ML20195G041
| ML20195G041 | |
| Person / Time | |
|---|---|
| Issue date: | 11/10/1998 |
| From: | Shirley Ann Jackson, The Chairman NRC COMMISSION (OCM) |
| To: | Seale R Advisory Committee on Reactor Safeguards |
| References | |
| NUDOCS 9811200168 | |
| Download: ML20195G041 (2) | |
Text
.. - -
/
UNITED STATES C/ ec b, gg i
NUCLEAR REGULATORY COMMISSION g
WASHINGTON, D.C. 20886-0001 November 10, 1998 gg l
Dr. Robert L. Seale, Chairman l
Advisory Committee on Reactor Safeguards U.S. Nucioar Regulatory Commission i
Washington, D.C. 20555 i
SUBJECT:
IMPACT OF PROBABILISTIC RISK ASSESSMENT RESULTS AND INSIGHTS ON THE REGULATORY SYSTEM j
Dear Or,
Seale:
In your letter of September 30,1998 (" Impact of Probabilistic Risk Assessment [PRA] Results and insights on the Regulatory System"), the Advisory Committee on Reactor Safeguards l
(ACRS) provided some clear perspectives on how PRA can be used for improvements to the Nuclear Regulatory Commission's regulatory system. I agree that combining the erengths of PRA and defense in-depth should lead to better informed decisionmaking and regWry coherence. I want to thank you for thost. perspectives on key issues facing the agency and to l
note how the s'aff is addressing these issues.
Your letter identified five specific areas in which PRA has improved the regulatory system and discussed the more general topic of making the transition to risk-informed regulation. The areas your letter identified for future improvements are (1) the oversight process, (2) the
- 10 CFR 50.59 process, (3) fire protection, (4) prioritization of research needs, and (5) the l
l assessment of changes in post-Three Mile Island (TMI) requirements. Your letter identified l
three policy issues to be decided: whether risk or surrogate risk measures (e.g., core damage L
frequency) should be used in making decisions using PRA, whether to allow credit for licensee voluntary actions, and whether to expedite the revision of 10 CFR 50.12 to allow the use of risk j
l
- insights as a basis for exemptions. With respect to PRA development, your letter indicated that 1
l a good understanding of risk was needed in such areas as low power and shutdown operations, l
fire protection systems, software-based digital systems, and measures of safety culture, i
Almost all these topics are presently being addressed by the staff. There are two exceptions to this general conclusion: assessment of post-TMI changes and PRA development with respect to measures of safety culture. With respect to the former, the staff does not plan to target the TMI action items specifically as candidates for risk-informed regulatory action. Candidates for l
risk-informed 'nitiatives will most likely be identified as a result of operational a tperience or staff and industry initiatives, and thus could be related to any section of Part 50. In ene ral, priority will be given to those candidates which most enhance safety decisionmaking ano Tr, duce regulatory burden. To the extent that TMi action items meet these criteria, such as the NEl Whole Plant Study Task 0 item related to hydrogen monitoring, the staff plans to deal with them L
in a manner commensurate with their significance. With respect to the latter, the Commission directed that research in this area be terminated in FY 1998, consistent with its decision that the staff should not be directly assessing licens3e marmement pedormance. Finally, with respect 60001 L
3 vN 9811200158 981110 uF Os, a I
POR COMMS NRCC CORRESPONDENCE PDR
(
2-to assessing risk under low power and shutdown conditions, the funding in FY2000 and 2001 for this work has been recently reduced from what was previously planned, due to resource constraints. Accordingly, the scope of this study is being reassessed in light of currently planned resources, All these topics will be the subjects of future ACRS meetings, so the Committee will have opportunities to discuss them in more detail with the staff. I look forward to learning more of your observations and conclusions on these topics.
