ML20204G902
| ML20204G902 | |
| Person / Time | |
|---|---|
| Issue date: | 10/31/1984 |
| From: | NRC OFFICE OF NUCLEAR REGULATORY RESEARCH (RES) |
| To: | |
| References | |
| NUREG-1093, NUDOCS 8411090520 | |
| Download: ML20204G902 (101) | |
Text
-
NCREG-1093 Reliability and Risk Analysis Methods Research Plan U.S. Nuclear Regulatory Commission Office of Nuclear Regulatory Research pa accoq s #
9 h$$IOvklg20 e41032 1093 R ppg
'" ~ ' ' ~ ' ' ' ' ~ ' " ' ' '
" ~ ~
e NOTICE Availability of Reference Materials Cited in NRC Publications Most documents cited in NRC publications will be available from one of the following sources:
- 1. The NRC Public Document Room,1717 H Street, N.W.
Washington, DC 20555
- 2. The NRC/GPO Sales Program, U.S. Nuclear Regulatory Commission, Washington, DC 20555
- 3. The National Technical Information Service, Springfield, VA 22161 Although the listing that follows represents the majority of documents cited in NRC publications, it is not intended to be exhaustive.
Refmenced documents available for inspection and copying for a fee from the NRC Public Docu-ment Room include NRC correspondence and internal NRC memoranda; NRC Office of Inspection and Enforcement bulletins, circulars, information notices, inspection and investigation notices; Licensee Event Reports; vendor reports and correspondence; Commission papers; and applicant and licensee documents and correspondence.
The following oocuments in the NUREG series are available for purchase from the NRC/GPO Sales Program: formal NRC staff and contractor reports, NRC-sponsored conference proceedings, and NRC booklets and brochures. Also available are Regulatory Guides, NRC regulations in the Code of Federal Regulations, and Nuclear Regulatory Commission Issuances.
Documents available from the National Technical Information Service include NUREG series reports and technical reports prepared by other federal agencies and reports prepared by the Atomic Energy Commission, forerunner agency to the Nuclear Regulatory Commission.
Documents available from public and special technical libraries include all open literature items, such as books, journal and periodical articles, and transactions. Federal Register notices, federal and state legislation, and congressional reports can usually be obtained from these libraries.
Documents such as theses, dissertations, foreign reports and translations,and non NRC conference proceedings are available for purchase from the organization sponsoring the publication cited.
Single copies of NRC draft reports are available free, to the extent of supply, upon written request to the Division of Technical Information and Document Control, U.S. Nuclear Regulatory Com-mission, Washington, DC 20555.
Copies of industry codes and standards used in a substantive manner in the NRC regulatory process are maintained at the NRC Library, 7920 Norfolk Avenue, Bethesda, Maryland, and are available there for reference use by the public. Codes and standards are usually copyrighted and may be purchased from the originating organization or, if they are American National Standards, from the American National Standards Institute,1430 Broadway, New York, NY 10018.
GPO Printed copy price: $4.75
NUREG-1093 RG,1S s
Reliability and Risk Analysis Methods Research Plan
- ~
$ ate $uWsh ctd r1 Division of Risk Analysis and Operations Office of Nuclear Regulatory Research U.S. Nuclear Regulatory Commission Washington, D.C. 20666
,r==~,,
w_.... . . . .
Eoreword This document presents a plan for reliability and risk analysis methods research to be performed mainly by the Reactor Risk Branch (RRB), Division of Risk Anal-ysis and Operations (DRAO), Office of Nuclear Regulatory Research. It includes those activities of other DRA0 branches which are very closely related to those of the RRB. However, related or interfacing programs of other divisions, offices and organizations are merely indicated; the reader is referred to planning documents for those programs for further information.
This document was written to serve three purposes. Its primary use was envi-stoned as an internal NRC working document, covering about a 3 year period, to foster better coordination in reliability and risk analysis methods develop-ment between the offices of Nuclear Regulatory Research and Nuclear Reactor Regulation. As it took shape, its potential value as an information source and planning base for contractors began to manifest itself as a second purpose.
It is therefore hoped that NRC staff and contractors alike will benefit from these more clearly delineated objectives, needs, programmatic activities, and interfaces together with the overall logical structure within which these exist.
The plan is intended for periodic update and issuance. Following each issue by approximately six months will be a report describing activities and evalu-ating progress toward fulfilling needs and attaining objectives.
Publication of this plan will fulfill a third purpose in making visible to industry and interested individuals what our objectives are and how we are proceeding in this important area. Comments on this document are welcomed from all quarters. Comments should not be restricted to activities planned for the 3 year period covered; welcorte also are comments concerning omissions or what might be considered for the longer term. Please address comments directly to me.
Dr. Gary R. Burdick, Chief Reactor Risk Branch Division of Risk Analysis and Operations Office of Nuclear Regulatory Research Approved:
- r Frank P. GillespiE, Ofrector Division of Risk Analysis and Operations Office of Nuclear Regulatory Research l
u
y _
- 4. 4? V.-
4 s 8
t *
't.
- p <
TABLE OF CONTENTS '
c Page
- 1. .
1.6L Introduction .......... .......................................... 1 2.0 :0verview of Reliability and Risk Methods Research ................ :3 3.0? Risk Analysis Research Needs'(Issue 2) ........................... 6 3.1 ' Plant Systems An Qysis ...................................... 6 3.2 External Event Arialys i s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.3 H eden Rel i ab i l i ty Aca l y s i s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.4~ Data Collection and Analysis ................................ 15 3.5 Containment Analysis ........................................ 16 3.6 Consequence Analysis ........................................ 18 3.<7 Integration of, Analysis ..................................... 20 3.8 Risk Analysis Research Needs Summary ........................ 22 w
4.0 Research 5<
Needs.for Risk Reduction (Issue 3) ......................
23 4.1 Option Identification and Preliminary Screening ............. 23
~4.2 Detailed Option Evaluation .................................. 26 4.3 Cost-Benefit Assessment ..................................... 27 5.0 Research Needs'for Maintaining an Acceptable Risk Level (Issue 4) ........................................................ 29
.w 5.1 Reliability. Program Research ................................ 31 5.2 Technical-Specifications Program ............................ 32 5.3 -Inspection Effectiveness .................................... 34 5.4 Risk Limitation Effectiveness of Regulations Program ........ 34 6.0Research Plan .................................................... 36 6.1 -Introduction ................................................ 36 6.2 Research Plan for Risk Assessment Methods ................... 36 6.3 4Research Plan for Risk Reduction ............................ 69 6.4 Research Plan for Maintaining an Acceptable Risk Level ...... 77
,6.5 . Implementation. Schedule ..................................... 82
' 6. 6 Future Research ............................................. 89 x 6.7 Program Prioritization ...................................... 90 1
.. s 4
i-hL s t.
I L-b iii
c
' TABLE OF' CONTENTS (Continued)
LIST.0F TABLES PaHe
~
3-1 External Event Research Priorities ............................... 13
- 6-1 Research Programs and Needs ...................................... 39 6-2 RMIEP Task Deliverables .......................................... 42 3 Deliverables in chronological order .............................. 83 4 Criteria Definitions ............................................. 91 6-5 Attributes Determining Program Efficacy .......................... 92 4 t
P iv i
- i. . , __ . _ . . _ . . . . . _ _ _ _ , _ ...._ _ _ - _ . . _ . _ _.. ._ _
I TABLE OF CONTENTS (Continued)
LIST OF FIGURES Page 2-1 Basic Structure of Risk Analysis Research . . . . . . . . . . . . . . . . . . . . . . . . 5 3-1 Breakdown of Elements of PRA Covered in Research Plan ............ 7 3-2 Plant Systems Analysis ........................................... 8 3-3 Breakdown of Major External Events'............................... 12 3-4 Major Elements of Containment Analysis ........................... 17 3-5 Elements of Consequence Analysis ................................. 19 4-1 , Elements of Risk Reduction Research .............................. 24 5-1. El ements o f-- Ri sk Mai ntenance Research . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
'6-1.
Research Program Plan ............................................ 37 v
r Division of Risk Analysis and Operations Reliability and Risk Analysis Methods Research Plan 1.0 Introduction In recent years, applications of probabilistic risk analysis (PRA) to nuclear power plants have experienced increasing but cautious acceptance and use; particularly in addressing regulatory issues. This usage has spanned a broad range of applications including regulatory priorities, resolving generic issues, evaluating proposed regulation changes, judging plant safety, and identifying outlier plant characteristics. Current trends such as the safety goal evaluation, preparation of guidance for industry use in PRA, and the staff recommendation for a safety assurance program at the Indian Point plant foreshadow the potential for and even greater usage of PRA and its methods and insights within the regulatory process.
Significant strides have been made in PRA methods since the Reactor Safety Study (RSS) laid the foundation for the PRA activity that followed.
These include a more detailed breakdown of initiating events and better data on their probability of occurrence. Event tree analysis has become more proceduralized as well as more detailed. Fault tree methods have been better delineated. Human reliability methods have been better developed and a hand-book promulgated. Improved computer programs allow quantification of accident sequences more efficiently and accurately. Much more experimental evidence and improved codes now exist for core melt phenomenology and containment response. Improved codes also exist for offsite consequence analysis.
Under the auspices of the Institute of Electrical and Electronic Engineers (IEEE) and American Nuclear Society (ANS), wide peer review has been given to the methods now being used in risk analysis, and widely accepted methods were selected and published in the PRA Procedures Guide (NUREG/CR-2300). Prescrip-tive procedures have been developed and tested for the PRA analysis of plant systems and are delineated in the IREP Procedures Guide (NUREG/CR-2728).
Recently the NRC published a document that describes the current status of PRA as practiced in the nuclear regulatory process. The document is titled Probabilistic Risk Assessment (PRA) Reference Document (NUREG-1050, August 1984).
The document reviews the PRA studies that have been completed or are underway, discusses the levels of maturity of the methodologies used in a PRA and the associated uncertainties, lists the insights derived from PRAs, discusses the.
potential uses of-PRA results for regulatory purposes, and highlights areas where research could improve the utility of PRA information in regulation.
Although progress in the area of PRA development has'been notable, the increasingly broader use of PRA within the regulatory arena has highlighted the fact that there exists the need for continued improvement in PRA and the data base. This plan delineates those needs, describes efforts underway within the Division of Risk Analysis and Operations (DRA0) to fulfill them, 1
f L--- - . _
and discusses the relationship of these programs with programs elsewhere within the NRC, other government agencies, and the nuclear industry. The plan is
.restri cted.to the DRA0 programs that are d irected toward: (1) risk and reli-ability methodology development and data base;-(2) the application of these
- techniques to the assessment of reliability and risk of nuclear power plants and the need for. risk reduction; (3) the application of this methodology to assure that reliability and risk are maintained at acceptably low levels for
= nuclear power plants; and (4) regulatory support for the resolution of and decisionmaking process for current reactor safety issues.
Thus, this plan is intended to meet the following objectives:
- 1. :Id'entify fundamental agency regulatory needs' associated with the assessment of.the reliability and~ risk from nuclear power plants.
- 2. Develop a top down logic structure from regulatory needs to subordi-nate problem areas and needs.
- 3. Identify ongoing and planned research programs designed'to fulfill identified needs.
- 4. . Provide a framework within which PRA research can'be prioritized.
This is the first issuance of this document. Substantial effort has been
< expended to identify areas of regulatory need for research and to describe on-going and planned DRA0 research programs to resolve those needs. However, the timeframe basically is only through 1987. In the first revision to~this docu-
. ment, Section 6.6 (Future Research) will be expanded to provide'a more explicit
. discussion of research programs beyond 1987.
Toward this end', it is anticipated that formal and informal comments received on this document will not only help to improve this document and better focus research in the near term, but they will also help formulate a responsible program for the longer term.
Section.2.0 provides.an overview of the PRA research underway and planned within the Division of Risk Analysis and Operations. The "needs" being addressed by.the research are delineated in Section 3.0 (PRA needs), Sec-
-tion 4.0 (risk reduction needs),.and Section 5.0 (needs for maintaining an acceptable level of safety). The research plan addressing these needs is described in'Section 6.0.
t l
V -
2
2.0 Overview of Reliability and Risk Methods Research There are four fundamental questions facing the NRC:
(1) What constitutes acceptable risk from nuclear power plants?
(2) What is the risk from nuclear power plants?
(3) How could that. risk be reduced, if necessary?
(4) How can an acceptable level of risk be maintained over the lifetime of the plant?
The first question is addressed in the Commission's safety goal initiative (NUREG-0880,-Revision 1). The set of quantitative safety goal criteria are currently being evaluated for potential use in the regulatory process. How
" acceptable" risk is defined and how that definition is used in the regulatory process'is dependent, in part, on the capabilities of PRA in different appli-cations.
The Division of Risk Analysis,and Operations is supporting the Commission in the evaluation of the safety goal. The activities of DRA include conducting sensitivity studies, preparation of a PRA reference document (NUREG-1050),
performing trial regulatory analyses using ATWS and the hydrogen rule, and evaluating the use of the safety goal and PRA methods in research prioriti-zation. Alternate formulations of the safety goal are also being evaluated.
These efforts.are being done mainly by the staff with soma short term help from contractors. The majority of the work will be finished by early 1985.
Therefore, this plan describes research related to questions (2), (3), and (4).
PRA is.a necessary tool in answering the second question, whether that-question is answered via plant specific PRAs or on a generic basis via programs such'as the Severe Accident Research Program (SARP) (NUREG-0900).
When reduction in risk is found appropriate (question 3), PRA becomes a vital tool in'the risk reduction evaluation to measure the level of reduction achieved and as part of the value/ impact considerations.
In maintaining an acceptable level of risk (question 4), PRA is an impor-tant tool facilitating the appropriate allocation of resources to risk impor-tant systems and activities, and measuring the effect of the risk maintenance program. Resources being allocated could be those of a licensee as well as those.of the NRC.
Thus, PRA is a vital tool in addressing quantitatively all of these four fundamental questions. The ability of the NRC to address these questions is directly dependent upon the ability of the NRC to use PRA techniques and, of course, the acceptability and practicality of the PRA techniques themselves.
This Research' Plan has the overall objective of improving the NRC capability to utilize PRA in a credible manner. This capability of NRC to use PRA in the regulatory process depends upon several factors. Among these are:
3' E
-(1)'.the acceptability and practicality of'PRA methods in addressing plant specific and generic issues (2) the acceptability and practicality of methods for using PRA in evaluation of..the appropriateness of risk reduction optionc (3) :the acceptability!and practicality of methods for assuring that an
. acceptable level of risk is maintained throughout the life of'the plant.
As illustrated in Figure 2-1, the DRA0 PRA program plan is structured around this. framework.
- Both. acceptability and practicality are necessary attributes. Encompassed in the term acceptability implies methods that allow analysis to be done that is sufficiently-broad in scope to treat issues relevant to a regulatory decision and that the treatment of the issues will be judged appropriate by the relevant technical and policy-making community, The attribute of practicality implies that the resources required to perform the analysis, and the time required,
-are compatible with the regulatory process in which the analysis is being done.
There are additional research needs required to address questions 3 and 4.
In fact, the Severe Accident Research Program (SARP) is underway in response
-.to. question -3. Research programs in response to question 4 are also underway.
Some of-the'research needs and activities discussed herein are the responsibil-
.ity of organizations other than.DRA0. They are identified herein for purposes Jof discussing-the appropriate interfaces.
I h
4
f ..
1 Risk Analysis '
Research Develop Methods Develop Methods Develop Methods for Plant for for Maintaining Risk Analysis Risk Reduction Plant Safety Level l
l l
l, ll e
Figure 21 Basic Structure of Risk Analysis Research l
l s
e 5
3.0 Risk Analysis Research Needs This section delineates the research needs for PRA. It is structured using the analysis breakdown reflected in Figure 3-1. This breakdown reflects the major parts of a PRA. Each is explained briefly below.
Plant Systems Analysis - This encompasses that parc of the PRA that addresses the engineered systems from both the viewpoint of initiating accident sequences and their reliability in responding to initiating events. This includes both so-called independent failure and common-cause failures stemming from commonalities between components or systems.
External Event Analysis - This encompasses that part of the PRA which assesses the likelihood of occurrence of so-called external events (e.g., fire, seismic disturbance, flood), and the phenomenology necessary to determine the hazard presented to the components identified in the systems analysis.
