Text

Digital IC Presentation 11/09/2021
	ML21306A316
Person / Time
Site:	Grand Gulf, Arkansas Nuclear, River Bend, Waterford
Issue date:	11/09/2021
From:	Mallecia Sutton; NRC/NRR/DANU/UARL
To:	; TerraPower
	Sutton M
References
	Download: ML21306A316 (31)
	v • d • e

Objectives

Natrium' Reactor Overview

Simplified Safety Case - I&C Implications

Defense-in-Depth Concept

Plant I&C Architecture

Design Review Guide: I&C for Non-LWR

Safety Related I&C Vendor Selection Process

Cyber Security Program SUBJECT TO DOE COOPERATIVE AGREEMENT NO. DE-NE0009054 Copyright© 2021 TerraPower, LLC. All Rights Reserved. 2

Natrium Reactor Licensing Overview

Regulatory Engagement Plan submitted 6/8/2021

10 CFR 50 licensing process will be followed

- Construction Permit Application 8/2023

- Operating License Application 3/2026

Numerous pre-application interactions are planned to reduce regulatory uncertainty and facilitate the NRCs understanding of Natrium technology and its safety case

The Licensing Modernization Project (LMP) (NEI 18-04), as endorsed by RG 1.233, will support this application SUBJECT TO DOE COOPERATIVE AGREEMENT NO. DE-NE0009054 Copyright© 2021 TerraPower, LLC. All Rights Reserved. 3

Natrium Reactor Licensing Overview

Each pre-application interaction will build upon risk insights from prior interactions to demonstrate the Natrium reactors safety case.

Future Meetings and Presentations include:

- Risk-Informed, Performance-Based Principal Design Criteria

- Energy Island Decoupling Strategy

Advanced Reactor Demonstration Program

Demonstrate the ability to design, license, construct, startup and operate the Natrium reactor within the Congressionally mandated seven-year timeframe

Include improvements in safety, security, economics, and environmental impacts

Utilize a simple, robust, reliable, and proven safety profile

Lower emissions by initiating the deployment of a fleet of Natrium reactors - Demonstrate that the plants can be built economically and that they will be attractive for future owner/operators SUBJECT TO DOE COOPERATIVE AGREEMENT NO. DE-NE0009054 Copyright© 2021 TerraPower, LLC. All Rights Reserved. 5

Demin Water Firewater Turbine Building Steam Generation Standby Diesels Warehouse

& Admin TI Power Distribution Salt Piping Center Rx Aux. Building Inert Gas Shutdown Cooling Rx Building Energy Storage Tanks Control Building Fuel Building NI Power Distribution Center & Controls Fuel Aux. Building SUBJECT TO DOE COOPERATIVE AGREEMENT NO. DE-NE0009054 SUBJECT TO DOE COOPERATIVE AGREEMENT NO. DE-NE0009054 Copyright© 2021 TerraPower, LLC. All Rights Reserved.

Plant Overview Reactor Building Reactor Aux. Building Fuel Handling Building Reactor Air Cooling Ducts Refueling Access Area Intermediate Salt Piping to/from Air Cooling Thermal Storage System Sodium Int. loop Ground Level Sodium/Salt HXs Spent Fuel Pool (water)

Head Access Intermediate Sodium Hot Leg Area Intermediate Sodium Cold Leg Reactor Reactor Air Cooling / Reactor Cavity and Core SUBJECT TO DOE COOPERATIVE AGREEMENT NO. DE-NE0009054 Copyright© 2021 TerraPower, LLC. All Rights Reserved. 7

Natrium Safety Features Control

Pool-type Metal Fuel SFR with Molten Salt Control Energy Island

- Metallic fuel and sodium have high compatibility - Motor-driven control rod runback

- No sodium-water reaction in steam generator - Gravity-driven control rod scram

- Large thermal inertia enables simplified response to - Inherently stable with increased power or abnormal events temperature

Simplified Response to Abnormal Events

- Reliable reactor shutdown Cool

- Transition to coolant natural circulation - In-vessel primary sodium heat transport

- Indefinite passive emergency decay heat removal (limited penetrations)

- Low pressure functional containment

- Intermediate air cooling natural draft flow

- No reliance on Energy Island for safety functions

- Reactor air cooling natural draft flow -

No Safety-Related Operator Actions or Cool always on AC power

Technology Based on U.S. SFR Experience Contain

- EBR-I, EBR-II, FFTF, TREAT - Low primary and secondary pressure

- SFR inherent safety characteristics demonstrated - Sodium affinity for radionuclides through testing in EBR-II and FFTF - Multiple radionuclides retention boundaries Contain SUBJECT TO DOE COOPERATIVE AGREEMENT NO. DE-NE0009054 Copyright© 2021 TerraPower, LLC. All Rights Reserved. 8

