l
Backfitting measures l
compilation of the backfitting measures carried out and their justifications.
3 4
i 3.2 Evaluation of safety status and of service record The safety status of the plant as shown by the licensee shall be evaluated.
I On the basis of the available documents and by intensive l
discussions (audits) with the licensee, the areas to be j
evaluated with a view to the service record shall include, i
among others:
. plant management
. technical qualification
. o ganization
. in-service inspections 3
. maintenance
. feedback of experience
. radiological protection
, emergency planning j
. plant security.
3.3 Probabilistic safety analysis
- These safety analyses are to supplement the safety eval-untion referred to in Sec. 3.2 of the engineered safety 4
features of the nuclear power plant with progressing i
operation on the basis of probabilistic methods.
i-I
~
i L
The RSK is of the opinion that a probabilistri safety i
analysis shall be performed for each nuclear power plant.
)
. For this purpose, it is necessary to carry out event se-
.quence and reliability analyses (so-called level 1 ana-i lyses). The analyses shall be performed on the basis of
.an accepted methodology and using proven computer codes.
The RSK ' considers it advisable. that these analyses be carried out under the licensee's responsibility.
+
j l
if results of analyses are to be transferred to similar plants using - the " del a. approach" (e.g.
identical de-j sign. series, identical system layout, identical physical
]
arrangement of systems), the applicability remains to be checked in each individual case.
t With a view to the review of the probabilistic safety.
- analyses, the reliability data determined (reliability 4
~
of components, occurrence frequencies of initiatina 3
- events, probabilities for the failure of system func-j tions) shall be recorded at a central location for all the individual plants.
4 7
in the interest of a uniform and competent implementa-tion and evaluation of the probabilistic safety analyses it is advisable to call in an independent central insti-tution which has had many years of experience in the l
Implementation and evaluation of probabilistic safety 4
analyses.
The authorized experts called in during the
{'
_ supervisory process should also participate.
4 As a result of more recent findings in connection with the operation, with unusual events and with reactor 4
i safety
- research, the probabilistic safety analyses t
shall be updated.
i j_
4.
Chronological implementation of future periodic safety reviews 1
i i
4.1 probabilistic safety analyses The RSK is of the opinion that the probabilistic safety analyses should be started as soon as possibts.
The 4
RSK expects the analyses to be completed for all nuclear, 3;-
power plants in about 10 years time.
3 4.2 periodic safety review The RSK will.still deal with the separate setting up of i
a time schedule for the implementation of the periodic safety reviews.
In doing so, it will consider the aim t
of performing such a safety review approximately three times during the lifetime of a plant and approximately i -
p.4..
e g
av+
r w
e e-
73 s
t every 10 years.
The chronological order, i e. the stag-l gering of the time schedule, should be effected consider-ing the past operating lifetime of the plants concerned.
a F
a I
ll T
L E
~
f i
f I
i a
O e
1 J_ -
i e
a 4
S i
4 4
4 44 e
e 4
y,,
-- +
--j m -
m.
t Appendix 1 d
Comments and Recommendations made so far within the scope of the safety review 4
1 Status: November 23, 1988 a
en e
4 4
s I~
H 4
)
4 4
i A'1-1 Comments and recommendations made so far w1 thin the scope of the safety review A.