Human Reliability Analysis - This encompasses that part of the PRA analysis which assesses the reliability of the human in light of their potential impact on the systems analysis. This includes human errors causing initiating events, human errors which occur during test and maintenance, and those made in respond-ing to the accident. initiators.
Data Collection and Analysis - This encompasses the collection and treat-ment of both generic and plant specific component, system, and common-cause data.
Containment Analysis - This encompasses the analysis of the core melt phenomenology leading to potential containment failure and the performance of the containment and containment systems under accident conditions, and the release of radioactive material to the atmosphere.
Offsite Consequence Analysis - This analysis encompasses the atmospheric and ground water dispersion of radioactive material, the evacuation of the nearby population, and the estimated cost and health effects of the accident.
Analysis Integration - This encompasses the interfacing and integration of the above tasks, uncertainty and sensitivity analysis, display of final results, and the placing in perspective of the PRA results. Within the PRA research plan, this task also encompasses trial uses and demonstration in an integrated PRA of the methods developed in the other parts of the research plan.
This section covers the research needs for the PRA per se and is divided into the elements identified in Figure 3-1; plant systems, external events, human reliability, data collection and analysis, containment analysis, offsite
. consequences and integration.
3.1 Plant Systems Analysis Plant systems analysis as used herein encompasses those tasks which center on evaluation of the plant engineered safety systems and necessary support systems. Figure 3-2 provides a breakdown of this part of the PRA. It is 6
L _.
Develop Methods for Risk Analysis .
l u
Plant External Human Offsite Systems Event Reliability Co ec lon Containment Analys.is Consequence Analysis Analysis Analysis A aly i Analysis
- Ana ysis Figure 3-1 Breakdown of Elements of PRA Covered in the Research Plan
Plant Systems Analysis I
I I I l Accident Plant Accident Plant Sequence Familiarization Sequence System Delineation Modeling Analysis
- o I I I Common Sequence Cut Set Development Quantification De neat'on Figure 3-2 Plant Systems Analysis
convenient to consider the analysis as having four basic parts; plant familiar-ization, accident sequence delineation, plant systems modeling, and accident L sequence analysis. Each is discussed below.
3.1.1 Plant Familiarization - This task encompasses the steps required to develop a familiarity with the plant and available information. This includes preliminary identification of initiating events, functions to be performed to mitigate each initiating event, plant systems required to perform these functions (front line systems), identification of systems supporting the front _line systems, developing success / failure criteria for each front line system, grouping the initiating events into classes according to common respond-ing system, and success / failure criteria.
These steps are commonly'used in PRA. Methods for applying them are delineated in published procedures guides. There-are, however, areas where
.research needs exist to make our current PRA capability more acceptable and practical _to use; this is in the area of system success / failure definition and-common-cause initiating events.
Success / Failure Criteria: Past PRAs have drawn from FSAR and other readily available sources to provide thermal-hydraulic response to accident conditions which are necessary to define the success / failure criteria for the systems intended to mitigate an initiating event. The FSARs and other non-PRA thermal-hydraulic modeling are often done by different organizations using
'different assumption's, which gives rise to inconsistencies in PRA analysis.
Thermal-hydraulic modeling is going on within NRC and the nuclear industry on many fronts. There-is not a current effort, however, hich will lead directly to the delineation of the scope and characteristics of the thermal-hydraulic modeling which should accompany PRA systems analysis. Thus, one PRA need can bE defined as:
(1) A delineation and demonstration of the scope and characteristics of the thermal-hydraulic modeling for defining success / failure criteria of mitigating systems in PRAs to be used in the regulatory process.
Special Initiating Events: (Common Cause Initiating Events) The Interim Reliability Evaluation Program (IREP) identified the importance of initiating events which both cause reactor trip and simultaneously degrade the reliabil-ity'of mitigating systems. However, the method used was limited to the treat-ment of single failures which could cause such initiating events. Multiple failure initiating events of.this type may be important to risk and have not been fully modeled in past PRAs. This PRA need is:
-(2) An integrated, evaluated, and demonstrated method for finding multiple failure initiating events which both cause reactor scram and degrade the reliability of mitigating systems.
3.1.2 Accident Sequence Delineation - Accident sequences to be analyzed in a PRA are delineated in_the form of event trees constructed for each initiating event group. Typically, both functional and system event trees are constructed.
The event tree structure reflects functional and system interrelationships and aspects of accident phenomenology which would affect core conditions, system operation, and/or accident consequences. Methods for constructing event trees 9
L
are published in existing procedures guides. The thermal hydraulic modeling needs described in Section 3.1.1 (Plant Familiarization) are directly applicable to' accident sequence delineation. No additional research needs have been identified to support accident delineation (i.e., event tree construction).
3.1.3 . Plant System Modeling: To perform a PRA, those systems identified in the' accident sequence delineation tasks as front line systems and support systems must be analyzed to estimate their unavailability and the principal
. contributors to this unavailability must be identified. Although this is a form of reliability analysis and has been practiced using different techniques for years, fault tree analysis has been found to be the method of choice in LWR PRAs. Although conceptually simple, difficulties arise in fault tree analysis in assuring. consistency among analysts and in assuring the size of the trees do not overwhelm the qualitative and quantitative analysis codes developed for use in PRAs. Modular logic models and similar techniques have been used to enhance consistency in fault tree modeling. The IREP Procedures Guide delineated modeling guidelines to limit modeling detail at the appropriate level. The modular logic models used in IREP are not developed to handle external event analysis and all common-cause potentials. Past PRAs have used separate models for external events and internal event initiators; as a result, questions have been' raised about the level of consistency between the two.
Thus, a PRA need is:
(3) Development of proceduralized, integrated plant system modeling techniques which are applicable to internal event, external event, and common cause analyses.
This modeling technique should be computer-aided to achieve efficiency,
-include a consistent naming scheme for components, systems, etc., should
.imlude criteria for limiting the resolution of modeling, resolving modeling feedback loops, and should include standardized component failure definitions.
Control system. failures which may lead to a continuum of failure states have not been modeled in a consistent manner in past PRAs. Fault tree anal-ysis is a binary modeling technique, and this limitation c 11d be important in control system modeling.- Control system failures can be important to risk.
For this reason, another PRA research need:
(4) To develop and integrate into a PRA a method for evaluating control system failures.
Accident Sequence Analysh : Accident Sequence Analysis encompasses that part of the analysis in which the event trees, data base, and fault trees are integrated to calculate sequence frequencies and to identify those combinations of events which contribute most to the accident sequence probabilities. For purpose _of this discussion, the accident sequence analysis has been broken down into three steps (see Figure 3-2); cut set development, common-cause delinea-tion, and sequence quantification. Cut set development encompasses the steps (usually computerized) for combining the fault trees and event trees to deter-mine sequence cut sets. The common-cause analysis identifies commonalities between elements of the cut sets, and the sequence quantification step uses component failure estimates and common-cause frequency estimates to determine accident sequence frequencies.
10
.Because of the complexities of the above steps and the large size of the models involved, this represents a stumbling block.in most PRAs. Furthermore, a complete common-cause analysis ~has never been done in a PRA. Thus, several
.research needs exist in this area. In general, they can be grouped into one generic need:
(5) To develop an integrated software package which will perform the accident sequence analysis for the range of initiators (external and internal) and be capable of handling the range of potential common-cause events.
This research need would be fulfilled by interfacing existing codes on cut set' development, common-cause analysis and external event hazard develop-ment. It would include guidelines for preparation of the logic models for computer input, investigation and development of better pruning techniques, and inclusion of models for time-dependent failures.
3.2 LExternal Event Analysis Accident initiators such as seismic events and in plant and ex plant fires and floods are among a special set of initiators referred to as "exter-nal events." Figure 3-3 displays the types of initiators within the scope of external events. Generally, these initiators have been excluded from inten-sive study in past PRAs because the modeling data required for their analyses were insufficiently developed, their hazard (frequency of exceeding certain levels) were very uncertain, or it was judged that the contribution to risk of the events was low. At present, however, methods for treating earthquake, and fire, have been developed or are being developed to a point that will allow
'significantly improved risk assessments for these external events. Table 3-1 shows the external events in their priority research classes. Class 1 events will be included in DRA0 PRA research activities. Class 2 events are provi-sional. depending on work by other RES divisions, while Class 3 events will not
.be studied as part of the current PRA research activities due to low priority and funding limitations. The research needs are summarized below.
3.2.1 Earthquakes
The Seismic Safety Margin Research Program (SSMRP) has developed methods, codes, and data for probabilistic assessment of earth-quake risk of a PWR. Additional work in FY 1984 will provide similar capa-bilities for. assessing a BWR. The activities are reflected in the seismic research plan. These methods have not been folded into a PRA, which includes internal. events and other' common-cause and external events. Further seismic risk methodological development is needed to better assess dependent failures, including structural collapse and instrumentation and control faults. Thus, a
-research need is:
(6) Development, integration, testing and demonstration of the seismic PRA methodology in a PRA which includes internal events, other external events, and other common-causes.
11 b
External Events I I I l l l Extreme Lightning Hazardous Misc.
Earthquake Fire Flood Hazard Wind Materials I I I I I I I I I Turbine Aircraft Internal
- External Internal' External Missiles
- Impact 1 I I I ssHe M Press re Fire Missile I
I I Control Over. Fire Missiles Corrosion Strps for Risk Analysis for all lowest Pressure Izv:1 blocks: ability 4 1. Hir:rd (Frequency of Occurence of Event) Analysis
- 2. Component Fragility and Vulnerability Analysis .
- lt la a Common practice (and is convenient) to treat these events together with external events, although these events occur inside the plant.
l I Figure 3-3 Breakdown of Major External Events
y Table 3-1 Extsrnal event research priorities Priority Class
~1. External Events Requiring PRA Treatment Earthquake Fire (Internal)
Flood
- 2. External Events Requiring Further Mechanistic Research Lightning Hazardous Materials (Corrosion)
- 3. External Events Having Low Risk by Virtue of Licensing Process Wind
- Fire.(External)
Hazardous Materials (except Corrosion)
Miscellaneous Hazards (Turbine Missiles, Aircraft)
Further' investigation into the risk contrib:', ion of metal frame buildings that are subject to failure under extreme wind may be warranted.
3.2.2- Fire: The development of improved methods for fire risk analysis and upgrading of the supporting data bases will be performed as part of the DRA0 Fire Risk Analysis (FIRA) Program. Improved methods will be developed for (a) selecting critical plant areas to be analyzed, (b) describing the fire hazard in the environment of selected components, and (c) analyzing fire detec-tion ~and suppression effects on the fire environment and selected components.
Data base enhancements include (a) updating existing fire frequency data,
_(b) developing a data base for transient fuel sources, and (c) improving the data base for fire detection and suppression. In a related fire protection research program, fire environment component failure data is being obtained.
The improved methods and data have not been applied as part of a PRA. Thus a
.research need is:
~
(7) Integration,_ test, and demonstration of improved fire PRA techniques in a PRA which includes internal events, other external events, and other common-causes.
3.2.3 Wind: Risk from wind, in general, falls under two broad categories; hurricane and tornadoes. Tornadoes are judged to represent low risk by virtue of the licensing process and thus falls in Priority Class 3. Hurricanes are important to plants sited within 100 miles of the Gulf or east coast and where 13 e
. safety systems are not protected by seismic category buildings. Some research at some future date may be desirable for addressing plants with metal buildings protecting systems important to safety. The contribution to risk from wind will be evaluated for the LaSalle Nuclear Power Station in RMIEP. (see 6.2.1).
However, no substantial research activities are planned for wind risk.
3.2.4 Flood
Flood risk stems from two sources; external flooding (e.g. , rivers), or internal flooding (e.g. , failed piping, overflowing accumu-lators). Internal flooding has been found important in the Oconee PRA. The appropriate methods for-assessing floods and folding them into a PRA have not been fully investigated. Thus, one research need is:
(8) To develop improved methods for assessing risk from internal floods.
External flood differs in principle from internal floods in the nature of what causes them. External flood frequency estimation is not a systems analysis task, but must be done statistically from historical data and hydrological modeling. Such statistical methods, suitable for use in PRA have not been developed. .Thus a second flooding need is:
(9) To assess available methods and, if necessary, develop statistical techniques suitable for use in PRA for estimating extreme floods.
3.2.5. Lightning
No research is currently planned. Future efforts are possible if.new information changes priorities.
3.2.6 Hazardous Materials: The need for further research in this area is being evaluated as this document goes to print.
3.2.7 Miscellaneous Hazards: No PRA research is currently planned. The areas of turbine missiles and aircraft impact appear to be sufficiently covered by current licensing practice.
3.3 Human Reliability Analysis Human Reliability' Analysis (HRA) encompasses identification of potential human errors associated with failure to restore equipment to operability following test and maintenance activities and in response to accident situa-
~tions. Human reliability analysis continues to be an area of minimal data, large uncertainties and major controversy. Several areas of research needs have been identified. A human factors program ,;1an (NUREG-0985) has been developed which includes human reliability research needs and programs.
Specific research needs are described below.
Current PRAs do not treat explicitly human errors stemming from misdiag-nosis of the accident. Such misdiagnosis played an important role in the TMI accident. These errors may stem from several factors such as instrumentation failures or plant accident conditions exceeding instrumentation limits or operator training limits. Diagnostic errors of this type have the potential for being important to risk, but have not yet been treated explicitly in a PRA. Thus, a research need'is:
14
, . , - , . - - - , ., - - - , ~ ,
v.
(10)' An integrated, evaluated, and demonstrated PRA methodology for evaluating diagnostic errors stemming from plant accident conditions exceeding instrumentation limits or operator training limits or
-stemming from instrumentation failures.
Current human reliability analysis needs improvement in several other areas to improve both acceptability and practicality. Several specific research needs have been identified. Programs are already underway to: develop computer-ized simulation models for maintenance tasks, acquire and apply an improved human error data base, and improve methods.for integrating the HRA techniques into PRAs. These programs reflect current research needs in HRA. Additional HRA research needs thus are:
(11) Computerized' simulation modeling of selected operations and mainte-
- nance tasks in nuclear power plants.
(12) -Methods for acquiring and storing human error probability data com-puter simulation sources; and HRA techniques focusing on cognitive, performance shaping and interdependent aspects of human behavior for use'in PRAs.
(13) ~ Improved methods for integrating HRA techniques into PRA and methods for systematically applying HRA/PRA results to resolve human factors related issues of immediate and potential concern to the NRC and industry.
(14) Investigation of the practicality, acceptability, and usefulness of a voluntary, anonymous, non punitive, third party managed human error Nuclear Power Safety Reporting System to acquire human error information. -
Recovery-actions by plant personnel are discussed in Section 3.6.2.
3.4 Data Collection and Analysis
. Data collection and ar.alysis encompasses development of a data base for quantifying faults appearing in the fault trees of a PRA. This may take the form of generic data reflecting industry-wide data spreads or it may take the form of-plant specific data developed from plant logs or other plant data
- sources. The data may reflect single component failure rates, common-cause coupling frequencies, or precursor information. These data may also reflect normal operating environments (design bases) or harsh environments. The current data base used in IREP is the RSS data base with only modest changes.
This data base-is now outdated. Thus, one need is:
(15) -To establish a complete and detailed updated data base for faults important to PRA and for root-causes contributing to those faults.
Current PRAs have not adequately included all multiple failures which are reported'in the LERs. This stems from the lack of a compilation of these multiple failures (called precursors). Thus, another research need is:
15 e
(16) To. survey and analyze LWR LERs for identifying multiple failures (precursors) and, based on the results, to estimate the frequency of different types of precursor for use in PRA.
The generic data base being used on most current PRAs reflects failure rates of components under design bases conditions. Some components may be called upon during core melt accidents to operate under environmental condi-tions beyond their design bases under which case f ailure rates might be larger.
~
This implies our current PRAs may be underestimating some component failure probabilities. . No failure data base exists covering LWR components subjected to these harsh environments. Also, past PRAs have been difficult to interpret and use by owners and regulators alike. One reason for this difficulty seems to be that the studies were not carried beyond the component failure modes to an analysis of root causes for those failure modes. With root cause information included, owners could use PRAs effectively in their reliability programs.
Inspectors might also find PRAs useful in allocation of limited inspection resources. Thus, one research need is:
(17) To develop a failure data base for components subjected to harsh environments (beyond design oases) and other root causes for component failure modes.