Simplified Safety Case - I&C Implications

Design Review Guide: I&C for Non-LWR Reviews (ML20238B936) highlights the importance of simplicity in the I&C review Simplicity of the design will facilitate The staff considers simplicity to be a cross-cutting concept that the NRC staffs efficient assessment supports the fundamental I&C design principles discussed in of the safety of the I&C design Section X.0.1.1 for developing I&C systems with high reliability.

The simplicity achievable in I&C design is somewhat constrained by the complexity of the overall plant design and its safety approach

The simplicity of the Natrium plant design and safety approach allow for a simple, small-scope implementation of safety-related I&C functions, compared to past LWR applications SUBJECT TO DOE COOPERATIVE AGREEMENT NO. DE-NE0009054 Copyright© 2021 TerraPower, LLC. All Rights Reserved. 9

Fuel Cooling - RAC

Always in operation

Performs both ECCS and RHR roles

No automatic or manual control actions to place in service

No electrical power

No support systems Eliminates existence of Safety-Related I&C systems to initiate, control, and monitor ECCS, RHR and EAS equipment SUBJECT TO DOE COOPERATIVE AGREEMENT NO. DE-NE0009054 Copyright© 2021 TerraPower, LLC. All Rights Reserved. 10

Functional Containment: A barrier, or set of barriers taken Contain together, that effectively limits the physical transport of radioactive material to the environment (SECY-18-0096)

No penetrations exist through reactor vessel and guard vessel

No significant pressure differential across the primary boundary

Layers of passive barriers and transport inhibitors

Fail-safe isolation valves on sodium processing and cover gas lines Eliminates need for I&C to initiate large-scale, active containment isolation functions Figure credit: Argonne National Laboratory, ANL-ART-49 Vol 1 SUBJECT TO DOE COOPERATIVE AGREEMENT NO. DE-NE0009054 Copyright© 2021 TerraPower, LLC. All Rights Reserved. 11

Control of Reactivity - Scram

De-energize to actuate: Removing power from actuation devices frees neutron absorber to fall into reactor core by gravity

Current design concept: On LOOP, actuation devices are de-energized without requiring action from the RPS.

Reduced inventory of scram initiating conditions

- All scram initiations based solely on Nuclear Island parameters

Molten salt storage tanks eliminate direct coupling of reactor plant and turbine/generator output which is inherent to PWRs and BWRs

- Decoupling eliminates fast transients in the reactor system caused by BOP failures/maloperation - such failures do not require direct protection by scram Supports a simple implementation of Safety-Related RPS SUBJECT TO DOE COOPERATIVE AGREEMENT NO. DE-NE0009054 Copyright© 2021 TerraPower, LLC. All Rights Reserved. 12

Early Design Application of DID

Design team is applying an explicit Defense Line (DL) approach consistent with IAEA SSR-2/1 DL definitions:

- Identification of mitigating functions for PIE and event sequences

- Assignment of functions to DLs

- Confirmation of two functional DLs capable of mitigating initiating events

- Derivation of independence and diversity requirements between NEI 18-04, Figure 3-2 functional DLs

Supports early indications of safety classifications:

- DL3 functions match SR assignment in LMP

- DL4 functions align with NSRST assignment in LMP but with some expected differences

- In exceptional cases, a DL2 function may align with NSRST

This approach is intended to minimize design iterations and decreases potential for surprises when the RIPB Evaluation of DID Adequacy step is performed SUBJECT TO DOE COOPERATIVE AGREEMENT NO. DE-NE0009054 Copyright© 2021 TerraPower, LLC. All Rights Reserved. 13

Defense-in-Depth Concept

Five DLs comprising programmatic elements, design features and design functions

DL1:

- reduce potential for initiating events to occur

- reduce potential for failures in subsequent DLs

DL2, DL3, DL4:

- Ensure performance of FSFs in response to initiating events

DL5:

- Off-site emergency preparedness in case substantial radioactive release occurs or appears imminent Defense Lines provide a relatively simple, consistent framework to support organizing the design basis SUBJECT TO DOE COOPERATIVE AGREEMENT NO. DE-NE0009054 Copyright© 2021 TerraPower, LLC. All Rights Reserved. 14

Defense-in-Depth Concept

Among DLs 2, 3, 4:

