ML20153H303
| ML20153H303 | |
| Person / Time | |
|---|---|
| Issue date: | 04/22/1988 |
| From: | Fraley R Advisory Committee on Reactor Safeguards |
| To: | Zech L NRC COMMISSION (OCM) |
| References | |
| ACRS-R-1248, NUDOCS 8805120224 | |
| Download: ML20153H303 (1) | |
Text
l
- p Kic
/
UNITED STATES 8
i NUCLEAR REGULATORY COMMISSION 3
ADVISORY COMMITTEE ON REACTOR SAFEGUARDS C
g WASHINGTON, D. C 20655 April 22, 1988 MEMORANDUM FOR. Lando W. Zech, Jr.
Chairman FROM:
Raymon F.
raley, xecutive Dir or Advisory Comittee on Reactor Safeguards
SUBJECT:
ACRS COMMENTS ON AN IMPLEMENTATION PLAN FOR THE SAFETY G0AL POLICY, CORRECTED VERSION
The attached rcvised ACRS report corrects scientific notation used to express the frequency of core melt, the likelihood of a large accidental release, and the chance of early fatalities noted in the Comittee's and Dr. Okrent's coments.
Attachment:
ACRS Coments on an Implementation Plan for the Safety Goal Policy, dtd. May 13,1987(CorrectedApril 22,1988) cc: Comissioner Roberts Comissioner Bernthal Comissioner Carr Comissioner Rogers
&es
.- g on yA ceun.o, N
i
i CORP,ECTED"COPY: 4/22/883
,,purag'g UNITED STATES Corrected Pages: 3,4,9 88" NUCLEAR REGULATORY COMMISSION n
b'
,E ADVISORY COMMITTEE ON REACTOR SAFEGUARDS C
O, g
WASHINGTON, D. C. 20555
%,.... f PDA GDWKf' May 13, 1987 The Honorable Lando W. Zech, Jr.
Chairman U.S. Nuclear Regulatory Commission Washington, D.C.
20555
Dear Chairman Zech:
SUBJECT:
ACRS COMMENTS ON AN IMPLEMENTATION PLAN FOR THE SAFETY G0AL POLICY During the 325th meeting of the Advisory Comittee on Reactor Safe-guards on May 7-9, 1987, we formulated coments on the NRC Staff's proposed implementation plan for the Comission's August 4, 1986 Policy Statement on Safety Goals for the Operations of Nuclear Power Plants. This topic had previously been considered during our 321st, 322nd, 323rd, and 324th meetings in January, February, March, and April of 1987, and during a subcommittee meeting on January 7, 1987.
In our review we had the benefit of discussions with the NRC Staff and the documents listed.
We do not consider the current Staff proposal (Reference 1) suitable as a plan for 'rplementing the Safety Goal Policy.
Instead, we propose a plan of three elements:
1.
Use of safety goal criteria by the RC Staff to judge the adequacy of regulation rather than to make regulatory judgments about specific plants.
2.
Recognition and fomulation of an explicit hierarchical struc-ture among the interrelated criteria in the overall goal.
j 3.
Continuation of a program to make risk estimates for specific plants, as a sampling process to assist in the evaluation of regulation.
USE OF THE SAFETY GOAL l
It appears that the plan proposed by the NRC Staff is intended for their use in judging whether a specific nuclear power plant can be permitted to operate or continue to operate.
If the Staff concludes i
that a plant does not meet certain quantitatively stated elements of
, < - JT U
n -
y@U (y I Y t
);'
l
The Honorable Lando W. Zech, Jr. May 13, 1987 the Safety Goal Policy Statement, an evaluation would be made of possible changes, for example in design, equipment, or procedures, to determine if such changes would result in an improved or acceptable level of risk in a cost-effective manner.
We do not believe that probabilistic risk assessment (PRA), on which the proposed process is based, is sufficiently developed to be used to make narrowly differentiated decisions about specific plants.
Rather, the Safety Goals should be used in a more global manner to judge the suitability of existing regulations and regulatory practices, or to assist in formulating whatever changes are necessary to provide confidence that nuclear plants are operating within an envelope established by the Safety Goals.
We continue to believe that systematic examinations of individual power plants as described in the Severe Accident Policy Statement, based in part on insights gained from risk analyses, can serve many useful purposes.
For example, the search for risk outliers for individual plants should be performed.
We believe that detailed qualitative information on plant characteristics and behavior is an important result of such a search, but that quantitative information (such as core melt frequency estimates for an individual plant) developed by a PRA is less robust.