Generic Comments and Recommendations
- 1. COMMENT dated October 15,1986 (216th Heeting)
Evaluation of the results of the experts' meeting on the accident at the Chernobyl Nuclear Power J
Plant and further RSK discussions among other things, a compilation of the desired information for the safety review
- 2. COMMENT dated September 17, 1986 (215th Meeting)
Filtration of the exhaust air during the depres-surization of the containment following a core meltdown accident
- 3. RECOMMENDATION dated December 17, 1986 (218th Meeting)
Assurance of the containment isolation (for LWRs)
Equipment of control room and auxiliary shutdown station with a view to accident management (for LWRs)
Depressurization of PWR containments through aerosol filters in the case of core meltdown accidents Inerting of the containment (of B", Rs,
69 Series)
Rellability of the turbo injection pump (of BWRs, 69 Series)
- 4. RECOMMENDATION dated June 24, 1987 (222nd Meeting)
Nuclear power plants with boiling water reactor of the 69 Series (KWW, KKB, K K i-1, KKK)
Depressurization of the containment via a filter system i
~
- ~.- -
A 1-2
- 5. RECOMMENDATION dated October 21, 1987 (226th 1
- Meeting) i Accident management for nuclear power plants with J
light water reactors State of discussions:. October 1987 1
- 6. COMMENT dated April 20,1988 (231st Meeting) _
i Specifications for filter. systems in the depres-surization sections of the containments of PWRs and BWRs
- 7. COMMENT dated May 18, 1988 (232nd Meeting)
Formation and combustion of hydrogen following l
hypothetical core meltdown accidents in light l
water reactors i
- 8. COMMENT dated November 23, 1988 (238th Meeting)
Depressurization of the containment with the use of iodine sorption filters with molecular i.
sieves i
i
~.-
Plant-Specific Comments and Recommendations i
B
- 1. COMMENT dated September 17, 1986 (215th 1
Meeting)
Brokdorf Nuclear Power Plant (KBR)
Review of safety in connection with the i
accident at the Chernobyl Nuclear Power Plant i
- 2. COMMENT dated April 15,1987 (220th Meeting) i-Evaluation of the accident at the Chernobyl Nuclear Power Plant with a view to the Kalkar Nuclear Power Plant (SNR-300)
- 3. COMMENT dated June 24, 1987 (222nd Meeting)
Kr0mmel Nuclear Power Plant (KKK)
Inerting of the containment Kr0mmel (KKK) and Brunsb0ttel (KKD) Nuclear
- Power Plants Depressurization of the containment j
l
. through a filter system i~
)
A 1-3
- 4. COMMENT dated July 30, 1987 (223rd Meeting)
W DrunsbDttel Nuclear Power Plant (KKB) inerting of the containment
- 5. COMMENT dated November 25, 1987 (227th Meeting)
I Accident management measures for the convoy plants in accordance with the RSK Recommen-dation dated December 17, 1986
- 6. COMMENT dated November 25,-
1987 (227th Meeting)
Stade (KKS), Unterweser (KKU) and Grohnde (KWG)
Nuclear Power Plants Containment isolation Control room equipment Containment depressurization 4
j Meeting)
- 7. cot 1 MENT dated December 16, 1987 (228th Isar 1 (KKl-1) Nuclear Power Plant Depressurization of the containment through a filter system Inerting of the containment Supply air filtering of the control room, maintenance of overpressure
- 8. RECOMMENDATION dated March 16, 1988 (230th c
Meeting) i investigations with respect to event sequences for nuclear power plants with boiling water reactor, including measures of accident manage-ment, using Krummel (KKK) Nuclear Power Plant as an example
- 9. COMMENT dated March 16,1988 (230th Meeting)
Philippsburg 1
( K K P-1 ) Nuclear Power Plant Depressurization of the containment through a filter system -
Inerting of the containment Supply air filtering of the control room, maintenance of overpressure
- 10. COMMENT dated March 16,1988 (230th Meeting)
Philippsburg 2 ( K K P-2) Nuclear Power Plant Supply air filtering of the control room, 4
maintenance of overpressure
A 1-4 11.
COMMENT dated June 22,1988 (233rd Meeting)
Mulhelm-Kiirlich (KMK) Nuclear Power Plant Accident management Depressurization of the containment in the case of accidents Control room supply air filtration 12.
COMMENT dated June 22,1988 (233 d Meeting) i WUrgassen (KWW) Nuclear Power plant Accident management Inerting of the containment Depressurization of the containment Control room supply air filtration 13.
COMMENT dated September 21, 1988 (234th Meeting)
Grafenrheinfeld (KKG) Nuclear Power Plant Depressurization of the containment in the case of accidents Control room supply air filtration
~
COMMENT dated September 21, 1988 (234th Meeting) 14.
~
Philippsburg 2 (KKP-2) Nuclear Power Plant Depressurization of the containment in the case of accidents 15.