3.5 Containment Analysis Containment analysis as used herein encompasses that part of the PRA which predicts the progression of core melt accidents and associated physical processes and the radionuclide releases to the environment. This section has been divided into thermal-hydraulic effects, containment structural response and fission product transport as shown in Figure 3-4. Containment analysis has progressed significantly since the RSS. However, major uncertainties continue to exist which have a significant affect on risk predictions. Improved tools, models, and data are needed (partially to reduce uncertainties) to develop an integrated capability to perform sensitivity and uncertainty analysis, and to exercise those tools and capabilities to identify dominant contributor to both risk and uncertainty and to assist setting research priorities for further research in phenomenological areas.
3.5.1 Thermal-Hydraulic Effects - The principal research needs of in-containment thermal-hydraulic analysis relate to identifying and reducing important uncertainties. The present computer codes used for containment analysis in risk studies (MARCH 1.1/ MARCH 2, CORRAL / MATADOR) have twu asso-ciated types of uncertainties. One type results from lack of physical data on particular subjects; the second results from oversimplistic or nonexistent models within-the codes and the sometimes opaque or questionable linkage among models. The research effort also has two parts--one for identifying areas where improved data are needed and a second for the improvement of modeling methods.
Using results from PRA analyses, priorities for experimental information and/or verified analytical models to reduce important uncertainties will be identified. Priority in-containment thermal-hydraulic issues include molten core interactions in the reactor cavity, time-dependent hydrogen and steam release rates to containment.
16
t' i
1 4
Containment Analysis Thermal Hydraulic Fission Product Effects Transport
! Containment Structural
[ Response l
t l
l
! Figure 34 Major Elements of Containment Analysie
{:
i I
1 17
r Deficiencies have been identified in the current risk assessment codes (MARCH, MATADOR, CRAC), such as inadequate representations of important phenomena and_ plant features and undesirable coding characteristics. Thus, a new integrated package of risk codes to replace the existing codes is needed
'to achieve consistent treatments of those phenomena that are essential to the characterization of severe LWR accidents, will permit the quantitative analysis of severe accident consequences and associated uncertainties, and will have a structure that is readily amenable to the incorporation of new models based on ongoing research programs.
3.5.2 Containment Structural Response - Current RES programs on contain-ment structural response are basically in two areas: (1) study of modes of failure (leak, rupture, etc.) and the ultimate capacity of the containments, and (2) study of the magnitude of internal pressures inside containments under severe accident conditions. The Accident Source Term Program Office (ASTP0) is currently conducting a study to collect state-of-the-art information on the above two elements, primarily through independent calculations by experts, and to combine these to estimate containment failure probabilities under severe accidents. Results of the ASTP0 study'will be updated as more research results are available.
3.5.3 Fission Product Transport - Research needs for PRA purposes may be divided in the same way as was done in Section 3.2.1. The prioritization of data needs would be performed in the same way. Examples of important data needs include radionuclide release rates from fuel and extent of radionuclide retention in the reactor coolant system.
As discussed in Section 3.5.1, the need for improved PRA models is also an important aspect of the overall PRA research program. Modeling areas include:
release from degraded core materials, production of aerosnis, transport and deposition in RCS, transport and deposition.in containment, deposition in leakage paths from containment, and source terms to environment. Thus, two research needs in this area are:
(18) To identify data needs which can be used as an aid in setting priorities for the phenomenological experimental programs.
(19) To develop an integrated package of risk codes (MELCOR) to replace
.the existing codes to achieve consistent treatments of those phe-nomena that are essential to the characterization of severe LWR accidents and will permit the quantitative analysis of severe acci-dent consequences and associated uncertainties, and will have a structure that is readily amenable to the incorporation of new models based on ongoing research programs.
3.6 Consequence Analysis Consequence analysis as defined here includes the mechanisms for transport, dispersal, and deposition of radioactive material released from the plant during an accident, and the resultant health effects, property damage and costs. Research needs in this area are categorized by the different aspects '
of this analysis: transport modeling needs, health effects modeling needs, and economic effects modeling needs as shown in Figure 3-5. Among and within 18 i
l l
l l
I l l l t
l Consequence l
Analysis l
l i
I Meteorological Health Economic Effects Effects impact l
l i
l Figure 3-5 Elements of Consequence Analysis l
l L
l
[
l 19 l
I l
l l
these categories, important data needs continue to be identified and i.nclude more accurate wet and dry deposition models for particles, ef fectiveness and extent of use of mitigative actions by the exposed public (e.g., sheltering),
improved dose effectiveness models, and improved economic models and data bases. Additionally improved models and capability for quantitative uncertainty analysis, better documentation and testing, are needed. Many of these needs are being addressed in the development of MELCOR.
Improved capabilities to model ex plant consequences will also provide NRR with more, defensible calculational methods for evaluating the consequences of Class 9 accidents in environmental impact analyses. These capabilities are also useful for evaluating siting and emergency requirements, and Commission Safety Goals. Specific research needs in this area are:
(20) Evaluation of the implications of revised source terms on emergency planning regulations and the NRC safety goals.
(21) Investigation of the dosimetry and health effects of the deposition of beta emitters on exposed skin during a severe accident.
(22) Investigation of the potential for near-field (onsite) deposition of radioactive material discharged to the atmosphere with large amounts of water vapor.
(23) Development of better models for atmospheric scrubbing by rainfall, which is associated with high consequence estimates.
3.7 Integration of Analysis Integration of analysis encompasses not only interfacing tasks between the preceding analysis, but issues of scope and recovery. It is also within this area that needs for trial use and demonstration of the preceding analyses described are addressed. For convenience, the discussion is divided into four sections: (1) scope, (2) recovery, (3) uncertainty and sensitivity, and (4) trial use, demonstration and integration.
3.7.1 Scope - Adequacy of completeness has been raised in two additional (not previously discussed) areas; namely, pressurized thermal shock (PTS) and cold shutdown. Pressurized thermal shock is being resolved through a proposed rule (10 CFR 50.61) and a complementary significant research effort. Plant specific probabilistic analyses of PTS and proposed corrective measures will be required in the proposed rule for plants projected to exceed a screening criterion on nil-ductility transition temperature. Guidance and acceptance criteria are needed for the proposed corrective measures. Thus, a research need is:
(24) To confirm the technical bases for the screening criterion; to devel-op methods for estimating the likelihood of a vessel through-wall crack; to idtatify important sequences, operator and control actions, and uncertainties; and to compare the effectiveness of corrective measures for PTS.
20
Except for the relatively narrow scope analyses that address PTS, current PRAs have concentrated on risk under full power operations on the argument that it is this operating mode that represents the greatest risk to the public.
This assumption has not been fully investigated, and questions continue to be raised, particularly by the ACRS, about risk from other operating modes, particularly cold shutdown. Some investigations are underway to investigate cold shutdown. These investigations have not been integrated into a PRA to allow comparison between non-full power and full power risk. One PRA research need is:
(25) An analysis of non-full power risk from LWRs which is integrated with the full power internal and external analysis allowing direct risk comparisons and also providing recommendations on scope and methods of non-full power analysis which could be incorporated in perspective PRA procedures for regulatory use.
3.7.2 Recovery - Recovery actions performed by plant personnel in response to accident conditions have played an important role in preventing core melt accidents. Some of these, such as occurred in the Browns Ferry fire, repre-sented actions outside written procedures. Modeling of such actions in a PRA is complicated by the fact that recovery actions are accident-sequence-dependent, sometimes cut set dependent, and several recovery alternatives often exist.
Nevertheless, some recovery models have been used in PRAs or are under development.
A research need which has been identified is:
(26) An integrated, evaluated and demonstrated PRA methodology for more thorough analysis of recovery actions under accident conditions.
3.7.3 Uncertainty and Sensitivity Analysis - The importance of understand-ing the uncertainties in PRA analysis, particularly parameter-estimate and modeling uncertainties, has been recognized since early reviews of the RSS.
Programs within the NRC and industry address this issue. Recent industry studies have attempted to integrate the uncertainties in a PRA by folding together modeling unknowns, analyst judgments, and data-based statistical uncertainties using Bayesian techniques, but with little use of sensitivity analysis. There continues to be needed a widely-accepted method to assess and distinguish between modeling unknowns and parameter uncertainties both data-based and non-data-based. This research need can be described as:
(27) An integrated, evaluated and demonstrated method for using both uncertainty and sensitivity analysis to assess and display uncertainties arising from both modeling and data which appropriately distinguishes between the two.
3.7.4 Trial Use, Demonstration and Integration - The IREP experience has demonstrated that to fully test new PRA methodologies for their strengths and weaknesses requires their trial application in actual reliability and risk analyses of specific plants. It is only in this environment that the various elements can be integrated and tested for accuracy and practicality. The methods and data development efforts discussed in the foregoing section of this plan must be integrated and tested. Such an effort would have many objec-tives, the major ones being:
21
7
) -
y D
'(1) Test and demonstration of-new and improved methods and data; 1
y.
L(2) Integration of external event analysis ~withithe. system reliability
-analysis;'
, .(3)$l Identification, estimation'ofthemagnitudeandpropagatio'nof
< -uncertainties;.
-(4)L; Development of improved procedures for conductinc an analysis in a
' . timely manner,;and
^
-(5) _ Rec'ommendations'and prio'ritization of. regulatory and research activ-
-ities-related to PRA based'on firsthand experience in conducting 4
detailed and complete-risk analysisi n
This leads to a research need which can be summarized as follows:
(28)1--To integrate and evaluate new individual PRA' methods, expanding the
'^
scope of- PRA' to_ achieve a. higher degree of completeness in evaluat-ning' risk,.and.to expand the PRA information base.
3.8 Risk. Analysis Research Needs Summary Twenty-eight research' needs have been' identified in the preceding section.
They are listed below by subject matter for ready reference.
(1) Thermal-Hy'draulic Modeling (2); SpecialEInitiating Events (3) -Integrated Plant. System Modeling Techniques (4) ' Control System Failure Analysis (5) -Integrated Software Package
~(6)L Integration of Seismic PRA Methodology l(7) Integration of: Fire-PRA Methodology
^
-(8)1 Improve Method for Internal Floods (9)? Statistical Techniques for Estimating Extreme Floods (10) Diagnostic Error-Estimation (11) ; Simulation.Modeling for Maintenance Tasks; (12) LImproved Methods for Application of Human Error Probabilities (13)_ Integration of HRA Techniques-into PRA c(14) -Human _ Error Reporting.
(15)_-Updated. Component Data Base l' .(16) -Precursor Studies (17) cHarsh Environment and Root Cause Data 1(18) LPhenomenological Data Needs (19) -Integrated *RiskDCode.
(20) Evaluation.of' Revised Source Terms
-(21) Beta Emitter Investigation i(22):. Deposition of Wet Plumes (23)- Atmospheric Scrubbing Models
~(24) Pressurized Thermal Shock Probabilistic Analysis (25) Evaluation of Non-Full-Power Risk (26). Improved Recovery Modeling
- -(27) Integration-of Uncertainty and Sensitivity Analysis
- _(28) Integration and Demonstration of New PRA Methods 3-t-
/' 22 L
h w
-4.0 Research Needs for Risk Reduction (Issue 3)
- The purpose of this:section is to discuss the research needs and activ-ities'of Issue 3, "How should plant risk be reduced if needed?" A breakdown of
- this area is shown in Figure 4-1. Each of the principal activities shown in this' figure will.be described briefly in this section; the following sections
.will provide additional detail.
Option Identification and Preliminary Screening For any nuclear plant, countless changes to the plant's design or operating characteristics can be postulated which could serve to reduce the risk of that plant. The activity of option identification has two basic parts: (1) provide a survey of such
- possible changes; and (2) provide a first qualitative or semi quantitative
' screen, separating the more promising options from the large numbers of less attractive options. Since this is a relatively straightforward process, no research needs have been identified in this activity.
Detailed Option Evaluation - Once the possible plant changes have been subjected-to a first screening, a more detailed evaluation of the remaining options can begin. This activity has several parts: (1) compiling a detailed data base of PRA information for the plants or plant types of interest; (2) identifying and quantifying how a possible change would update the data base; (3) evaluating the associated benefits in areas not treated probabilisti-cally1(e.g., improved sabotage protection, enhanced " defense-in-depth"); and (4) evaluating the cost (and its components) of the change. Research needs
~ identified for this activity include the development of improved methods for consistently extrapolating from the availcble PRA data to other accident
~
sequences and plant types, for combination of uncertainties, and for consistent and appropriate consideration of the non quantifiable aspects of possible changes.
Cost-Benefit Assessment - The terms value/ impact assessment and cost /
benefit assessment are often used interchangeably. Value impact is less
. restrictive since it includes unquantifiable factors in the assessment, removing the misconception that.all factors have to be reduced to terms in dollars. Value/ impact assessment is a methodology to ensure that NRC regula-tory decisions are based on adequate information concerning the need for and -
consequences of a proposed regulatory action. This activity consists of two steps: (1) separating the values and impacts into component terms, assessing the effect of proposed NRC actions on each term, quantify the effects in mone-tary terms and sum the net benefit, and (2) display the values (benefits) and impacts (costs) in a useful format for regulatory decisionmaking.
4.1 Option Identification and Preliminary Screening The literature of the nuclear industry contains many reports on means to reduce the risk from LWRs. These documents discuss means for preventing severe core damage accidents, by reducing the frequency of initiating events or by improving the emergency systems for protecting the core. Many also discuss additional means for mitigating core damage accidents, such as filtered-vents, improving the reliability of existing systems such as containment sprays, etc.
Since TMI, an additional concept--accident management--has been discussed.
This concept relates to the optimization of the use of existing plant equipment during an accident by improved operator training, etc.
23
i
\
l Risk Reduction Option D Identification and O in Cost-Benefit Evaluation Assessment Sc e jn Change in Change Accident Sequence in Cost Likelihood Consequences t
Figure 4-1 Elements of Risk Reduction Research l
l l
l l
24
-- - - w----
-w--,-r- ,, , - - , - - - + - ,
_, , -,--o ,-- - -n-----,-- y ,,w
The first task of the work in this section is a broad survey of the nuclear literature to characterize the range of suggested plant options to reduce risk. Such surveys have been performed a number of times. Perhaps the most notable published survey was performed in 1978; this was NRC's report to Congress on improved reactor safety, NUREG-0438.
Following'such surveys, the second principal step of this section is a 1 preliminary screening of suggested changes to provide a manageable set for further evaluation. This can be done either qualitatively (as was the case in NUREG-0438) or semi quantitatively. The latter can be accomplished by perform-ing calculations which maximize the risk reduction benefit (i.e., assuming that the proposed change reduces to a probability of zero its associated failure mode, consequence, etc.). It should be noted that, in order to perform this first' quantitative screening, the assembly of an initial PRA data base is required. For the plant (s) of interest, the data required at this level con-sist of the list of important sequences and the functional failures and successes, likelihood, and consequences of each. With this data and a preliminary evaluation of possible nonquantitative benefits (e.g., inherent sabotage protection), the list of changes to be assessed in detail can be narrowed to a more tractable size.
The proposed NRC Severe Accident Policy Statement states that the existing plants pose no undue risk to public health, safety and property given what we know about them and provided that certain activities go on. In support of this statement, ongoing nuclear safety programs such as the Accident Sequence Evaluation Program (ASEP) and the Severe Accident Risk Reduction Program (SARRP) are being conducted to provide additional assu"ance that this is so.
ASEP is'identif;!ng and describing the dominant accident sequences and their likelihoods and^SARRP determines the consequence and risk and performs value/ impact ~ assessment for risk reduction, if necessary. The ASEP research consists of compiling and analyzing current PRA findings, special safety studies, post THI fixes and operating experience to' develop updated insights on sequence likelihood. ASEP will use these insights as an inference base for performing generic reliability analyses to determine the safety characteristics and generic accident sequence information of all the operating and near-term operating plants. ASEP is providing the NRC policymaking process and research and licensing applications with results including: (1) generic groups of LWRs; (2) generic accident sequences; (3) insights on sequence likelihoods, their uncertainties, and dominant factors that drive the sequence likelihoods; (4) LWR event tree and fault tree models; (5) identification of inconsistencies in PRA estimates of accident likelihoods and system unavailabilities with precursor experience; (6) safety prioritilation of LWRs based on their relative core melt frequency to support the ISAP program; (7) establishment of a computer-ized data base on generic accident sequcnce delineation and; (8) codification of the event tree and fault tree models for licensing applications. In summary, -
these activities satisfy the basic need to:
(29) Identify and describe dominant accident sequences.