We are convinced also that direct participation by managerial, engineering, and operational personnel in a systematic examination of their plant can provide them with valuable insights and understanding of plant behavior in abnormal situations.
The Safety Goal Policy should be used by the NRC Staff chiefly as a standard for judging the adequacy and appropriateness of regulations and regulatory practices to assist them in reaching decisions about regulatory requirements.
However, to make the Safety Goal Policy usable for these purposes, development in two areas is needed.
The multiple goals and criteria should be related more logically in a hierarchical structure, and the "sampling" of existing plants should be expanded beyond the work which served as a basis for NUREG-1150, "Reactor Risk Reference Document," Draf t for Coment, dated February 1987.
HIERARCHICAL STRUCTURE OF THE SAFETY GOAL AND IMPLEMENTATION PLAN Several goals and guidelines are included in the Safety Goal Policy.
We believe that it would be useful to present these in a hierarchi-cal st"ucture to facilitate implementation of the Folicy in a range of circumstances. The highest level would serve as the Comission's statement of intent in regulating nuclear power and could then be used in decisions about broad policy matters and general comparisons
The Honorable Lando W. Zech, Jr. May 13, 1987 with other industrial and technological activities.
The lower levels could then be used, as development is completed, by the NRC Staff in making specific regulatory decisions.
Each subordinate level of the hierarchy should be consistent with the level above, but should be a
more practical surrogate, representing a
simplification or quantification of the previous level.
Each surrogate should not be so conservative that it creates a de facto new policy.
It should also provide a basis by which to assure that the Safety Goal Policy objectives are being met.
A recommended hierarchical arrangement of the multiple goals in the Policy Statement is presented below.
- Level One:
This would be the pair of qualitative goals as stated in the Commission Policy Statement of August 4,1986.
- Level Two:
This would be the pair of quantitative health objectives as stated in the same Policy Statement.
- Level Three:
This wculd be the previously proposed general performance guideline that the likelihood of a large accidental release should be less than IE-6 per reactor year.
If this general perfortnance guideline is to serve as a surro-gate for the Safety Goal Policy objectives, as proposed in our letter of April 15, 1986, it should represent a level of safety cunsistent with the Level One and Two goals. A definition of a large release as one that will lead to whole body doses of 5 or 25 rem to an individual at a plant boundary, as has been given some public mention, does not satisfy this criterion.
Such a definition is so much more restrictive than the Level One and Two goals that it, in effect, establishes an alternative policy rather than serving es a more easily applied surrogate.
We believe that this is a distortion of the intent of the Policy and suggest that a consistent definition of a large release would be one that, if it occured, would result in significantly larger whole body doses.
- Level Four: This level of the hierarchy would consist of three performance objectives to be relied on in ensuring that the safety of operating plants is consistent with the Level One, Two, and Three criteria.
These objectives should be explicit enough that they could be used by the NRC Staff in making decisions about specific regulations and regulatory practices.
Such objectives are described below.
i-The Honorable Lando W. Zech, Jr. May 13, 1987 i
(1) The first performance objective would be an expression of the effectiveness of plant accident prevention systems.
We have previously recommended a goal of "less than IE-4 per reactor-year" for the mean core melt frequency "for all but a few existing plants."
By core melt, we mean loss of assured core cooling which can result in severe core damage.
There is an unquantified, but probably substantial, difference between the probability of loss of assured core cooling and the probability of the "core on the floor stage".
The latter is more surely threatening to the health and safety of the public, but is also less likely.
In relating this performance objective to the risk-based Safety Goals, one will have to confront the difficult technical issues associated with the progress of a severe accident.
This will not be easy, but a core melt prob-j ability objective is less useful at this level of the hierarchy if its relation to the ultimate objec+.ive is unclear.
Core melt, as defined here, is an identifiable waypoint in the development of a severe accident.
(2) The second perfomance objective would be an expression of the effectiveness of the f? sign of plant accident mitiga-tion systems.
Between core melt, as defined above, and challenge to containment, as normally understood, there i
are several stages at which the accident sequence may be arrested.
A containment performance objective cannot be stated simply in terms of the Level Three probability of a large release and the probability of a core melt as discussed above.
1 We recomend that as a minimum the containment performance i
objective should be such that there is less than one chance in ten for a large relesse for the entire family of core melt scenarios.
(3) The third performance objective would be an expression of how well the plant is operated.
This remains to be developed.
A separate objective of this sort would not be necessary if operating performance were appropriately considered in the first two performance objectives.