Sincerely, l
l - C_-
\\
UNITED STATES
- 8 NUCLEAR REGULATORY COMMISSION o
ADVlsORY COMMITTEE ON REACTOR SAFEGUARDS 8
WASHINGTON. D. C. 20586 September 30,1998 The Honorable Shirley Ann Jackson Chairman U.S. Nuclear Regulatory Commission Washington, D.C. 20555-0001
Dear Chairman Jackson:
SUBJECT:
IMPACT OF PROBABILISTIC RISK ASSESSMENT RESULTS AND INSIGHTS ON THE REGULATORY SYSTEM During the 455th and 456th meetings of the Advisory Committee on Reactor Safeguards, September 2 4 and September 30-October 2,1998, we met with representatives of the NRC
- staff and the Nuclear Energy institute to discuss the issues in the Staff Requirements Memorandum (SRM) dated April 20,1998. In the SRM, the Commission requested the ACRS to identify situation-specific cases where probabilistic risk assessment (PRA) results and insights have improved the existing regulatory system and specific areas where PRA can have a positive impact on the regulatory system. Our Subcommittee on Reliability and Probabilistic Risk Assessment met on August 26,1998, to discuss these issues. We also had the benefit of the documents referenced.
General Observationa in the past the NRC has utilized qualitative evaluations of risk, based on engineering judgment and experience, to carry out its mission to protect public health and safety. Uncertainties in the qualitative evaluations of risk have been addressed by adopting greater conservatism. Such qualitative esaluations of risk do not permit the most effective allocation of resources by licensees or the NRC. The traditional engineering analyses do not permit the examination of complex engineering systems like nuclear power plants in a detailed, integrated manner.
Instead, safety analyses have been performed out of necessity on a subsystem-by-subsystem or even on a component-by-component basis. Interactions among systems and the unanticipated responses of multiple systems to unexpected situations can result in higher than expected risk even when each system or component meets all the regulatory requirements.
Examples include the interfacing-systems loss of-coolant accident that was identified by the Reactor Safety Study (WASH-1400) and the recent accident sequence, initiated by fire, identified by the Individual Plant Examination of Extemal Events (IPEEE) for the Quad Cities Nuclear Power Plant.
- The NRC has recognized the limitations of traditional engineering analyses and has pioneered the development of the quantitative risk assessment of nuclear power plants, namely, PRA U
A V
d q
5 8
e
&&h 0
e
~~
e
~
2 methodology. PRA builds upon traditional engineering analyses to develop quantitative assessments of risk. In fact, it is the only means for quantitative determination of risk. PRA I
methodoiogy examines safety systems and their interactions in an integrated, comprehensive manner. It is scrutable in that engineering judgments are quantified. It yields quantnmive measures of risk significance for individual systems, structures, and components (SSCs) that can provide a basis for a more efficient allocation of resources by licensees and the NRC.
Although uncertainties are present in any type of analysi., many of the uncertainties can be s
quantified in PRA and this quantification should be used to constrain conservatism. Risk to the public can be expressed in terms comparable with other risks and objective definitions can be developed for the NRC's mission goal of preventing ' undue risk."
The principal strengths of the current regulatory system are its caution ("what if we are wrongT) and the resuiting development of the principle of defense-in depth as well as its large experience base. The principal weakness is its inability to quantify the risk significance of J
SSCs.
The principal strengths of PRA are the quantification of risk and the identification and ranking of the major accident sequences and risk-significant SSCs. The principal weakness is incompleteness, i.e., the inability to identify all potential threats to the system and to develop adequate models for some identified threats.
The principle of defense-in-depth and PRA can complement each other well. When the uncertainties in the PRA are too large for regulatory decisionmaking (especially due to incompleteness), the principle of defense-in-depth can be invoked to deal with these uncertainties. Although this may appear obvious, it should be emphasized because.it is too often ignored. The strengths and limitations of both the current system and PRA must be evaluated when a new regulatory application is contemplated. We believe that combining the strengths of PRA and defense-in-depth will lead to better-informed decisionmaking and improved regulatory coherence. We anticipate that it will also lead to greater regulatory efficiency and reduction of unnecessary burden on both licensees and the NRC staff.