The tasks described in this section use established, relatively straight-forward methods. No additional methods development is anticipated in this area.
25
4.2 Detailed Option Evaluation The detailed evaluation.of possible plant changes can be performed in a number of steps. .These include: (1) detailed data base development;
'(2) identification and quantification of how the change would update the data base; (3) identification of non quantifiable attributes and (4) evaluation of the cost of the change. The following sections provide additional detail on each of these items.
4.2.1 Assembly of Detailed Data Base - Section 4.1 described what type of PRA data is' required to perform the preliminary screening of suggested changes. As one moves from such a screening into a more detailed evaluation, a more detailed data base is required. This data base should include all
. accident sequences found in the particular PRA to be important (e.g., those sequences required to produce the top 99% of the core melt frequency and risk). Characteristics of each sequence to be compiled include its frequency
'(with uncertainty measure), and its physical process / consequence analysis (again, with uncertainties). The last item should be in sufficient detail to permit the analysis of " competing risks" resulting from physical processes.
Since the nature of this task is data compilation and is relatively straightforward, no research need has been identified.
4.2.2. Identification and Quantification of Impact of Suggested Change -
With the data base of Section 4.2.1 now available.. it is possible to overlay a suggested change and identify how this change updates the data base. Effects can be direct, e.g., a system change can reduce the likelihood of a particular
. failure mode included in one or more Boolean statements. Indirect effects can also result--a change can lead to different physical characteristics of an accident progression and thus may affect the performance'of other systems. In
~e ither instance, the impact of a change can be quantified probabilistically.
This probabilistic change may result from the improved reliability of a core protection feature or, for accident mitigation devices, the likelihood of a particular radioactive release (e.g., a release category) can be altered.
At this time, several areas exist related to this-task which require additional consideration. First, since the types of information contained in the data base each have associated with them a measure of uncertainty, an appropriate method of uncertainty combination is required. Work on this area is currently underway.
A second area requiring further work relates to the availability of l
state-of-the-art assessments of severe accident physical processes. At the present time, work by NRC and its contractors on.the " source term" issue has yielded advanced data on radioactive releases for a limited number of accident
~
sequences in five reference plants. Ih order to. provide risk statements (as the foundation for risk reduction calculations), the source term data must be extended to other sequences in each reference plant. Further, since it is
[
~ valuable to provide risk-statements on more generic plant classes, a systematic method for extending reference plant risk statements to generic classes is also needed.
In summary, research needs associated with the work described in this section are:
26 t
's
-(30).?A method for. combining uncertain' ties resulting from the various
~
,contributorsito risk reduction calculations;
- (31). A systematic method for extending. advanced source term results for a
~
few sequencesEto'the remaining sequences in the reference plants;
~
and
-(32) .A systematic method-for extending source term calculations for reference plants to generic plant categories.
4.2.3 ' : Identification' and: Assessment ~ of Unquantifiable Attributes - In addition.to the quantitative sense of Section 4.2.2,.a complete analysis of such a change requires-the-identification and assessment of its non quantitative' attributes. -These-attributes can be of two types--one associated with issues "poorly treated probabilistically, the second with regulatory compatibility. An example of the first type is sabotage events. For the second type, the issue is the extent-to which-a suggested change conforms or. deviates from current regulatory practices.
?The identification of the various' non quantitative attributes is presently in a-relatively acceptable state. However, a systematic method for assessing J
and displaying the:related benefits has not yet been developed. As such, a research need can be. identified as: ,
(33) A systematic method for assessing and displaying the benefits of ncn quantifiable attributes of possible plant changes.
i4.2.4 Assessment of-Plant Modification Costs - In order to complete the impact evaluation-of a suggested plant change, a measure of the cost of the
! change is required. -This. cost has a ' number of components, including not only the hardware cost,'but other. items such as plant downtime costs, costs of occupational exposure, etc.~ ~Because ofcthe considerable experience in the
, nuclear industry with requirements for plant modifications, both the itemization of important cost' components and the capability for performing cost calculations
"~ As such, a research need has not been
-is.in a relatively, acceptable state.
identified.~
~'u .
4.3 Cost-Benefit Assessment
~ ' Regulatory decisionmakers-must balance, conflicting values of different Lgroups, in an. environment sometimes characterized by uncertainty, inadequate
-information, and time and political pressures.
L LIn January 1983, the NRC published guidelines for performing the regulatory :
~ -
analyses' required for a broad range of NRC regulatory actions. The principal
. purpose of;the guidelines is:
- "to.cnsure that the.NRC regulatory decisions are based on adequate infor-
~
ci mation:concerning the need for and consequences of a proposed regulatory action and to ensure that cost-6ffective , regulatory actions, consistent h- with providing the necessary protection of the public health and safety and common: defense--and security,-are identified."
t l
y; 27 l"
i* } s c
The guidelines establish a structured framework for NRC regulatory analyses and describe in general terms the information that must be included. According
-to'the guidelines,-a central element in all regulatory analyses is an evaluation of the' costs and benefits of the proposed regulatory action and any reasonable al ternatives ~. In the NRC, such cost-benefit assessments have traditionally been called value-impact assessments.
In December 1983,-A Handbook for'Value Impact Assessment (NUREG/CR-3568) was published. This Handbook provides-a set of systematic, but flexible, procedures for providing information that can be used for performing value/
impact assessments. The principal components of value/ impact assessment are the attributes that are used to characterize the consequences of a proposed action.' These methods can be used by NRC, the Cost Analysis Group of the -
Office of Resource Management and other NRC organizations.
At present, no research needs exist in this area. However, it is antici-pated that as the methods of the Handbook are applied to a wide spectrum of major regulatory issues, the feedback will be vital in updating these proce-dures and methods, and in the identification of additional research needs.
Five research needs have been identified in this section. They are listed below for ready reference. -
(29) Identify dominant accident sequences.
(30). Risk Contributor Uncertainty Integration.
(31) Extend source terms to all accident sequences for a given plant.
(32) Extend source terms from reference plant to generic plant classes.
(33) Assessment of non quantifiable plant attributes.
28
- 5. 0 Research Needs for Maintaining an Acceptable Risk Level (Issue 4)
This section discusses the research needs and activities which are neces-sary to maintain an acceptable level of safety over the plant's lifetime. These activities involve the setting of minimum safety related operational require-ments, licensee programs directed at assuring compliance with safety require-ments, and inspection and operational safety assessments by the NRC to assure compliance with regulations and that operational safety levels are being main-tained.
The interplay and roles of regulators, inspectors and licensee (and by extension vendors) must be clarified before effective research programs can be specified. The regulator with input from the licensee sets the minimum accept-able safety related operational requirements. These are generally in the Reli-form of' technical specifications and quality assurance program requirements.
ability programs which complement quality assurance are implemented by the licensee to assure that design and operations are adequate to maintain minimum operational reliability performance objectives relevant to plant safety. The specification of minimum operational reliability performance objectives and reliability program content is again the responsibility of the regulators work-ing in concert with the licensee. Some or all of the reliability performance
-objectives and programmatic activities may be part of technical specifications or other conditions of the operating license. The technical specifications and other conditions of the operating license. The technical specifications and other special conditions of the license represent compliance auditables by which inspectors and operational assessments can gauge operating experiences to deter:nine if an acceptable level of safety is being maintained. Various plant operational limitations, activities and reliability requirements are generally the subject of quality control / assurance activities, inspection audits, and detailed safety trend analyses.
As a results of the proceeding discussion four distinct yet correlated research areas relevant to maintaining an acceptable level of safety over the plant lifetime have been identified:
(1) licensees safety assurance programs (QA/RA)
(2) Technical Specifications (3) NRC'.s licensee inspection (and enforcement) and operational safety assessment activities.
(4) NRC's assessment of the risk limitation effectiveness of its regu-lations.
These elements are shown in Figure 5-1.
The The regulatory need for research in these areas is discussed below.
first research area involves the development of effective reliability andThe quality assurance program requirements which licensees must implement.
research conducted by DRA0 will address reliability programs and interfaces with quality assurance programs--for which I&E is conducting developmental research. The second research topic, technical specification requirements, is primarily focused on the development of practical risk effective technical specifications. The third research area involves the development of a basis for setting NRC inspection priorities and focusing inspections on risk sensitive 29
i
\
Maintenance of Risk Level Reliability Inspection Regulatory Effectiveness Effectiveness Effectiveness L' 't'" 9 Surveillan e Other Reliability Conditions Requirements Elements of Operation l
Figure 5-1 Elements of Risk Maintenance Research I
l l
30 l
l l
licensee activities. In addition the third research area includes the develop-ment of safety assessment capability by which the NRC can evaluate licensee safety performance. The fourth area is just beginning and includes the identi-fication and evaluation of those existing regulatory requirements that are of little or no risk importance but which represent a significant cost to the NRC or the industry to implement on new plants or to maintain on operating plants.
The content of research to meet the regulatory needs of maintaining an acceptable level of safety is discussed below.
5.1 Reliability Program Research A reliability program is defined as a coordinated set of reliability engi-neering and management techniques (i.e., elements) to help licensees achieve and maintain an acceptable level of nuclear power plant safety over the life-time of the plant. The staff has used other names for this activity in the past, such as: reliability assurance, reliability engineering, safety assur-ance, and system assurance analysis. For simplicity, the term reliability program is used here.
A reliability program complements a quality assurance program. A quality assurance program assures that plants are designed, built, and operated accord-ing to approved design basis and procedures. A reliability program helps to assure that the content of these bases and procedures is correct.
The purpose of a reliability program is to help minimize the frequency of transients that challenge LWR safety systems and to help assure that safety systems function reliably when called upon. To achieve this purpose, the objec-tives of the reliability program are (1) to design reliability into systems that are important to_ safety, and (2) to prevent degradation of this reliability during operation.
Therefore the research needs in this area are:
(34) Delineation of the elements of a reliability program which are required to meet the objectives, and (35) A cooperative research effort with industry to determine means to effect the program with minimum perturbation.
In recognition of these needs, RES is developing and defining in conjunc-tion with NRR, IE, and AE0D a reliability program acceptable to the staff.
The plan is.to develop a reliability program for LWR operations initially, and later for new LWR designs.
The first task is a screening evaluation to survey available reliability techniques from various sources (complete), coalesce this information, and out-line for subsequent detailed evaluation a reliability program and its elements applicable to LWRs.
The screening evaluation will be followed by further development of selected elements and methods, if necessary, and by regulatory analysis to evaluate the applicability to LWRs. The elements that appear most promising after regulatory analysis will be tested through trial use at a PWR and a BWR, 31 l l
1
l:
if this-can be arranged. The results will provide practical data to evaluate cost / benefit and complete the regulatory analysis.
Many elements of a reliability program'already exist in NRC requirements
.~and. industry practices. A reliability program should therefore be integratable into ongoing regulatory and industry programs. A new overlay of reliability requirements is not anticipated. Instead, the research results are expected to lead to recommendations for incremental changes: Some to strengthen specific practices if'necessary and some to eliminate requirements that appear ineffective.
.Such recommended changes, if approved, might be implemented either by rule-
- making (as implied by the TMI Action Plan and the Indian Point Hearing Board);
or on a voluntary basis (as urged by the Commission in the ATWS rulemaking).
Either approach the staff believes will strengthen current practices to design <
reliability into systems important to safety and prevent degradation of this reliability in operation.
i 5'. 2 Technical Specification Program Technical.soecifications are a part of a plant reliability program; how-ever, for administrative purposes technical specification methods development research is being conducted as a separate program in coordination with the reliability program research.
As required by 10 CFR 50.36, plant Technical Specifications (TS).for power reactors'are to include: (1) safety limits and limiting safety system settings, (2) limiting conditions for operations, (3) surveillance requirements, (4) design features, and (5) administrative controls. To make the technical specifications (which applicants for operating license are required to submit) process more effective and efficient, the NRC developed and required, on a forward-fit basis, the use of Standard Technical Specifications (STS).
.During August 1983, an interoffice and interdisciplinary EDO Task Group was formed to identify the scope and nature of problems with SRs and LCOs in current TS and to develop alternative approaches that will provide better assurance that SRs and LOCs do not adversely impact' safety. The report of this Task Group (NUREG-1024) has resulted in a directive, wherein NRR/DL was given'the lead to develop and-implement a program that would accomplish the
. intent of the Task Group recommendations. That directive also indicated that RES would provide the research and-analytical support needed for the NRR
' program. This leads to a research need:
(36) To provide the research, analytical investigations, and tools required'to support the NRR TS program.
It was' decided to carry out this study under the Time-Dependent Reliability Modeling program, since much of the basic research for this type of application was already ongoing at Brookhaven National Laboratory (BNL). Their first task was to' examine approaches for developing a quantitative basis for making engi-
.neering judgments in revising those elements of the STS dealing with test intervals and allowed downtimes. This effort resulted in a Program Plan (May 1984) for carrying out the RES portion of the EDO recommendations for an NRC TS program. This Program Plan develops a course of action from the above broadly-
' stated research need and describes the following specific research needs:
32
l l
~
-(37) TTo develop a methodology to provide the-NRC with guidelines for l evaluating determinations of surveillance requirements and allowed outage times, (38) "To develop a methodology to provide the NRC with guidelines for evaluating extension requests (beyond the TS) for test intervals and downtimes,.
-(39) To acquire, review, and modify as necessary available analytical
, models applicable for the above methodology, and to' identify
.the data base requirements (including plant models) for use in the analytic models. selected,'and (40) To develop guidelines for safety limit settings that establish alert levels for triggering TS action items, as well as guide-lines for the resulting action items.
.To scope out a program plan to address the safety implications in comply-ing with either.TS or-STS requires reconciliation of or attention to some rather broad. issues. Only when these broad issues have been addressed, or at least brought attention to, can one focus in on the more narrow perspective of testing and maintenance policies addressed within the technical specification.
'On a broader scale, .several issues.arise in addressing various alternative
.means for. evaluating the safety implications of technical specifications. .In
-increasing order of importance the following must be addressed:
(1) 'What are the possible approaches for evaluating TS?
'(2) What are the possible measures of TS performance?
(3) What aspects (attributes) of TS need to be evaluated?
(4) What are the possible objectives of TS?
With^ regard to the. implications embedded in addressing the third question above,' the attributes must include those facets which deal with testing, downtime, maintenance, plant operation, data evaluation, and reliability assurance. Over the past several years DRA0 has had a program which has been developing, improving, and extending mathematical models (FRANTIC, MARKOV) to address the-first three elements. Models to address limiting conditions for operations and surveillance requirements were being developed under another research program. These two programs were addressing system unavailability due to test intervals and allowed outage times. In addition to these two programs, other NRC sponsored programs have also studied the risk-implications of test interval and allowed outage times. This experience has been used in drafting this program plan and.is a requisite ingredient in its implementation.
However, in applying risk analysis techniques to appraise (and possibly optimize) those test, maintenance, and operating procedures stated in many of the TS, several issues must first be resolved. The initial thrust of this (program has for its objective the identification of models, the requisite t modifications'to applicable codes, the' preparation and gathering of data for the analysis and evaluation of surveillance test frequency, allowable down-
. times, and associated. risk impacts. The prime output will be the development of'a Procedures Guide for evaluating STS, complete with application examples.
33
5.3 Inspection Effectiveness i
The Office of Inspection and Enforcement develops policies and admin- I istrates programs that, among other things, are used to inspect licensees and l ascertain whether they are complying with NRC regulations, rules, orders, and license provisions. The implementation of these inspection activities is performed by-the five regional based offices, while the development of the
. actual inspection program is-done by the Office of Inspection and Enforcement.
In view of the breadth of this inspection program, the actions of the limited number of inspectors and the-large number of safety related activities being performed at each plant requires a careful prioritization of manpower. To assist IE in prioritization of its efforts, a prouram is underway to develop information based on the probabilistic visk cnalyses performed to date, which can show the effectiveness of a particular inspection activity based or, its contribution to reducing overall plant risk. This program in its initial
. stages required a detailed study of the IE inspection program during FY-83, with the subsequent development of risk based information during FY-84 that would address specific addresses to specific areas of the program. Successful completion of this program requires that we:
(41) provide information to inspectors as to which of his activities has more benefit from a risk reduction standpoint than others, and (42) determine which of the inspection modules seem to address those areas of plant safety where an IE inspector can be used effectively.