COMMENT dated November 23, 1988 (238th Meeting).
Neckar GmbH (GKN-1) Nuclear Power Plant Depressurization of the containment through filter systems Control room supply air filtration J
e 4
a u
A 2-1 i
Appendix 2 1.
List of Subjects for the 1988 RSK Safety Review 2.
Systems enoineerino
[
2.1 Operating and safety systems Components and pipes 4
o Pressure boundary o
Main steam and feedwater pipes o
Connecting pipes to the pressure boundary Heat removal system Primary side, secondary side (PWR)
Pressure suppression system (BWR)
Residual heat removal and emergency core cooling systems Closed cooling water system, drywell and wetwell spray cooling systems (BWR) l Shutdown system Emergency system Electrical equipment o
Control and instrumentation equipment of the safety system o
Power supply to the safety system 4
o incident resistance of the electrical equipment of the safety system and of the incident instrumentation o
independence (physical and electrical separation) of the control and instrumen-tation subsystems (groups of redundancies, plates)
Containment 4
Exhaust air system f
Control room and auxiliary shutdown station
' Fire protection Protection against external impacts Structures 4
Sampling system (incidents)
A 2-2 1
1 4
2.2 Accident manaaement
.]
1 Emergency measures for injection purposes Depressurization of the containment.
1 Power supply Sampling system q
Hydrogen distribution and combustion (PWR)
~
Supply air filtration for the control room
~
Inerting of the containment (BWR) i 3.
Operation
,: 3.1 Normal operation, unusual events and incidents z-Operating manual In-service inspections General operating experience Unusual events t
j Technical qualification Personnel training Training simulators and training on the training simulator 3.2 Accident management / disaster control 1
i Emergency manual f
Stay of emergency personnel Communication equipment 4
4.
Multi-Unit Aspects t
t 8
t
t'
)
i 0 &
I e,'
s 1'
Appendix 3 1.ist of Abbreviations __
Abnormal Transient Operation Guidelines l
ATOG Anticipated Transients Without Scram ATWS Operating Manual i
BMFT
- Federal Ministry for Research and Tech-BHB nology Federal Ministry of the Interior Federal Ministry for the Environment, BMI l
BMU Nature Conservation and Reactor Safety
~
Pressurized Water Reactor DWR l
i R6D Neckar Joint Nuclear Power Plant FsE Gesellschaft fur Reaktorsicherheit GKN GroBweizheim Superheated Steam Reactor GRS Atomic Energy Agency HDR International Institute of Nuclear Power Operations IAEA j
INFO l
(USA)
Brokdorf Nuclear Power Plant
- KBR Brunsbuttel Nuclear Power Plant l
l KKD Emsland Nuclear Power Plant KKE Grafenrheinfeld Nuclear Power Plant l
KKG isar Nuclear Power Plant KKI Kr0mmel Nuclear Power Plant Plant i
Nuclear Power KKK Philippsburg 4 -
~KKP Stade Nuclear Power Plant L
KKS Unterweser N0 clear Power Plant Nuclear Power Plant KKU 4
M0lhelm-K5rlich Karlsruhe Compact Sodium-Cooled Reactor i
KMK l
KNK Facility Cundremmingen Nuclear Power Plant l
l KRB
~
Nuclear Safety Standards Commisslon KTA Biblis Nuclear Power Plant i
KWB Grohnde Nuclear Power Plant KWC Obrigheim Nuclear Power Plant KWO Kraftwerk Union (Siemens)
KWU W0rgassen Nuclear Power Plant KWW Light Water Reactor Organisation for Economic Co-operation LWR and Development / Nuclear Energy Agency OECD/
Reactor Safety Commission NEA i
Kalkar (SNR-300) Nuclear Power Plant RSK l
SNP.
Bolling Water P.eactor Hamm-Gentrop' (THTR-300) Nuclear Power SWR THTR Plant Three Mile Island (USA)
Technical Supervisory inspectorato TMl TOV Assxiation of Large Power Plant Licen-VGB 4
sees 4
,ww erw w++i m
e---e
+-a 4
-e i
+--a-w-'
-w-
<r-