However, present methods of analysis for performance objectives are based primarily on system design only.
For this reason it seems necessary at this time to consider operations in a separate objective, if the Safety Goal j
1 The Honorable Lando W. Zech, Jr. May 13,1987 Policy is to be applied to plant operation and not just %
plant design.
We recognize this to be a major undertak-ing, but regard it as essential to a meaningful imple-mentation of the Safety Goal Policy.
- Level Five: The final level of the Safety Goal Policy logic is the existing body of regulations and regulatory practices.
Implementation of the Safety Goal Policy, as we propose, can be viewed as a review of "Level Five" to ensure that it is con-sistent with and carries out the intent of the goal levels above it.
The overall policy implementation that we propose consists, in effect, of transforming a bottom-up system of regulation to a top-down system as the maturing of the nuclear industry and regulation and understanding of risk have per-mitted.
In the end, as the effectiveness of the detenninistic regulations and regulatory practices is more closely related to the Safety Goal Policy, it will be appropriate to adjust the regulations and reaulatory practices to make them consistent with the Safety Goals.
SAMPLING 0F PLANTS As indicated above, our recomendation for implementation of the Safety Goal Policy is that it should be used principally as a measure of the adequacy of the regulations and regulatory practices.
Safety performance at nuclear power plants then should reflect to a substantial degree the success of these procedures.
Further in order to measure effectiveness of the regulations and regulatory practices, the product must be tested.
The essential difference between what the ACRS proposes and what the Staff has proposed in this regard is that we believe the measurement of specific plants against the safety goal should be explicitly recognized as a sampl-ing process. The goal of the process should be to determine why and how the regulations and regulatory practices have caused an individual plant or a class of plants to conform with or fall short of the goal, not to simply determine whether an individual plant or class of plants conforms with or falls short of the goal.
The purpose of the body of regulations and regulatory practices should be to provide a population of nuclear power plants that conforms to the Comission's safety policy intent, as. expressed by the Safety Goal Policy.
A Safety Goal Policy implementation plan structured as suggested above can and should be used by the NRC Staff in its evaluation of proposed changes in regulation that arise from a variety of sources, suc1 as operating experiences and resolution of generic issues.
However, we believe a more proactive program should be undertaken as i
i
The Honorable Lando W. Zech, Jr. May 13, 1987 part of the Policy implementation.
This would be a prioritized, systematic review of the body of regulations and regulatory prac-tices (i.e.,
Level Five of the recomended Safety Goal Policy 1
J hierarchy) for conformance with the overall Policy. Such a program would be, in some regards, a continuation of the work that has
'resulted in the draft NUREG-1150 and in previous assessments of full-scope PRAs for particular plants.
However, we believe a new program can be better focussed on sampling a sufficient number of plants and classes of plants with the aim of assessing the effectiveness of regulations and regulatory practices that have guided the design, construction, location, and operation of these plants.
LIMITATIONS We note that there must be recognition of important limitations in the implementation of the Safety Goal Policy. These limitations are essentially those of the PRA methodology used, and are caused by a i
fundamental inability to accurately predict and calculate precise values of risk.
Variability in data, uncertainty about applica-bility of data, imperfect understanding of important physical phenomena, and inevitable incompleteness in analysis all contribute to this limitation.
The NRC Staff must recognize the limitations of risk analysis and limitations in the definition of the Safety Goals themselves and must apply sufficient margins within its regulations and regulatory practices to accomodate these limitations. They have always had to make sucn judgments and allowances.
The key point is that the NRC Staff and the industry will be better able to make balanced and consistent decisions about regulation, design, and plant operation
{
with guidance provided by the Safety Goals and PRA than without.
j The development of a Safety Goal Policy has been a long and diffi-cult, but an important and pioneering, effort. We believe an imple-mentation plan along the lines we have proposed will ensure that the Policy is used effectively in regulation.
Additional coments by ACRS Member David Okrent are presented below.
Sincerely, l
William Kerr Chainnan
p The Honorable Lando W Zech, Jr. May 13, 1987 Additional Comments by ACRS Member David Okrent 1.
The general plan proposed by the ACRS for implementation of the Safety Goal Policy seems attractive at first sight.
The ACRS recomends the use of safety goal criteria to judge the adequacy of regulations rather than to make regulatory judgments about specific plants.
The ACRS does not believe that PRA is sufficiently developed to be used to make narrowly differentiated decisions about specific plants.