5.4 Risk Limitation Effectiveness of Regulations Program.
In Section IV.A of the PPG of January 1984, Item No. 3 of the Planning Guidance states:
" Existing regulatory requirements that have a marginal importance to safety should be eliminated."
The research need here is obviously:
(43) development of methods for determining the risk limitation effectiveness of regulations.
This program is designed to identify LWR regulatory requirements that have marginal importance to risk. Since risk is one of the factors that affects safety, regulatory requirements with marginal importance in risk are candidates for elimination. The program will also investigate the cost to the industry to maintain and to the government to inspect facilities to assure their compliance with candidate requirements. Furthermore, the program will consider the changes in risk and cost for alternatives to the selected regulatory requirements. The results from this program will be used by the staff to determine which regula-tory requirements are of marginal importance in risk, and to recommend whether they be revised or eliminated.
r Ten research needs have been identified in this section. They are listed below for ready reference.
l 34
'I (34) Delineation.of Reliability Program' Elements
., ~(35) Reliability Program Research
~
(36) TS Evaluation Tools
, -(37).-Surveillance-Requirement Methods (38)_-Extension' Request Evaluation Method (39) Analytical Models and_ Data Base for TS.
.(40) Guidelines-for' Safety Limit Settings (41)~ Risk-based Information for Inspectors
~(42) Inspection ~ Module Prioritization (43) Methods for' Risk Evaluation of Regulations ,
- +- g f
4 e
a k
k 4
.l-L f
7 i' .
i' 35
.t
e 1
l I
E 6.0 -Research Plan 6.1 ~ Introduction Within the Division of Risk Analysis and Operations, a research program has been structured around the research r.eeds identified in Sections 3, 4, and 5 of this plan. This plan can best be thought of as having the elements shown
.in Figure 6-1; Needs Identification, Program Definition, Program Prioritization, Program Implementation, and Program Integration. Each of these is discussed briefly below and covered in-more detail in later sections.
Research Needs Identification: Sections 3, 4, and 5 describe the research needs as we new understand them, and it is these needs around which the current
-Research Plan is structured. These needs are summarized in Table 6.1. It is recognized,-however, that the-active use of PRA in the regulatory process results in changing research needs. Thus, this plan must also change as needs change in the future. To this end the plan will be updated and reissued periodically.
Program Definition: . Currently, several programs have been defined to meet the needs iaentified~in Sections 3, 4, and 5. These are described in Sections 6.2, 6.3, and 6.4. Each program is tied to specific needs. The research programs are summarized in Table 6.1 along with the specific research needs they address.
Current research programs do not fully meet all of the identified research needs. Where gaps exist programs will be considered and developed in future years if prioritization indicates _ funding is warranted.
-Program Prioritization: For purposes of allocating resources and setting milestones, prioritization of the needs and programs must be done. To achieve
-this, an in-house prioritization effort is done each year to establish the
-appropriate priorities. This effort is described in Section 6.7.
Program Implementation: An implementation schedule has been set up and is described in Section 6.5. This may change, however, due to budget fluctuations and periodic updating of the prioritization.
Program Integration: Most of the program elements reflect new methods which need to be integrated with other existing PRA methods. A program has been defined as the principal vehicle for this. It is summarized in Section 6.2.1 and described in detail in the Risk Methods Integration and Evaluation Program Plan.
6.2 Research Plan for Risk Assessment Methods This section describes programs underway which address the previously identified specific PRA needs. For each program the objective, the research need it addresses,' specific deliverables, and actual or potential interfaces care indicated.
36
l-l i
i 1
PRA Needs
- Program - Program . Program _
Program Identification Definitions '
Prioritization -
Implementation -
Integration
. N m
1 4
Figure 6-1 Research Program Plan l
s I
'l
y- - --
Tehte 64 Reneefeh fesode .nd Program.
n.- ... .. ........ . ... ... .. ..
i t
~
i . ..
8 1 j! !
[ }
I i-i
-tu f: .
a.
12s-a.ee-a e e- - :n:: :
-, 3_
a _. et .r,e 3
._r i t-
- ~
}: j!l y N 1:;$ Ei* I-'Ir
- r 51
.Ir: -s. a Vi g-
- _ ! .!:2 ._!" - -
t 1.
s s: -
_f -:F1*53.
ta ge . a g : : : ::
35 sqr 5
- "* r$ -
- -f 8 1 5
tmg I ,j $2 ,- 55jL53._i s .
e g5 -- '1 5'r 8 j lSta! a_li:=I :P,1
-- e a
s ;
n _e {- :
, --ess -
-'. _io s.::s:s.
- =e-I. 3s i da d ss =21 :: aa:1 -
is
-r E !< . :: : ;:r s --
s.a. ; et c- : s :s :5 a: sas_,55 g :s:ss sss sess! h_ si x lua.h :r
-- -~-.. . ..s ===ss s = s e e n ::::4 _-.... . ..
w~ww~.
e.e. se~w es.e w
. o.ww.w.wwa~ . ~~~~.~.
..e ~.~e. e..ee.e.se. .~...
.is. A.ei, sis plant $ystees Aa. lysis i
I Ti.e si *,ers.nc,no.u i .e. .
s, ecto.i i.it,iest .. .
ca.i.ei i.ec t s,sta.u ss i, nason,s
. I i :=erneo sofi a, sis ... ..
c.temi n.e.s A
,sts ., imeye in.
sei ic ne
=t,.r. eta.,Pt f
net as ...
, i trees n i.ter.e news isuonien e .enenttsu.<,st.
a sie estic r e, eso ue. . .
in Sta..ulat.io.n n co neestlag for 12 i. ore.e.e u ,eeoro. =ta= for o of.e.A fa, . Fu e.u c.nectie aos u. i i.e ner.,
A=',c.t e ir a
nsup.e,in.nu ore s r ueirs< e.se .
u e,e.n,csi e ses ofe.e= ce,s .
c-tei~ u.i,sie .
in Po.e.see .e .
i ternes ibic.i n.s. nee.ds cases .
ef fs<te c s e.ee ue',a.ss 20 Revisee Seerce fore ,
Evaluettene 21 Seta Esttter Investi.etten 22 Desesttien e' met Piemes 23 4tasseneres scr.metee nemis Analysis letegretten e 24 Presserited Thee.el Sneck 29 Eveleottee of een-full Pomer Alst 26 tapreses Recovery nedel ..
27 Uncertainty see $essitivity .. . . ..
analys6s =tness 28 Demoastration of netness .
Risk Reductf.e Option leeattf tcatlea & Scrocal 29 Imatify inent Accident ,
Sequences setenee optica Evat ette.
30 tish Cate'tuttee uncerteiaty .. .
Interette la tete.e se,nce sea. t. en .
Sequences fee Givoo P. eat 12 Estene 5eurte few fees eeference. Plants to Generic .
Plants 33 assesseent ef s en-gueattfiele . .
Plant Attrfestes cost Gene'it Aasiysts Asserence of Elst tewel setteeltty titects eaess , ,
34 Dellneetten of seltellsty Program Elemen . .
35 Rellatitty Pe.tsgren meseeren .
35 TS Eselvet6en feels , ,
37 servetiteace Regetroseet stetness ,
38 Este** en toguest t=aluettee ,
negar 39 An- ,aecal nosess one Date *
. tetsaes e fee inter Safety Ustl sett tage laneettien Iflectiveness , ,
48 Stat-based Infor.st 6en fee inspectors .
42 laspecteen steente prioritissuen Begeistory tffectiveness ,
a3 netamm tw etsk geel.etsen et negonet tons elegend 0
- Deta ples R e Rellattil's Proves Plan P e amitP Plan A e 5AAP Plee S e PtA 5.f t. ore Plan ( e (steceal (,ents 9tse Analysts Plan (to be ovelopeel It e PELCOB Plaa
??
6.2.1- TITLE:
Risk Methods Integration and Evaluation. Program (RMIEP) 0BJECTIVES:
To integrate internal, external, and common cause risk methods to
. achieve greater efficiency, consistency, and completeness in the conduct of risk analyses; To evaluate PRA technology developments and lay the basis for
. improved PRA procedures; To_ identify, evaluate, and effectively display the uncertainties in PRA risk predictions which stem from limitations in plant modeling, PRA methods, or data; and To conduct a PRA on a BWR 5, Mark II nuclear plant (La Salle Unit 2),
ascertain the plant's dominant accident sequences, the offsite consequences, and formulate the results in such manner as to make it possible to easily update the PRA and to allow testing of future improvements in methodology, data, and the treatment of phenomena.
NEEDS BEING ADDRESSED:
- 1: -
- 2 -
- 5 -
- 6 '-
- 7 -
- 10 -
- 19 -
- 26 -
- 27 --
- 28 - Integration and Demonstration of New PRA Methods DELIVERABLES:
_A number of products will result from this particular program.
Table 6-2_ summarizes the documents to be generated under this program and closely associated methods development programs. The documents fulfill the following deliverables:
.l. An integrated, evaluated and demonstrated PRA methodology for exter-nal events which will allow meaningful risk comparisons between eternal events and internal events and will lay the basis for pre-paration of improved procedures.
- 2. An integrated, evaluated and demonstrated PRA methodology for common-cause failures which will be suitable for routine use in NRC and will lay the basis for preparation of improved procedures.
41
S.
- 9 ,a i
Table 6-2 RMIEP task' deliveries Letter Report Task (s) Program- Plan Repcit NUREG COMMON CAUSE
- 1. Approach and Scope of Plant 14 Methods Development 'Jan 84 Apr 84 See #10 Logic Model Development
- 2. Integrated Fault Tree Modeling 14 Methods Development - Jan 84 Aug 14 See #10' Methods.
- 3. RMIEP Basic Event Naming Scheme _ 14 Methods Development --
Apr i4. --
- 4. Integrated Accident Sequence 17 Methods Development Jan 84 -Aug 34 .See #10 Quantification Methods
- 5. Independent Evaluation of 14, 17 Methods Development Aug 84 Feb 35 --
SEISIM Code
$$ 7.. RMIEP Approach to Internal 24c, 25c RMIEP & Dependent Feb'84 -Oct 84 See #10 Flood PRA Failure Program
- 8. Integrated Common Cause 12a Dep. Failure Program Jan 84 Oct 84 See #10 Failure Analysis Methods
- 9. Quantification of Common 12a Dep. Failure Program Mar 84 See #8 --
Cause Failure
- 10. Methodology for Assessing Common --
RMIEP July 86 Cause Failure in Nuclear Power
. Plants
- 11. Method for PRA External 27 RMIEP Jan 85 Apr 84 Oct 84 Event Scoping Quantification UNCERTAINTY
- 12. Method for Identifying Important 7 RMIEP Jan 84 Data Uncertainties in Past PRAs
- 13. Methods for Uncertainty 15 Methods Development Jan 84 Sept 84 See #15 Analysis in a PRA
e Table 6-2 (continued)
Letter Report Task (s) Program Plan Report NUREG
- 14. Methods for Sensitivity Analysis 16 Methods Development July 84 Mar 05 See #15 in a PRA
- 15. Uncertainty Analysis in a PRA 20, 21 RMIEP -- --
July 86
- 16. RMIEP Importance and 7, 21 RMIEP Jan 85 --
See #21 Sensitivity Studies HUMAN MODELING
- 17. Probabilistic Analysis of Operator 4 RMIEP Feb 84 --
Jan 85 Misdiagnosis of Accident Initiating Events
- 18. PRA Accident Recovery Modeling lla, 11b Methods Development May 84 March 85 July 86 and RMIEP THERMAL-HYDRAULIC MODELING
- 19. Use of Realistic Thermal- 3, 10 RMIEP Jan 84 May 8E July 86 Hydraulic Modeling in PRAs LA SALLE UNIT 2 PRA
- 20. Documentation Design 23, 25 RMIEP --
Feb 85 --
- 21. Sequence Likelihood Report 23 RMIEP -- --
Draft Apr 86
- 22. Containment / Consequence Report 35 RMIEP/MELCOR -- --
Draft Oct 86 PROCEDURES
- 23. Update Existing PRA Procedures --
RMIEP -- --
Continu-(e.g., NUREG/CR-2815, NUREG/CR-2728) ous Thru Dec 86
F
- 3. An integrated, evaluated and demonstrated PRA methodology for evaluat-ing diagnostic errors stemming from plant accident conditions exceed-ing instrumentation limits or operator training limits or stemming from instrumentation failures.
- 4. An evaluated and demonstrated PRA method for more thorough analysis of recovery actions under accident conditions that will lay the basis for preparation of improved procedures.
- 5. A delineation and demonstration of the scope and characteristics of the thermal-hydraulic modeling that should accompany PRA analysis.
- 6. An integrated, evaluated and demonstrated method for using both uncer-tainty and sensitivity analysis to assess and display uncertainties arising from both modeling and data uncertainties and appropriately
' distinguishes between the two.
Currently, the most complete and consistent NRC models for internal event analysis are the models provided in the IREP, Arkansas Nuclear One PRA. These are receiving wide use. However, they do not cover external event analysis, and there exists today no consistent set of models which span the accident sequences of both external and internal event analysis. Yet, such models are needed to perform value/ impact analysis and to address regulatory issues. To meet this need, an important product of RMIEP will be:
- 7. A consistent set of accident sequence (event tree) and system reli-ability (fault tree) models and accompanying data and quantification which spans both the internal and external event initiators and which are suitable for use in integrated PRAs.
The methods integration that will be achieved in the RMIEP will provide the same types of information as previous PRAs and PRA-type studies with the important difference of providing, in one integrated and consistent analysis, a wider scope of analysis than has been done consistently in the past. It is expected that this will change our present perspectives on what plant features dominate risk and what uncertainties surround these conclusions. Thus, one important product will be:
- 8. A new perspective on plant risk, core melt probability, dominant acci-dent sequences, important plant features and uncertainty, stemming from the increased scope of consistent analysis covering internal events, external events, common cause analysis, expanded diagnostic analysis, expanded recovery analysis, and improved uncertainty analysis.
The expanded and improved modeling integrated into PRA via the RMIEP will serve to further' reduce uncertainties which previously had stemmed from the modeling and data limitation addressed in RMIEP. Thus, one product of RMIEP will be:
- 9. A better understanding of PRA uncertainties which stem from the modeling limitations.
44
ff Finally, the importance measure studies performed-in the RMIEP will provide guidance as to where data uncertainties impact risk. This will provide guidance
~
-to where improved data will have their greatest affect in reducing risk. Thus,
-the final product will be:
- 10. A ranking of data uncertainties based on importance.to risk and identification where improved data will have the greatest affect on reducing LWR risk uncertainties. (Fall 1983)
INTERFACES:
Accident Sequence Evaluation Program (ASEP)
(determination of event sequences contributing to core melt)
Severe Accident Sequence Analysis (SASA)
(methods for system modeling and analysis)
Flood Risk Analysis Methodology Development Project Seismic Safety Margin Research. Program (SSMRP)
Seismic Hazard Characterization Project LSevere Accident Uncertainty Analysis (SAUNA)
. Human' factors research programs Dependent Failures Orogram
.MELCOR Program Root Causes of Component Failure Program Data Development and Evaluation
, IPRDS Program Stntistical Techniques for Risk Analysis 1
E 45
1
6.2.2 TITLE
PRA Metno'ds Improvement-OBJECTIVE:'
To dev'elop-and improve PRA methods. Emphasis in short term is to develop
~ methods for use in RMIEP.which include. recovery analysis, uncertainty analysis,
.quantification, and integration of internal and external event analyses.
Long-term objectives;are to assess methods and develop new methods as needed.
NEEDS BEING ADDRESSED:
- 2 - Special Initiating Events
-#3 -- Integrated System Modeling
- 5 - Integrated Software;
- 6?- Integrated Seismic Methods n #26 - Improved Recovery. Model
- 27 - Integration of Uncertainty and Sensitivity Analysis DELIVERABLES:
~ Numerous reports will be developed from this program with RMIEP during-1984, 1985,' 1986 (see Table 6-2). .
Treatment of micro processor reliability in PRAs (Sept. 1987)
PRA modeling considerations for, reliability monitoring and reliability
. assurance (Sept. 1986)
Survey of treatment of design, installation, and construction errors (1986)'
' INTERFACES:
l Integrated PRA Software Development
~ Flood Integrated Dependent Failure Methodology Time Dependent Reliability Modeling.