- Two independent lines can mitigate AOO initiating events

- Two independent lines can mitigate DBE initiating events

- One line can mitigate DBE initiating event caused by CCF in DL2 or DL4

Mitigation means must be independent from effects of initiating CCF

- Mitigation of initiating event caused by CCF in DL3, and BDBE initiating events, by unaffected functions in any DL Points of required independence and diversity in I&C Architecture design are determined based on this approach SUBJECT TO DOE COOPERATIVE AGREEMENT NO. DE-NE0009054 Copyright© 2021 TerraPower, LLC. All Rights Reserved. 15

Defense Line Analyses

Baseline analyses: Evaluate plant response to AOO and DBE PIEs assuming all plant functions perform as designed

- Preferably uses only DL2 functions; DL3 can be used

- Design basis for DL2 functions

Conservative analyses: Evaluate plant response to AOO and DBE PIEs assuming DL2 functions fail

- Must use only DL3 functions

- Design basis for DL3 functions

Extended analyses: Evaluate plant response to BDBE PIEs

- Must use DL4 functions when AOO PIE was not mitigated by DL2 alone in Baseline analysis

- Must use DL4 functions when DBE PIE was not mitigated by DL2 alone in Baseline analysis, and it was not mitigated to frequency less than 5E-7 in Conservative analysis Event List is the interface between analysis and design activities, to identify mitigation functions and assign them to DLs.

Event List Example

Baseline case: full mitigation by DL2 functions

Conservative case: full mitigation by DL3 functions

No Extended case required; mitigation by two functional defense lines achieved SUBJECT TO DOE COOPERATIVE AGREEMENT NO. DE-NE0009054 Copyright© 2021 TerraPower, LLC. All Rights Reserved. 17

I&C Functional Basis

Plant-level Operational Narratives:

- Define how the plant is expected to be operated normally

- Define expected/desired plant responses to off-normal situations

The off-normal narratives are currently housed in the Event List sequence summaries

Plant functions are systematically derived from the Operational Narratives

Plant functions are decomposed for allocation to plant systems and to I&C Architecture

I&C Architecture further decomposes for allocation to specific I&C systems During conceptual design phase, traceability of I&C functions to their originating basis is being established SUBJECT TO DOE COOPERATIVE AGREEMENT NO. DE-NE0009054 Copyright© 2021 TerraPower, LLC. All Rights Reserved. 18

Plant I&C Architecture - Basics

The Plant I&C Architecture is the organizational structure of the I&C systems in the plant

Organizational structure comprises definition of each I&C system in terms of its:

- Assigned functions

- Safety classifications, and

- Relationships to other systems (including communication between I&C systems)

The Plant I&C Architecture design is where the I&C implementation of the Defense-in-Depth Concept can be most readily defined and understood;

The fundamental design principles of independence, diversity, redundancy, and simplicity are first applied to the Plant I&C Architecture (not to individual I&C systems; the Source - Design Review Guide: I&C for I&C systems are constrained by application of these non-LWR Reviews principles at the plant-level).

Plant I&C Architecture - Process

Plant-Level I&C Architecture translates plant-level functions, performance objectives, and constraints into I&C system requirements

I&C Architecture Design Plan used to control the design activities in the Plant I&C Architecture scope

Current focus is on initial requirements definition and architecture design

Future activities

- Coordination and architecture updates to reflect I&C system design progression and plant design progression

Plant I&C Architecture - Requirements

1. Collect and define I&C Functional Requirements

- Define the necessary functions to control, operate and/or monitor a defined part of the plant process

2. Collect regulatory requirements, codes and standards

- Identify those that are applicable, scope of applicability and derivation of project/design-specific requirements to implement

3. Define I&C Architecture Requirements

- Define the requirements that determine which I&C systems must be independent and/or diverse from each other and levels of redundancy for each I&C system

4. Define Plant Constraints

- Identify constraints placed on the I&C from external influences, such as: Plant building and room layouts, environmental conditions, human factors, cyber security, process system interfaces, on-line maintenance approaches, etc.