One major problem with this approach, in my opinion, arises 1
from the current USNRC backfitting rule, which says in 50.109 Part(3):
The Comission shall require the backfitting of a facility only when it determines, based on the analysis described in paragraph (c) of this section, that there is a substantial increase in the overall protection of the public health and safety or the common defense and security to be derived from the backfit and that the direct and indirect costs of implementation for that facility are justified in view of this increased protection.
1 A host of more easily specified backfits was hurriedly required in the United States after the accident at Three Mile Island, some with inadequate evaluation.
However, the more difficult but often more significant issues have been deferred for years.
These have now met up with a backlash against backfitting where I fear the pendulum has swung too far.
France and the Federal Republic of Gennany (FRG) have each maintained a disciplined program of backfitting, as well as promulgating safety improvements for nuclear plants to be built.
France and the FRG have utilized PRA methodology in a way which resembles the ACRS proposal.
Deterministic require-ments were developed, frequently with the aid of insights obtained from PRA, to deal with perceived vulnerabilities in the overall safety approach.
Cost / benefit analysis was not ignored but does not appear to have had a dominant impact on the decision making process in France and the FRG.
I would have more hope for the proposed ACRS approach if the basic USNRC safety position was to achieve in timaly fashion a reasonable assurance that the high level safety goals and quantitative design objectives were being approached or met, without undue emphasis on cost / benefit analysis and the test
1 4
The Honorable Lando W. Zech, Jr. May 13, 1987 for "a substantial increase in the overall protection" as has been practiced during the past few years.
2.
I agree with the ACRS that an additional sampling of nuclear plants is needed in order to consider the adequacy of current regulations.
In my opinion, draft NUREG-1150 not only is inadequate for this purpose, it is also misleading with regard to the present level of safety of LWRs in the United States, and should not be used by the NRC to provide such a perspec-tive.
I have many reasons for this opinion, some of which follow:
- External events are not included in draft NUREG-1150 (Reference 3).
- Many other potentially important contributors to risk, such as design and construction errors, aging and inade-quate qualification of equipment, certain aspects of human error, certain types of systems interactions, and the effect of poor management qdality are also not included in draft NUREG-1150.
- Some of the plants studied in draft NUREG-1150 had previ-ously received the benefit of safety improvements result-ing from one or two earlier PRAs on the same plant.
This is not the case for the majority of operational LWRs.
- The PRAs in draft NUREG-1150 do not account adequately for the kinds of significant events which have occurred during the past two years or so at Surry, Brunswick, Trojan, Davis Besse, Rancho Seco, and TVA, among others.
- The PRAs in draft NUREG-1150 report core melt frequencies i
much smaller than those estimated for many of the plants 4
examined in connection with USI A-45.
Hence, not only is much additional sampling needed, but also i
some means must be developed for factoring into policy de-cisions the uncertainties and the significant gaps which exist in current PRAs, and for providing. confidence that nuclear plants are operating within an envelope established by the Safety Goals and the supplementary objectives.
i 3.
In view of the uncertainties and imprecision in PRA results. I i
disagree with the ACRS position that, if the general perfor-mance guideline on large releases is to serve as a surrogate, it should represent a level of safety consistent with the
The Honorable Lando W. Zech, Jr. May 13, 1987 Safety Goals.
First I should note I do not look upon the general performance guideline on the frequency of a large release as wholly or primarily a surrogate.
Furthermore, I prefer that one seek some level of assurance via performance guidelines that successively higher level goals or objectives will be met.
I question the suitability of the definition of a large release which is currently proposed by the NRC Staff.
If a complemen-tary cumulative distribution function of one or more early fatalities has a chance of IE-6 per reactor year, may not the chance of 100 early fatalities be uncomfortably high at sites with large nearby population densities?
Also, does such a proposed definition of a large release allow adequately for severe radioactive contamination of large land areas and for other relevant factors?
References:
1 1.
Memorandum dated January 2,
1987 from Victor Stello, Jr.,
Executive Director for Operations, to the Comission,
Subject:
i "Safety Goal Implementation Status." with enclosures on Frame-work for Safety Goal Implementation, Implementation of Safety Goals in Decisionmaking for Changing Generic Requirements, and Central issues Treated in the Safety Goal Implementation Framework
?.
U.S.
Nuclear Regulatory Comission Report, 10 CFR Part 50, "Safety Goals for the Operations of Nuclear Power Plants "
Policy Statement, dated August 4,1986 3.
U.S.
Nuclear Regulatory Comission Report, "Reactor Risk Reference Document," NUREG-1150, Volumes 1 to 3 Draft for Coment, dated February 1987.
l f
h