Risk Methods Integration and Evaluation Program Efficient Probability Computations and Methods for.PRA L
Study of Uncertainties in the Systems Analysis in Seismic PRA 1
'i 46
. . , , _ . , - - , , -.c. , - . , , ,, ,-
l 6.2.3 TITLE:
Integrated Dependent Failure Methodology
- OBJECTIVE:
To provide an integrated methodology for the identification, quantifica-
~
tion, and impact of dependent failures upon system failure and accident sequence failure. ' External events as well as adverse environments will be addressed.
NEEDS BEING ADDRESSED:
- 3 - Integrated System Modeling
- 5_- Integrated Software
- 6 - Integrated Seismic Methods
.#7 - Integrated Fire Methods
- 8 - Methods for Internal Flood.
DELIVERABLES:
Numerous reports will be developed from this program with RMIEP during 1984~, 1985, 1986 (see Table 6-2)
Procedure for Treatment of Wind Risk in PRA (October 1986)
Evaluation of PRA Seismic Methods (July 1986)
Treatment of Seismically Induced Fires and Floods (July 1987)
Updated Dependent Failure Analysis Procedure (December 1987)
Harsh Environment Hazard Assessment Guidelines (December 1987)
INTERFACES:
Integrated PRA Software Development RMIEP Root Causes of Component Failure Program External and Internal Flood Risk Analysis-Five Risk Analysis Research Program Study'of. Uncertainties in the Systems Analysis of Seismic PRA Human Factors Programs 47 1
L_ l
m -;
Q l
'6.'2.4 L TITLEi Integration of Human Reliability Measures into the Probabilistic LRisk-Assessment Process NT OBJECTIVE:
Develop'and test improved methods and techniques for conducting human
. risk analysis (HRA) as an integrated part of the PRA processes, to identify, quantify and report risk likelihood on potential core melt and/or radiation
- release. sequences involving operator or maintainer actions.
-NEEDS BEING ADDRESSED:
- 13 -_ Integration of Human Reliability Analysis Probabilistic Risk L
_ Assessment DELIVERABLES: ,
Data on the feasibility of integrating HRA requirements into the PRA process'(Sept. 1984).
Testable method for integrating HRA requirements more fully into the PRA process (Sept. 1985).
Validated method for integrated HRA requirements fully into the PRA process Sept. 1986)
INTERFACES:
. Statistical Techniques for Risk Analysis Integrated Dependent Failure Methodology
' Human Performance Modeling for Nuclear Power Plant Operations Risk Methods Integration and Evaluation Program e .
r 48
e 6.2.5 l TITLE:
. Improved Analytic Models'for Assessing Human Error Contribution to NPP Risk.
OBJECTIVE:
Develop and test analytic.models accounting for cognitive, performance shaping and interdependence aspects of human behavior involved in core melt /
radiation' release precursor sequences, to support HRA' segments of PRAs.
.NEEDS BEING. ADDRESSED:
-#10 ~ Diagnosis Error Estimation
- Data on the feasibility of. utilizing human error and related performance shaping data, to. determine the impact of human error on overall NPP risk
-(Sept. 1984).
Testable models for. utilizing human error:and related performance shaping data, to determine the impact of. human error on overall plant risk (Sept. 1985).
Validated models for utilizing. human error and related performance shaping data, to determine the impact of human error on overall plant risk. (Sept. 1986).
. INTERFACES:
Statistical: Techniques for Risk Ana'/ sis Integrated-Dependent Failure Methodology Human Reliabi_lity Model for NPP Maintenance Personnel Analysis'of Human Errors for NPP Safety Related Events Integration of-Human. Reliability Measures into the Probabilistic Risk Assessment Process Houn Performance Modeling for Nuclear Power Plant Operations Risk Methods Integration and Evaluation Program 49
_ _ _ - -. ._. _ - . - _ . . . . _ _ . . - _ . - _ . . _ _ _ - . ..D
Ic g
3
6.2.6 TITLE
. Integrated PRA Software Development-0BJECTIVE:
To develop an integrated state-of-the-art computer system for PRA. The system will include capabilities for independent and dependent failure analysis,
~
-including external events.
NEEDS BEING~ ADDRESSED:
- 5 - Integrated Software
- 6 - Integrated Seismic Methods
'#7.- Integrated Fire Methods
- 8 - Methods for Internal Floods
- 27 - Integration of Uncertainty and Sensitivity Analysis DELIVERABLES:
- PRA Software Review-(Sept. 1984)
PRA Software Plan (Sept. 1984)
.FTAP-COMCAN III Documentation and Code (Sept. 1985)
PLM00 Documentation and Code (Sept. 1985).
Design Documentation (Sept. 1985)
Code Development and Documentation (Sept. 1986, Sept. 1987)
INTERFACES:
Severe Accident Research Program Seismic Safety Margin Research Program Efficient Probability Computations and Methods for PRA 4
50 s _
y.. , y_. ,, , -_ , .. - r, , --
.6.2.7 ' TITLE:
Efficient Probability Computations and Methods for PRA l (OBJECTIVES: .
- To assess and develop a quantification technique that can be used to
. calculate system reliability characteristics when the rare event approximation does:not hold and'to investigate extensions of the Fault Graph method.
NEEDS BEING ADDRESSED:
- 3 Integrated System Modeling
- 5 Integrated Software DELIVERABLES:
SIGPI Comparison'-' October 1985 SIGPI Portable.; Code User's Manual and Time-dependent Fault Graphs
- October-1985 INTERFACES:
'Intergrated PRA Software Program.
Integrated Dependent Failure Methods.
PRA Methods Improvement.
Risk Methods Integration and Evaluation Program.
Study of Uncertaintie's in Systems Analysis of Seismic PRA.
! 51 k
y -
6.2.8 TITLE
1 Statistical Techniques for Risk Analysis l
'0BJECTIVE:
Develop failure rate data, statistical models, methodologies, and proce-
- dures for applying quantitative techniques in risk' analysis.
NEEDS BEING ADDRESSED:
~#15 - User Data Base
- 27 - Integration of Uncertainty and Sensitivity Analysis DELIVERABLES:
Identification of significant component use conditions (1-85, 12-86)
Methodology for the collection and analysis of subjective data (1-85)
Methodology for common cause Quantification (3-85)
Component Failure Rate Data Report (1-87)
A Methodology for Conservatively Assessing Safety Goal Compatibility.
-(1-86)
INTERFACES:
Risk Methods Integration and Evaluation Program Analysis of Reliability Data from Nuclear Power Plants (IPRDS)
Accident Sequence Evaluation Program-Time Dependent Reliability Modeling PRA Methods Improvement 52
t
- 6.2.9 TITLE:
Analysis of Reliability Data from Nuclear Power Plants (IPRDS)
OBJECTIVE:
To provide improved nuclear component reliability data for use in probabil-istic risk assessments and to provide better bases for regulatory decisions in areas such as the setting of component allowed downtimes and test intervals.
NEEDS BEING ADDRESSED:
- 15 - Updated Data Base DELIVERABLES:
Preliminary Report of _ root causes for component failure modes (11-84)
Circuit Breaker Failure Data Report (10-85)
Instrumentation Failure Data Report (10-85)
Methodology utilizing incipient and catastrophic failure histories to estimate component reliability and assess maintenance effectiveness (10-86)
Updated Data Base on Original Plants (10-87)
Expand Data Base to Include 4 additional units. (10-87)
INTERFACES:
Risk Methods Integration and Evaluation Program Human Factors Program Aging Program Data Development and Evaluation Root Causes of Component Failure Program Accident Sequence Evaluation Program Time Dependent Reliability Modeling Statistical Tecnniques for Risk Analysis
/
53
~~
~
$ J
~.
6.2.10 TITLE:
Data _ Development and Evaluation OBJECTIVE:
Evaluate existing data bases and develop a comprehensive numerical data base f7r use in PRAs and other quantitative studies; perform specific statis-tical and data inquiry studies; summarize and evaluate nuclear power plant com-ponent failure data and estimate component failure rates; and develop a compre-hensive user-friendly NPP data base for use in PRAs.
NEEDS BEING ADDRESSED:
- 15 - Updated Data Base DELIVERABLES:
LER data summaries (covering 1976-1982) of inverters (NUREG, Oct. 1984)
LER data summaries (covering years 1976-1983) of protective relays, circuit breakers and time delay relays (draft, September 1984)
Pipe break frequency estimates for systems found important in past PRAs
-(draft, September 1984).
A thorough statistical analysis.(based on all LER data summaries) of component failure rates formatted for use in PRA data inputs (draft, September 1985) ,
A statistical evaluation of the existing NPRDS data base for meeting the requirements of PRA data inputs (draft, September 1986)
A user-friendly NPP data base for use in PRAs (September 1987) b INTERFACES:
Analysis of Reliability Data from Nuclear Power Plants Severe Accident Precursor Risk Methods Integration and Evaluation Methods Root Causes of Component Failure Program Statistical Techniques for Risk Analysis 54
6.2.11 TITLE:
Root Causes of Component Failures OBJECTIVES:
To identify the root causes of failures for components that comprise safety and safety support systems of nuclear power plants. All root causes of component failures.from the component design, through manufacture, installation, maintenance, repair, and use are to be included. The components to be addressed include all components involved in dominant accident sequences. A categorization scheme is to be developed that uses existing data bases on component failures to identify the root causes of failures.
An understanding of the underlying root causes of component failures should support the plant's reliability assurance program. In addition, regu-latory inspection activities might focus on how the reliability assurance program is addressing these root causes. Ultimately the contribution to core melt frequency from each root cause might be determined and integrated into risk importance measures.
NEEDS BEING ADDRESSED:
- 15 - Updated Component Data Base
- 17 - Root Causes of Component Failure DELIVERABLES:
Identification of Candidate Root Cause Categories Oct. 84 Definition of Components Evaluation of Existing Data on Component Failures and Trial Application Jan 85 i Assessment of Data Bases Feb 85 Selection of Additional Components Mar 85 Modificatlun of Categorization Scheme May 85 Categorization of Ccmponent Failure Data Jun 85 Amendments to Data Collection Scheme Sep 85 INTERFACES:
Inspection Effectiveness Reliability Program Harsh Environment Data In-Plant Data Program (IPRDS)
Data Development and Evaluation RMIEP Statistical Techniques for Risk Analysis Accident Sequence Evaluation Program 55
C y
s
+ 3.
1
.!.- 6.2.12 : TITLE: ,
J Human Reliability. Data Bank for Nuclear Power Plant Operations I
. 08JECTIVE:
Tes't the practicality,~ acceptability and usefulness of a data bank concept for'co11ating storing and retrieving failure / error data from field training simulator, expert -judgement and computer modeling sources', for use on PRAs.
, Determine the feasibility and advisability of integrating human reliabil-ity, hardware and. structural data bank concepts to more efficiently and cost effectively support PRAs and related human factors and safety systems enhance-ment activities.
NEEDSE}EINGADDRESSED:
Updated Component Data Base
'#1'5 DELIVERABLES:
Testedh'umanreliabilitydakabankconcepttosupportPRAs(Sept.1984). ,
f Data on the feasibility of extending human reliabilit'y . data bank concept
- :to other human factors activities,.and to NPP hardware and structural data '
' management (Sept. 1985).
.# 3 Tested cethod for extending human reliability concepts and techniques
%" to HPP hardware and structural data management (Sept. 1986).
INTERFACES:
Data Development and Evaluation-
~
Human Reliabilit Model for NPP Maintenance Personnel
. Analysis of--Human Errors for NPP Safety Related Events Human Reliability Data Acquisition Using Nuclear Power Safety. Reporting System-t it N
(( , ,
i-4 ,, , ,
'o*
4 56
,- g -
y .: + - . . , . . _ ,, - - . - - .
W .
J5.2.13 TITLE:
' Human Reliability Data Acquisition Using a Nuclear Power. Safety Reporting System
-0BJECTIVE:
Test.the practicality, acceptability,and usefulness of an anonymous, non-
~
punitive, third party _ managed human error information, for use in HRA segments
-of PRAs, and other human factors related activities.
NEEDS BEING ADDRESSED:
- 14 - Human Error Reporting
' #15 - Updated Data Base, DELIVERABLES:
4 Tested method for acquiring human error data from a third party managed Nuclear power Safety Reporting System (NPSRS) (Sept. 1984).
INTERFACES:
- . Statistical Techniques for Risk Analysis Integrated PRA Software Development
. Accident Sequence Precursors Analysis of Human Errors for'NPP Safety Related Events Human Performance Modeling for Nuclear Power Plant Operations Precursor Program Reliability Program Inspection Effectiveness Program r
Tr I
4 q .
l 57
.at
y;.
6.2.14 -TITLE:
Analysis of Human Errors for NPP Safety Related Events OBJECTIVE:
Develop and test improved. methods and techniques for acquiring human error data from field, training simulator and expert judgement sources. y NEEDS BEING ADDRESSED:
1
- 12'--Improved Methods for Determining Human Error Probability (human error data acquisition) .
- 15 - Updated Data Base DELIVERABLES:
Validated methods'for acquiring human error data from field, training
- r- simulator and expert judgement sources (Sept. 1984).
Data on.the feasibility of systematically applying HEA/PRA results as baseline measures to-evaluate man-machine safety systems, and support develop-ment of man-machine safety system design guidelines (Sept. 1985).
~
Testable methods for systematically' applying HEA/PRA results as baseline measures to evaluate man-machine safety; systems, and support. development of man-machine safety system guidelines (Sept. 1986).
INTERFACES:
Statistical Techniques for Risk Analysis Integrated PRA Software Development
=
. Flood- -
a Integrated Dependent. Failure Methodology Data Development and Evaluation Human Reliability Model for NPP Maintenance Personnel
.tIntegration of Human' Reliability Measures into the Probabilistic Risk Assessment Process -
Human Performance Modeling for Nuclear Power Plant Operation Risk Methods Integration and Eyaluation Program (RMIEP)
Reliability. Program '
Inspection Effectiveness Program 58
.r.. ..,
6.2.15 TITLE:
Human . Performance Assessment Using Computer Simulation Techniques O3JECTIVE:
Develop and-test methodologies, utilizing computer simulation techniques, to provide a capability for analyzing-and predicting human reliability in per-forming selected NPP' operations, maintenance and safeguards functions'and roles.
NEEDS BEING ADDRESSED:
- 11 - Simulation Modeling for Maintenance Acts
- 15 - Updated Data Base DELIVERABLES:
Validated method for acquiring human error data from computer modeling of selected NPP maintenance roles and functions (September 1984).
Data.on the feasibility of extending computer modeling concepts and tech-
.niques to NPP operations roles and functions (September 1985).
Requirements and logic for computer modeling of selected NPP operations safeguards and maintenances roles and function (September 1986).
INTERFACES:
Analysis of Peliability Data from Nuclear Power Plants Time Dependent Reliability Modeling Human Performance Modeling for Nuclear Power Plant Operations Risk Methods Improvement for RMIEP Reliability Program Inspection Effectiveness Program
^
i
+
59
l
.6.2.16 TITLE:
Accident Sequence Precursors (Includes Precursor Methodology)
OBJECTIVE:
The objectives of the precursor program are to identify significant or important sequences that, more likely than others, could have led to severe core damage; search operational events for the elements or precursors of severe core damage accident sequences which are not predicted or poorly pre-
-dicted in current probabilistic risk analyses (PRA); and analyze operational events to estimate the frequencies and trends of system failures, function failures, and overall frequency of severe core damage. This program is comple-mentary to the nuclear plant probabilistic risk assessments (PRAs) currently being performed by industry and the NRC. It provides a check on mathematically modeled nuclear plant safety analyses through the application and use of opera-
-tional experience data.
NEEDS BEING ADDRESSED:
- 16 - Precursor Study DELIVERABLES:
Improved methodology (mainly plant specified event trees and better grouping of failure data) Dec. 1984 Draft 82-84 precursor report Dec. 1985 Draft 1969-1981 precursor re-evaluation Dec. 1986 INTERFACES:
Risk Methods Integration and Evaluation Program Accident Sequence Evaluation Program Severe Accident Research Program 60
e en p
"612.-17 TITLE':
- Pressurized Thermal: Shock. Analysis, 0BJECTIVES:
.(1) Estimate the' likelihood of vessel through wall-crack' penetration due to PTS atethree plants.(one.each B&W,,CE, and W).'
-(2) Identify that is important:
sequences- L operator.and control, actions uncertainties I(3)'LEstimate'theriskreductioneffectivenessofalt'ernativecorrective measures. '
'.(4)?-Identify important differences between the B&W, CE, and W plants studied.