Past and Current Imnrovements in the Reaulatorv System l
l Some specific examples where PRA has improved (or is expected to improve) the current regulatory system are:
1.
The Anticipated Transients Without Scram (ATWS) Rule. PRA identified the importance of ATWS and provided the technical basis for regulatory action.
2.
The Station Blackout (SBO) Rule. PRA identified the significance of SBO and provided the technical basis for regulatory action. PRA permitted the assessment of the risk from SBO on the basis of plant-specific configuration, as weII as plant specific grid, switchyard, and weather characteristics. It permitted evaluation of the cost effectiveness of attemative improvements, thereby leading to more efficient allocation of j
resources. This illustrates one of the strengths that PRA brings to the regulatory process.
1 I
i j-3 l
{
3.
Generic Safety Issue Prioritization and Resolution. Using PRA criteria, the original list of j
about 700 generic safety issues was reduced to about 200, thereby focusing NRC resources on the most important issues.
l 4.
Advanced Reactor Design Certifications (ABWR., AP600, CE System 80+). PRA i
allowed the staff and each vendor to focus on the design issues important to safety, thereby leading to substantial reduction in risk for these designs.
5.
Ucensing Amendments. The recently issued regulatory guides allow the use of risk information in requests for changes in the technical specifications, inservice testing, and quality assurance requirements (the inservice inspection regulatory guide is still under consideration). The principal benefits are expacted to be improved safety and efficient l
allocation of resources. Graded quality assurance provides an example where, even though the impact of quality assurance requirements on PRA is unquantified, one can still derive insights regarding the importance of SSCs from PRAs.
1 Future Imorovements of the Reaulatory System 1.
Oversight Process. There is a widespread belief within the industry that the current j
inspection and enforcement processes are overly prescriptive and burdensome. Plant-i specific risk information can and should be used to focus regulatory and licensee attention. Enforcement actions, too, should be graded in terms of risk significance.
d
(
l 2.
10 CFR 50.59 Process. The strength of the current process is that it ensures that changes made without prior NRC approval do not constitute an unreviewed safety I
question in accordance with the Final Safety Analysis Report (FSAR) which is the basis j
for licensing the facility. The major weakness is that the process refers to changes in probabilities ihat cannot be calculated using traditional deterministic methods.
Furthermore, the Commission recently directed the staff to define ' minimal * (,hanges to ensure that such changes are sufficiently small that NRC review is not required. The quantification of frequencies of events, one of the strengths of PRA, provides the context within which contemplated changes can be declared " minimal." At the same time, one of the weaknesses of PRA is its insensitivity to very small changes in plant configuration and procedures. We, therefore, expect that a revised 10 CFR 50.59 process will retain parts of the " deterministic
- criteria that the current process employs.
3.
Fire Protection. The recent discovery of a major accident sequence, initiated by fire, identified by the IPEEE at Quad Cities demonstrated the limitations of the existing fire protection regulations. A revision of 10 CFR 50, Appendix R to include risk information would reduce the likelihood that such cases would reoccur. Such a revision would, of course, have to take into account the limitations of current fire risk assessment methodology (e.g., the lack of models for assessing the impact of smoke) and would rely on defense-in-depth. PRA would also be usefulin the prioritization of inspections of fire barrier penetration seals that have been of concem recently, thereby avoiding the waste of resources on insignificant issues.
i,'
,~
j 4
i 4.
Prioritization of Research Needs. In an era of diminishing budgets, it is no longer sufficient to rely primarily on judgment to prioritize research. ;~he principal criterion for l
prioritizing research needs should be their expected contribution to risk-informed j
regulatory decisions.
1 j
5.
Assessmerit of Changes in Post Three Mile Island Requirements. Many requirements i
were imposed in the immediate aftermath of the accident at Three Mile Island Unit 2.