Plant I&C Architecture - Design

5. Allocate I&C Functional Requirements

- Establish criteria to govern the process of decomposing I&C functions and allocating to I&C systems

- The act of function allocation establishes the justification for existence of interfaces between I&C systems

6. Define Plant I&C Architecture

- Establish the definition of each I&C system including its:

Design basis functions

Position among the Defense Lines

Safety Classification

Implementing technologies (technology platform)

Necessary interfaces

Physical location in the plant

7. Define I&C Interfaces

- Establish specific requirements to govern implementation of interfaces between I&C systems SUBJECT TO DOE COOPERATIVE AGREEMENT NO. DE-NE0009054 Copyright© 2021 TerraPower, LLC. All Rights Reserved. 22

Conceptual I&C Architecture (NI)

DRG: I&C for Non-LWR Reviews

Key messages from the DRG:

- Increased focus on how I&C supports plant-level objectives:

The reviewer should focus on verifying the applicable attributes of the I&C system design that support the plant level performance objectives

- Acknowledgement of importance of plant-level I&C Architecture:

implementation of the DID concept for I&C is achieved mostly at the I&C architectural level by allocating I&C functions into systems belonging to different levels of defense within the I&C architecture

- Recognition that diversity is in support of DID; not a goal in-and-of itself:

While diversity is part of the fundamental I&C design principals, it is only considered as one means to address CCF. Therefore, the review guidance focuses more broadly on the diversity in support of DID assessment SUBJECT TO DOE COOPERATIVE AGREEMENT NO. DE-NE0009054 Copyright© 2021 TerraPower, LLC. All Rights Reserved. 24

DRG: Topics for Future Engagements

Systematic Assessment

Safety Demonstration

I&C Hazard Analysis

App. A relationship to existing review guidance

RPS Vendor Selection

Establishing early partnership with RPS platform vendor is a Current Activity priority

Rigorous technology/vendor selection process established

Vendor Selection Criteria General III - Quality Responsiveness to RFP - Bidders must submit all proposal forms Quality Program - 10 CFR Part 50, appendix B Document quality - references, support for claims NRC Regulations Title 10, Code of Federal Regulations Part 21 On-time submittal Cyber programs including SDOE, supply chain, etc are in compliance I - Management & Operations with industry best practice Feedback from previous customers IV - Regulatory Acceptance Management and technical staff defined and adequate Regulatory project fit/licensing risk Supply chain reliability and quality Diversity/common cause failure - No DAS Required Resource commitments identified and adequate V - Business & Contract II - Technical Total Cost - must be reasonable and supported Technology Readiness and Maturity Schedule accuracy and time to Market including supply chain reliability System characteristics including performance, footprint, fit and finish Cost allocation between elements is well defined and supported Maintenance, support, training Prototype, simulator, modeling, or emulation of RPS system. Contract - acceptance of terms and conditions Reliability determined by PFD Assignment of IP Source code/ models for site-specific and platform provided Country of origin for components SUBJECT TO DOE COOPERATIVE AGREEMENT NO. DE-NE0009054 Copyright© 2021 TerraPower, LLC. All Rights Reserved. 27

RPS Vendor Selection Considerations

Analog vs. Digital (PLC vs. FPGA)

Intellectual property assignment (per 2 CFR 200; long term RPS maintenance)

Codes and Standards - Which version/revision to specify

Cyber Security

Cyber security must be integrated from conceptual design through operation of the facility Current Activity

Both programmatic efforts and plant system development efforts and included

Standardized flow down to vendors and subcontractors (supply chain) to assure consistent cyber treatment

Questions?

Acronym List AC - Alternating Current HX - Heat Exchanger AOO - Anticipated Operational Occurrence I&C - Instrumentation and Control ARDP - Advanced Reactor Demonstration Program LBE - Licensing Basis Event BDBE - Beyond Design Basis Event LMP - Licensing Modernization Project BOP - Balance of Plant LWR - Light Water Reactor BWR - Boiling Water Reactor PIE - Postulated Initiating Event CCF - Common Cause Failure PLC - Programmable Logic Controller CFR - Code of Federal Regulations PSAR - Preliminary Safety Analysis Report DBE - Design Basis Event PWR - Pressurized Water Reactor DID - Defense-in-Depth QA - Quality Assurance DL - Defense Line RFP - Request for Proposal DRG - Design Review Guide RHR - Residual Heat Removal EAS - Essential Auxiliary Support RIPB - Risk-Informed, Performance-Based EBR - Experimental Breeder Reactor RPS - Reactor Protection System ECCS - Emergency Core Cooling System SFR - Sodium Fast Reactor FFTF - Fast Flux Test Facility SRP - Standard Review Plan FPGA - Field Programmable Gate Array TREAT - Transient Reactor Test SUBJECT TO DOE COOPERATIVE AGREEMENT NO. DE-NE0009054 Copyright© 2021 TerraPower, LLC. All Rights Reserved. 31

ML21306A316

Text

Navigation menu

Search