- NEEDS~BEING ADDRESSED
. '#24 - Pressurized Thermal Shock Risk-DELIVERABLES: -
-- ORNL DRAFT REPORT
= Plant Frequency'of'R.V. Failure-Oconee- .
. April 1984.-
- Calvert Cliffs -
-Sept.'1984
+ Robinson 1 Nov. 1984' LINTERFACES:
lue -
.This project is part of TAP A-49. 1The' project uses input from DAE research
. on' TRAC /RELAP applications and coolant mixing and1from DET research on metallurgy and fracture mechanics (HSST). It uses plant' design and.operat-L ling information from Duke Power Company,:BG&E,cand-CPRC. The project is qu. - , i coordinated 'with PTS research by: EPRI'and A-47 research by NRC. '
f 4
w.
s.'
.M 1 5 61 l t
1.
I u-- .. -_., , . . _ . . ,_, .._. ._. ~_ , , . . . , . . . . , . - - . . , , . . _ . , . . . - _ , . . _ _ . . - , - -_ _ . , . ~ _ _ _ . _ _ . _ , . . , _ .
~ :
E )6.2.18 TITLE:
- ~ Development 1of Improved Physical Process Computer Codes for Risk Assessment
+~
-(MELCOR):
^
[0BJECTIVES:
,~ .
L(1)-STo provide short-term upgrading of the MARCH-and MATADOR (CORRAL)
' risk assessment codes to account- for specific and important defi-
~
.ciencies.
-(2) - To provide the' . longer-term replacement risk code (MELCOR) for the MARCH, MATADOR, and CRAC codes which: has a structure readily amenable to. incorporation of new models based on the ongoing experi-mental"research program; and permits the quantitative analysis of
. both "best estimate" severe accident consequences and the associated uncertai'nties.
~
JNEEDS BEING ADDRESSED:
- 18 - Phenomenological Data Needs
- 19 - Integrated Risk Codes
- #27 " Integration of Uncertainty and Sensitivity Analysis DELIVERABLES:
. - - Reports-I g ' Uncertainty Analysis. Technique: Comparisons Sept. 1984 T- ; Initial MELCOR version for internal use and
' verification Nov. 1984
.g
-RIL on' content of initial version, applications,.andl future plans 1st Quarter, FY 85
'Public' release of. code. package 1st-Quarter, FY 86
- , RIL on publicly _available code package. 1st-Quarter, FY.86
~
- w. " INTERFACES
a .
, ; Severe Accident Uncertainty Analysis:
- Risk Methods Integration and. Evaluation Program '
(Phenomenology and Risk. Uncertainty Evaluation Program l'N %
i
[ i_
t
'~
+ ,
A 9 x
+,5 f
':b s 62 u -
6.2.19 LTITLE:
1Phenomenology and Risk Uncertainty Evaluation Program
- RESEARCH NEEDS BEING ADDRESSED
-#19 '
- 27 -
OBJECTIVES: ~
To perform phenomenological uncertainty analyses for RMIEP program
. DTo.
risk integrate uncertainty systemic and phenomenological uncertainties into overall measure To provide testing and quality assurance of MELCOR code.
DELIVERABLES:
Report on results of phenomenological uncertainty analyses and risk uncertainty analyses for LaSalle (draf t, Oct. 1986)
Report on conclusions of MELCOR testing and quality assurance tasks (Oct. 1987)
INTERFACES:
RMIEP program PRA Methods Improvement. Program MELCO project and related tasks k
s 63 1
pu ,
?-
_. y
... J' 1
l
~
6.'2.20 TITLE: l Localized' Deposition from Wet Plumes-
_ . l
- '0BJECTIVE
4
. Develop and apply models to account for water content of atmospheric -
~ discharges during. severe ac'cidents.
t Scope nature.and extent of experiments needed to generate required data.
NEEDS BEING ADDRESSED:
- 22 -
DELIVERABLES:
. Model(s) and Revised (Prelimin'ary) Consequence Estimates for LWR Severe Accidents (December 1984)
Conceptual Designs.for Experiments (March 1984)
Choose candidate sites for piggyback experiments (July 1985)
~
IN'ERFACES:
T
- MELCOR.
.r f
- d'
?
e 9
k
.)
K' t
[9 i .
L- t 64 I -
l- t
= - - - _ - _ _
7
~
i' , -
6.2.211 TITLE: '
.., (Consequence'Modeling
~
[
a y .
'0BJECTIVE:' <
Maintain / Utilize / Revise.CRAC Consequence Code.
- - NEEDS1BEING ADDRESSED:
X #19:-l Integrated Risk Codes
.ggn .: ,
.#21t- ,
y ;#23 -:-
n , DELIVERABLES:'
- y
,a Revisions;of Health-Effects Models:(Sept. 1984).
! Protection Factors for' Respiratory Protection (Sept. 1984)
, ' ~
- INTERFACES: ,
' Severe lAccidentIUncertainty Analys'is' .
jf .. Risk Methods, Integration and Evaluation Program x
w g '". , A s
t_-i' 4
{ ,a l s -.
V. -
gy '
/
lJ ,
v . . _ .
n ; p- -
n.
'$ +.
y ,
L ~, -
b s t r
65 y . . , - - - ,--n-,,..,r,-,- -,,N.,--,,,.,,_e-,sm> ,,,,r--- --,-,.,.,--,--,A,w,,,,..-,ng,---,-,m,, , . . , , -.m, n, wen--r-me -.w~s,-,e--w,
6.2.22 TITLE: i i
Fire. Risk Analysis Research Program l OBJECTIVE: I The objectives of this program are to describe state of the art fire risk analysis methods, develop improvements to these methods, test and evaluate the
. improved methods by analyzing fire risk as part of a full scope PRA, and identify'and develop needed improvements to the methods.
NEEDS BEING ADDRESSED:
- 7 - Integration of Fire PRA Methodology DELIVERABLES:
Due Date Report on Improved COMPBRN & Expt Comparisons (UCLA) March 84 Redraft of " General Approach" Report (NRC) April 84 LR on Approaches to Improved Fire Growth Models (UCLA) April 84 LR on RMIEP Plant Fire Barriers (SNL) May 84 LR on Model Improvements (NBS) June 84 LR on Detection and Suppression Models (UCLA) September 84
~LR on Evaluation of Fire Risk Analysis Methods (SNL) September 84 LR on Models for Fire Growth, Spread, Detection, and Suppression (SNL). September 84 LR on Fire Barrier Effectiveness (SNL) November 84 LR on Probabilistic Fire Growth Model (UCLA) January 85 r-LR on Improved Models (NBS) March 85 LR on Suppression Effectiveness (SNL) April 85 LR on Fire Scenario Quantification (SNL) April 85 Report on RMIEP Plant Fire Risk Analysis (SNL) October 85 INTERFACES:
RMIEP Fire Protection Research Program Integrated Dependent Failure Methodology 66
l 6.2.23 -TITLE:
External and Internal-Flood Risk Analysis OBJECTIVE:
- 10 develop a methodology to estin. ate the overall risk of flooding of Lnuclear power plants in terms of~the likelihood and consequences of failure of 9- ' design flood protection.
NEEDS BEING ADDRESSED:
- 8 -: Methods for Internal Floods
.#9 - Extreme Flood Estimation DELIVERABLES:
' Evaluation of nuclear power plant flood risk methodologies (for external
' or internal flo'oding sources) (June 1984).
Probability of nuclear plant flooding from upstream dam failures, seiche and tsunami (Sept. 1986).
Methods to estimate the probability of nuclear plant flooding by extreme floods at and beyond the design flood elevation (Sept. 1986).
Flood methodologies and data tested.for a specific site (Sept. 1988)
Evaluation of nuclear power plant flood design criteri,a. (Sept. 1989)
-INTERFACES:
Risk Methodologies' Integration and Evaluation Program Root Causes of Component. Failure Program Integrated Dependent Failure Methods Integrated PRA Software Program 67
l 6.2.24 TITLE:
The Study of Uncertainties in.the Systems Analysis Part of Seismic PRA T
OBJECTIVE:
To understand the qualitative and quantitative effect of more detailed and realistic.modeling.of electrical, signal, control and instrumentation failures.andlof operator response following seismic activity on the insights gained from seismic PkAs.
-NEEDS BEING ADDRESSED: >
- 3 - Integrated System Modeling
~#4 - Control System Analysis
- 6 - Integrated Seismic Methods DELIVERABLES:
Final Report - Feb. 1986 INTERFACES:
NRR Review of Zion and Limerick PRAs RMIEP SSMRP PRA Methods Improvement Integrated Dependent Failure Methodology 68
.6.3 Research Plan for Risk Reduction (Issue 3)
This section contains a description of the research plan for Issue 3.
)
i
.69
6.3.1 TITLE
Accident Sequence Evaluation Program OBJECTIVE:
ASEP will provide research results to be used by the Source Term work, proposed Severe Accident Policy Statement and other safety and regulatory issues. In particular, ASEP will: (1) provide updated LWR accident sequence information for all operating and near-term operating plants; (2) organize --
the LWRs into a plant classification hierachy; (3) identify the dominant sequences for each plant class; (4) describe the accident sequence likelihcod characteristics; (5) identify the generic accident sequence insights; (6) com-pare the accident sequence likelihood characteristics with accident sequence precursor results; and (7) identify NRC research and licensing application needs.
d NEEDS BEING ADDRESSED:
- 29 - Identify and describe dominant accident sequences.
DELIVERABLES:
Catalog of PRA Dominant Accident Sequence Information (Draft NUREG/CR - September 1984; Final NUREG/CR - September 1985)
Event Tree and Plant Grouping (Information Letter (IL) - December 1984)
Sensitivity Analysis Methodology (IL - October 1984)
Interim Accident Sequence Evaluation (IL - March 1984; Draft NUREG/CR -
September 1985; Final NUREG/CR - February 1986; RIL - June, 1986)
Final Accident Sequence Evaluation (IL - October 1986; Draft NUREG/CR -
March, 1987; Final NUREG/CR - September 1987; RIL - February 1988)
Computerized Data Base Management Systems and Information Retrieval System on Generic Accident Sequence Information - Methodology / User Manual (NUREG/CR - April 1988, RIL - September 1988)
INTERFACES:
Severe Accident Risk Reduction Program Accident Source Term Program Office Severe Accident Sequence Analysis Accident Management Human Factors Accident Sequence Precursors Inspection Guidance LC0 and Surveillance IPRDS Program Statistical Techniques for Risk Analysis 70
V.: Mw.ye::.5.MW '35.S.d. 3#4 3.174.? & .'.?. W + A .
y ,
6.3.2 TITLE
Severe Accident Risk Reduction Program OBJECTIVES:
The objectives of SARRP are: (1) to assemble data on accident sequance frequencies and characteristics, accident physical processes, and other re < -
vant data; (2) to use this information to generate estimates of the risk of m specific plants and generic classes of plants; (3) to evaluate the risk reduc-tion potential and costs of alternative means for reducing risk; and (4) con-tribute to the development and generation of the characterization of this data in manners which best support decisionmaking. In performing work to meet this objective, the SARRP program supports the NRC's assessment of the need to provide additional severe accident protection in existing LWRs, as described in the Commission's Severe Accident Policy Statement (Draft - 2/21/84).
NEEDS BEING ADDRESSED:
- 30 -
- 31 -
- 32 -
DELIVERABLES:
- Report on the risk of the ASTP0 reference plants Jan. 1985
- Report on the cost-effectiveness of changes to the ASTP0 reference plants Jan. 1985
- Report on the risk and cost-effectiveness of risk reduction for generic plant classes June 1985 Report on the evaluation of risk and/or cost-effectiveness of risk reduction for specific issues requiring attention in NRC licensing / regulatory process As needed*
- Report on the re evaluation of the risk and cost-effectiveness of risk reduction of reference plants and generic plant classes (using advanced likeli-hood and consecuence data) June 1987 -
INTERFACES:
Accident Sequence Evaluation Program Accident Source Term Project Officer (ASTPO) 71 =
r
A Y /
6.3.3fTITLE:
Support.for Decisionmaking -.
- OBJECTIVE:
w 'V TDevelop and. Demonstrate Method for Effective, Display of Information for Decisionmakers
-m Provide.means for Reaching Consensus on Scope and Format of Regula-tory Analysis-
- Provide' Feedback to NRC Research Programs Prepare Regulatory Analysis to Support Severe Accident. Decision NEEDS BEING-ADDRESSED:
- 30.-
- 33 --
- DELIVERABLES:
- Informatiion Display Methodology and Format -11/84
- IRegulatory Analysis Reports 6/85 INTERFACES:
.. Severe = Accident Risk Reduction: Program
- Value/ Impact Analysis
+
x
\
l 6
t
.+
b 72
~
- .-.~-._2-_
6.3.4 TITLE
Risk Importance Measures OBJECTIVE:
- Develop a Systematic, Risk-based Approach for Structuring and Prioritizing Safety Assurance Program and Activities
- Develop an Information Data Base for Implementation of the Approach
- Recommend, Develop and Apply Techniques for Assessing and Displaying the Risk Importance of Reactor Systems and Components NEEDS BEING ADDRESSED:
- 34 -
- 35 -
- 36 -
- 37 -
- 38 -
- 41 -
DELIVERABLES:
Report Specifying Improved Methodology for 10/85 Importance Measures Report on " Utilization of Risk Importance Measures 10/85 by I&E" INTERFACES:
Reliability Program Inspection Effectiveness Time Dependent Reliability Modeling 73
<~ _ _
, %. gf- .
, p% '
~ L6.3.5 TIT'Ei L I '
.e. ~Value/ Impact Analysis
, OBJECTIVEI
- :- Develop, Document and Demonstra'te. Uniform Acceptable Value/ Impact-
~
4 Analysis Procedures-PerformLvalue/ impact analysis ~on Major Regulatory issues.
LN'EED BEING ADDRESSED:
'#30 -
- 33z-1 DELIVERABLES:
, Complete ongoing V/I Analyses on major-a; regulatory issues 10/85 INTERFACES:
' Severe < Accident Risk Reduction' Program (SARRP)
- A11Lproposed generic req'uirements
-Regulatory _ Analyses for Proposed Rulemaking
- 3. .
s.
" l -f s
.u .
b d
b 74
6.3.6 TITLE
Research Prioritization OBJECTIVE:
Develop a systematic, risk-based approach for research prioritization Identify and prioritize research needs from a risk perspective NEEDS BEING ADDRESSED:
All DELIVERABLES:
Report on Research prioritization process (February 1985)
Risk-based information for research needs (June 1985)
INTERFACES:
All Programs 75
6.3.7 TITLE
Foreign Experience -
OBJECTIVE:
Analyze Regulatory Practices Related to Severe Accidents in Nuclear Power Plants Including:
- Requirements Imposed on New and Existing Plants and the Rationale for these Requirements .
- Process for Making Decisions concerning Severe Accident Protection
- Role of PRA and reliability Analyze Other Uses of PRA in the Regulatory Process Determine What lessons learned can be Applied to NRC Regulatory Practices NEEDS BEING ADDRESSED:
- 33 -
DELIVERABLES: ,
Report on Foreign use of PRA and reliability 11/84 in the Regulatory Process in selected foreign countries. This includes:
Foreign plant specific requirements Foreign generic regulatory applications Foreign legal applications Applications of Foreign Experience to potential U.S. practices.
Continue Data Base development and documentation of foreign experience using PRA and reliability analysis. 10/85 Provide continued support to CSNI to carry out its 10/85 role and objectives.
INTERFACES:
Severe Accident Research Program (SARP) 76
6.4 Research Plan for Maintaining an Acceptable Risk Level (Issue 4)
This section contains a description of the research plan for Issue 4.
77
6.4.1 . TITLE:
Reliability Program OBJECTIVE:
Develop, evaluate, and recommend to NRR and IE reliability program elements for use by operating LWR licensee.