These changes did not have the benefit of significant input from PRA, which was a j
j
' developing technology at the time. The risk importance of these requirements should be j
evaluated. Based on these evaluations, the requirements may be changed or i
eliminated.
i j
Transition to Risk-informed Regulation i
j The transition to a risk informed regulatory frameworic will be incremental. Many of the present j
. regulations are based on deterministic and prescriptive requirements that cannot be quickly replaced. Therefore, the current requirements will have to be maintained while risk-informed t
regulations are being developed and implemented. Furthermore, we expect that a number of l
licensees wi!', for a variety of reasons, be unwilling to embrace a new regulatory system.
.Therefore, the NRC should be prepared to accommodate a two-tier system, i.e., a modified version of the current regulatory process and a risk-informed system. This situation will prevail l
' for a number of years and may create circumstances that should be addressed by the Commission. We have already seen such circumstances in recent requests for BWR power j
uprates. Even though licensee use of Regulatory Guide 1.174 is ' voluntary, questions were raised about the acceptability of the change in core damage frequency associated with power uprates. Although in this case the licensees voluntarily submitted the relevant information, conflicts might arise in the future.
Although we recognize that it will be necessary to maintain many of the current requirements during the transition, we strongly support the efforts of the staff to develop options to revise 10 CFR Part 50 to make it more risk informed. We believe that, as a minimum, revisions must be made to permit effective implementation of the initiatives associated with Regulatory Guide 1.174.
An example of the need for regulatory harmonization is the attempt to apply the recently issued Regulatory Guide 1.176 on Graded Quality Assurance. This Regulatory Guide utilizes PRA importance measures to categorize SSCs according to their safety significance, industry representatives have stated that they expect that several thousand components, which are currently classified as safety-related, will be placed in the " low-safety significance" category, which indicates that quality assurance requirements on these components could be relaxed with little impact on safety. It is not clear whether, under the current regulations, this relaxation of requirements can be done under 10 CFR 50.59 or whether each request must be submitted to the staff for review and approval, in which case the potential benefits of graded quality assurance will be reduced significantly. We anticipate that similar cases will arise in the future.
To further the use of PRA in the regulatory process, we recommend that the Commission consider some policy decisions. First, determine whether risk itself or surrogate measures such
A*
5 a
j as core damage frequency are to be used in making decisions based on PRA. Second, direct j
the staff to allow credit for voluntary actions consistent with the Commission directive that risk l
assessments be as realistic as possible. Finally, we recommend that the Commission expedite the revision of 10 CFR 50.12 to allow the use of risk insights as a basis for exemptions to its 3
current regulations.
i The development of PRA technology should be continued. For example, a good understanding of risk is needed in the following areas: low-power and shutdown operations, fire protection systems, software-based digital systems, and measures of safety culture.
Sincerely,
/f a
R.L.Seale i
Chairman
~l References-1.
Memorandum dated April 20,1998, from John C. Hoyle, Secretary, NRC, to John T.
Larkins, Executive Director, ACRS,
Subject:
Staff Requirements - Meeting with the Advisory Committee on Reactor Safeguards, April 2,1998.
1
. 2.
Memorandum dated August 18,1998, from John C. Hoyle, Secretary, NRC, to L.
Joseph Callan, Executive Director for Operations, NRC, and Karen D. Cyr, General
- Counsel, NRC,
Subject:
Staff Requirements - Public Meeting on Stakeholder Concems, j
July 17,1998.
3.
Memorandum dated August 7,1998, from Shirley Ann Jackson, Chairman, NRC, to L.
- Joseph Callan, Executive Director for Operations, NRC,
Subject:
Responding to issues Raised within the Senate Authorization Context.
4.
Memorandum dated August 25,1998, from L. Joseph Callan, Executive Director for 4
Operations, NRC, to Shirley Ann Jackson, Chairman, NRC,
Subject:
Response to Issues Raised within the Senate Authorization Context and July 17,1998 Stakeholder Meeting.
I i
t 1
i
-S.
n -
i
-.-w-.
_.&4--,
--+-s,-.%
i m
w
-