NEEDS BEING ADDRESSED:
- 34 - Designing reliability into systems important to safety
- 35 - Prevention of reliability degradation during operation DELIVERABLES:
Recommended reliability program elements for reactor operations preliminary recommendation prior to tiial use - January 1985 final recommendation after trial use - December 1986 Recommended Reliability program elements for design of new plants and replacement ~ equipment
- preliminary recommendation prior to trial use - July 1985
- final recommendation.after' trial use - December 1987
~ INTERFACES:
This research is coordinated with:
NRCs ongoing regulatory programs, which have in place or are develop-ing various elements of a reliability assurance program and will implement the results of this research project (e.g., QA, human fac-tors, ATWS rule, reliability data reporting and feedback systems)
- NRC research on related areas (e.g., reliability analysis methods and data, risk importance measures, methods for optimizing LOCs and surveillance intervals, methods to help prioritize NRC inspection,
' accident sequence evaluation, and aging, and maintenance)
~
- Related nuclear industry initiatives at EPRI, NSAC, INPO, and utilities
- Related reliability practices in aerospace and defense industries
- 78 I
6.4.2 TITLE
Time Dependent Reliability Modeling OBJECTIVE:
Develop and apply a methodology to evaluate operating procedures for safety systems in standby, operating, and phased-mission stages; permit setting LCO's and surveillance requirements; investigate usefulness of design modification in terms of varying redundancies; and to perform sensitivity analyses to various testing, operating, and maintenance strategies.
NEEDS BEING ADDRESSED:
- 5 - Integrated Software Package
- 36 -
- 37 -
- 38 -
- 39 -
- 40 - from Technical Specification Program l DELIVERABLES:
A FRANTIC III methods manual and a user manual (March 1985)
Draft report describing a modification to FRANTIC III and an application to analyze components whose failures are controlled by a leading cause, rather than being comprised of equally reliable elements. (Sept. 1985)
An application of FRANTIC II and other models to specific NPPs to develop a methodology to provide a quantitative basis for revising LCOs and surveil-lance frequencies in the technical specifications (draft April 1985)
Reports evaluating operating procedures for safety systems in standby, operating, and phased-mission stages; and describing sensitivity analyses to various testing operating, and maintenance strategies. (September 1986-1987)
INTERFACES:
Pisk Methods Integration and Evaluation Program Reliability Program Inspection Effectiveness Risk Importance Measures Program Accident Sequence Evaluation Program Stati.stical Techniques for Risk Analysis Integrated PRA Software Development A
79
6.4.3 ' TITLE:
Risk Assessment Application to NRC Inspection 0BJECTIVE:
To determine reliability and ritk assessment methods and information that can be used to prioritize and modify NRC inspection. activities so that IE can concentrate their activities in areas.having greatest impact on plant safety.
NEEDS BEING ADDRESSED:
- 41 --
- 42 -
DELIVERABLES:
Risk based information that enables inspection activities to be prioritized such as importance measures and.their combinations. Test case for Arkansas Nuclear Unit will be developed for testing purposes by the resident inspector
.by 9/1/84' .
- INTERFACES:
Accident' Sequence Evaluation Program (Sandia)
Precursor Program (ORNL)
Risk Importance Measures (BCL) . .
Risk Limitation Effectiveness of Regulations
~
Reliability Program 80
6.4.4 TITLE
Effectiveness of LWR Regulatory Requirements in Limiting Risk OBJECTIVE:
To identify LWR regulatory requirements that have marginal importance to risk.
NEEDS BEING ADDRESSED:
- 43 -
DELIVERABLES:
Program is currently being finalized.
INTERFACES:
Inspection Effectiveness.
Importance Measures.
Time-Dependent Reliability Modeling.
Reliability Program.
81
6.5 Implementation Schedule This section contains a summary of the deliverables from the research programs. They are organized chronologically.
82
Table 6-3 Deliverables in chronological order SEPTEMBER 1984 PRA software review PRA software program plan Revision of health effects models Protection factors for respiratory protection Validated method of acquiring human error data from computer modeling of maintenance roles and functions Validated methods for acquiring human error data com field, training simulator and expert judgment sources Data on the feasibility of integrating HRA requirements into the HRA process Tested method for acquiring human error data from a third party manage NPSRS Tested human reliability data bank concept Data on the feasibility of utilizing human error and related performance shaping data, to determine the impact of human error on overall NPP risk LER data summaries for protective relays, circuit breakers, and time delay relays Pipe break frequency estimates for systems found important in past PRAs Uncertainty analysis technique comparison Draft PTS report on Calver Cliffs Catalog of PRA dominant accident sequence information (draft)
OCTOBER 1984 RMIEP approach to fire PRA Integrated common cause failure analysis methods for RMIEP LER data summarizes for inverters Identification of candidate root cause categories NOVEMBER 1984 RMIEP approach to internal flood PRA Draft PTS Report on Robinson Information display methodology and format Report on foreign use of PRA in regulatory process MELCOR-Initial version for NRC use and verification DECEMBER 1984 Improved methodology for accident sequence ' precursors RIL on MELCOR-1 Localized deposition models and revised consequence estimates Methods for uncertainty analysis in PRA for RMIEP 83 i
,m- .,
a, f .
y, ,
& l 1
) Table 6-3 (Continued)
JANUARY 1985 Reliability-program elements for operation recommended for
-trial-use Mdthodology:for the collection and analysis of subjective. data
. Identification of significant component use conditions Probabilistic analysis.of operator. misdiagnosis of accident initiating events.
3 Definition of components, evaluation of existing data on component failures,-and trial application Report on the risk of the ASTP0 reference plants Report on the cost-effectiveness of changes to ASTP0 reference plants
.b -
FEBRUARY:1985 Independent evaluation of SEISIM Document design for a PRA Report on Research prioritization process.
-MARCH 1985 Methodology. for common cause quantification W . Methods for sensitivity analysis in RMIEP
'PRA. accident recovery modeling
-Conceptual' Designs for Experiments for Wet Plume Deposition FRANTIC III. methods manual and user manual <
t i APRIL'1985-
' Program plan for harsh data collection FRANTIC II application to NPPs for LOCs MAY'1985 Useof realistic thermal-hydraulic modeling in PRAs
! JUNE 1985
- Evaluation of nuclear power plant flood risk '9 ; od91ogies t- Report on the risk and cost-effectiveness O r i r. reduction for' generic plant risk.
Risk-based information for research nes %
Regulatory analysis reports
. 84
.; y Table 6-3 (Continued)
- JULY.1985-Reliability assurance program elements for design recommended for trial use Candidate sites for piggyback experiments for deposition of wet plume experiments
' SEPTEMBER 1985 i
~
FTAP-COMCAN III documentation and code
'PLMOD documentation and code PRA software design report Improved: version of Frantic III Data on-the feasibility of extending computer modeling concepts and tech-niques of operations roles and functions Data on the feasibility'of extending human reliability data bank concepts
.and techniques to NPP hardware and structural data management Data on the feasibility of systematically applying NRA/PRA results as baseline measures to evaluate man-machine safety systems, and support development of man-machine safety system design concepts 1 Testable method for integrating HRA requirements more fully into the PRA process Testable models for utilizing human error and related performance shaping
< data', to determine the impact of human error on overall risk
.-A-thorough statistical analysis of LER summaries in format for use in PRAs Methods of estimate probability of NNP flooding from external sources .,
Catalog of PRA dominant accident sequence information (final)
' OCTOBER 1985 s
, Circuit breaker reliability data report Instrumentation reliability data report Report on RMIEP plant fire analysis
-SIGPI comparison SIGPI Portable' Code and User's Manual
- Time-dependent Fault Graphs Report of selected V/I analyses
.Repoft on specifying' improved methodology for importance measures ~>
Report on utilization of risk importance measures by I&E L. i DECEMBER 1985 ,
1982-1984 precursor report MELCOR public release and RIL
~ '
F 85
~ ' '
p..,._. --
- , . e
(
-.S-l Table 6-3 (Continued)
JANUARY ~1986 l l
Recommendations for trial use of alert levels to distinguish when
. component failureirates are high enough~to become safety concerns A methodology for conservatively assessing safety goal compatibility Identification of,significant component use conditions Methods to estimate the probability of nuclear power plant flooding by extreme floods at or beyond the design flood level
(
A FEBRUARY 1986 Uncertainties in the Systems Analysis Part of Seismic PRA
' MARCH 1986 Final-accident sequence evaluation report
+ APRIL 1986 ,
t 1 -LaSalle accident sequence likelihood report (draft)
-JUNE 1986 Probability of NPP flooding from upstream dam failures, seiche, and tsunami
'-JULY 1986 Evaluation of PRA seismic methods
, RMIEP methods reports
(
SEPTEMBER 1986 PRA software and draft documentation Tested methods-for systematically applying HRA/PRA results as baseline measures to evaluate man-machine systems, and support development of man-machine. safety system guidelines
. Validated method-for_ integrating HRA requirements fully into the PRA process Tested method for extending human reliability concepts and-techniques to NPP hardware and structural data management .
r Validated models for utilizing human error and related performance shaping x data, to determine the impact of human error on overall NPP risk Requirements'and logic for Computer Modeling of selected NPP operations, safeguards and manpower' functions and roles
-Statistical evaluation of NPRDS for PRA data needs
.PRA modeling considerations for ' reliability monitoring and reliability assurance Survey'of treatment of design and construction errors Flood methodologies and data tested for specific site using integrated dependent failure approach Probability of NNP flooding from external sources n: gg
e --
Table 6-3 (Continued)
-0CTOBER 1986-l Methodology utilizing' incipient and catastrophic failure histories to '
estimate component reliability and assess maintenance effectiveness Transnational reliability data base Reliability data analysis methodology Harsh environment data source Procedure for treatment of wind risk in PRA LaSalle containment / consequence' report (draft) s DECEMBER 1986 Reliability assurance program elements for reactor operations 1969-1981 precursor re-evaluation DECEMBER 1987 Reliability assurance program elements for design Criteria'for alert levels to distinguish when component failure rates become high enough to become safety concerns Updated dependent failure analysis procedure
' Harsh environment hazard assessment guidelines
- JANUARY 1987
-Component failure rate data report JUNE.1987
, Evaluation of nuclear power plant flood risk methodologies (for internal and external floods)
- Report on the re-evaluation of the risk and cost-effectiveness of risk reduction of reference plants and generic plant classes.
' JULY 1987 Treatment of seismically induced fires and floods
- SEPTEMBER 1987 PRA software and final documentation A user-friendly NPP data base for use in PRAs Treatment of micro processor reliability in PRAs l- . User oriented computerized ASEP event tree / fault tree models Computerized data base management system on generic accident sequence
~information 87
[. , l
.-4 Table 6-3'(Continued)
,0CTOBER 1987 'l
' Updated data base of original-IPRDS plants- i Expanded.IPRDS~ data base to include 4 additional units ;
. Report on conclusions of MELCOR testing and quality assurance' tasks l t
6 7
0' k
x e
f f
e.
t 4
+
h
? .
88
w k
~
6.6 Future Research
~
--This document' describes the current plan. ~ It addresses PRA needs as they are now understood. It is expected that in the future, new needs will arise as a result ~ of NRC user requests, issues identified in RMIEP, and new regulatory issues. No new plant PRAs beyond RMIEP are envisioned. The detailed RMIEP models will lastingly serve as a test bed for new methodologies as they become sufficiently mature to be integrated with existing PRA methods. The results of work on the root cause of failures and errors will clearly improve the
- usefulness.of PRA results in the resolution and prevention of safety problems, and-this work should identify other areas of needed future research.
- Comment on this document undoubtedly will focus attention on future needs more explicitly. Therefore, a more detailed discussion of future needs will be deferred until the f,irst revision.
89
~n . .
t 3
~, ' _
, p n ., .
1 R L/
.s
= . , ..
c', , ff.7':ProgramPrioritization s
. .. _.z .
Each year the;.research needs_ wil1 be-evaluated,' assessed, and'prioritized.
J i
4 ..
The-prioritization will follow the steps outlined in the report Research I
, ~ 2Prioritization' currently being finalized.
3
- The criteria ~to be used in the research prioritization are defined in (Table 6-4; The last criterion, program _effica'cy-is defined in Table 6-5.
P y .
.a e
$ $ g.
t i i
l . g., _
rA 5 t.f, .- s
+
3 ,)
- I
t a p
.p ,
_ f 1
-t
( ..
j -i.,
3 1s{ -
.-y , .
3 90 V
-a , - , , w - e.,- l s ., +~,-n , ,s,s e-- ,, . - - - , , ~n ..m,n- , - - - , ,- e,-,s, .-,n, --
,-1A--. e,-.-m,,.---m-.,,- , ,,w w w-v
gn - -- -
, , .1
.i iw , j Table 6'4 Criteria definitions l
2;_ REGULATORY:SIGNIFICANCEL - Important with regard to regulatory needs and
~
regulatory issues RISK < RELEVANCE: Importance with regard to risk and risk uncertainty
- contribution.
RESEARCHJIMPACT:
The impact research can have on addressing the issue Or reducing the uncertainty
' PROGRAM EFFICACY: The effectiveness and efficiency of the program in
- addressing the research need I (-
'. $ i f
i t
-k 91 u - w-= C --~
- m-v--- -m
,y -,egy y -w *-w-- -p y -- p g- m+y---- 7+--3 --
.r; - <.
i
~
a .1.. >
L ,
e-Table 6-5 Attributes determining-program efficacy !
x <:
't
- ProgramLScope: Reghlatory or research need addressed including relationship to the larger problem (the research sub element)
(
's - Program Importance: Importance of the need which is addressed in the
..- program
, e rr Timeliness: Degree to which the program schedule meets the schedule oftregulatory needs Shecificnessof-tasksandmilestones,whichenables
~
Specificity of Tasks:
program progress to be effectively monitored
.Stafffand Facilities: Quality of staff and facilities involved in the program Actual projected costs of the program LCosts:
s i
4 f-4
'l
'u i 92 F
+ n -. , -.. .~ - . . - - . . - - ,
'O
" U.S. NUCLEA2 CEtVLATORY COMMISSION
. BIBUOGRAPHIC DATA SHEET NUREG-1093 4 TITLE AND SUBTITLE (Add Volume No., of appewnatel 2. (Leave Domkl
-R; liability and Risk Analysis Methods Research Plan
- 3. RECIPIENT'S ACCESSION NO.
- 7. AUTHOR (S) 5. DATE REPORT COMPLETEO MONTH l YEAR September 1984
- 9. PERFORMING ORGANIZATION NAME AND MAILING ADDRESS (Include Ina Code) DATE REPORT ISSUED Division of Risk Analysis and Operations October I 5 "984 Office of Nuclear Regulatory Research - , g ,t,,,, ,,,,,,
'U.S. Nuclear Regulatory Conin1ssion tshington, DC 20555 8- (t ,av , ua,,*i
- 12. SPONSORING ORGANIZATION NAME AND MAILING ADDRESS (Inctude 2,p Codel p
S:me~as 9 above. , , ,,y so.
- 13. TYPE OF REPORT PE RIOD COV E RE D IInclussve dates)
Final IS. SUPPLEMENTARY NOTES 14 (Leave orm A1
- 16. ABS TR ACT (200 words or less)
This ' document presents a plan for reliability and risk analysis methods research to be p;rformed mainly by the Reactor Risk Branch (RRB), Division of Risk Analysis and Operations (DR40)', Office of Nuclear Regulatory Research. It includes those activities of other DRA0 branches which are very closely related to those of the RRB. Related or interfacing programs of other divisions, offices and organizations are merely indicated.
The primary use of this document is envisioned as an NRC working document, covering about a 3-y ar period, to foster better coordination in reliability and risk analysis methods development between the offices of Nuclear Regulatory Research and Nuclear Reactor Fagulation. It will also serve as an infonnation source for contractors and others to nore clearly understand the objectives, needs, programmatic activities and interfaces together with the overall logical structure of the program.
~
- 17. MEY WORDS AND DOCUMENT AN ALYSIS 17a DESCRiPTORS R311 ability Analysis Risk Analysis PRA R::s arch Plan Probabilistic Risk Analysis 17b. IDENTIFIE RS OPE N ENDED TERYS
- 18. AV AILABILITY ST ATEMENT 1 S ti A S /Tms reporri 21 NO OF P AGE S Unlimited 2gjggggstr~o-, 22 ja.Ce NCC F OAV 335 ist ,n
UNITED STATES '< rou:rn etmas exit
. NUCLEAR REGULATORY COMMISSION 2*',*, cts raio WASHINGTON, D.C. 20555 wasw. o c.
PERMIT No. G $7 OFFICIAL BUSINESS
~ PENALTY FOR PRIVATE USE, $300 l
i l
i l
)
120555078877 1 1ANIRG115
'US NRC
'AOM-DIV OF TIDC POLICY &' PUB MGT BR-PD2 NUREG W-501
. WASHINGTON DC 20555
, - . . . . - , - . . - - , - . . - - , -