ML23087A110

From kanterella
Jump to navigation Jump to search
Project Pele Risk-Informed Framework RAI 1 - Enclosure 1 - Questions
ML23087A110
Person / Time
Site: 07109396
Issue date: 04/18/2023
From:
Storage and Transportation Licensing Branch
To:
US Dept of Defense (DOD)
Shared Package
ML23087A108 List:
References
Download: ML23087A110 (13)
v  d  e


Text

Request for Additional Information Docket No. 71-9396 Project Pele By request dated February 20, 2023 (Agencywide Documents Access and Management System ML23066A202), on behalf of the Strategic Capabilities Office (SCO) within the Department of Defense, the Pacific Northwest National Laboratory (PNNL) requested U.S. Nuclear Regulatory Commission (NRC) review of PNNLs document titled Development and Application of Risk Assessment Approach for Transportation Package Approval of a Transportable Nuclear Power Plant [TNPP] for Domestic Highway Shipment.

This request for additional information identifies information needed by the NRC staff in connection with its review of the request for endorsement. Since the regulations in 10 CFR Part 71 are prescriptive requirements, the NRC staff evaluated the request for endorsement against some regulatory approaches and methods discussed in Regulatory Guide 1.200, Acceptability of Probabilistic Risk Assessment Results for Risk-Informed Activities and integrated safety analyses in NUREG-1520, Standard Review Plan for Fuel Cycle Facilities License Applications, as they are applicable to evaluating risk of transportation accidents. The requested information is listed by chapter number and title in the report. Each question describes information needed and the staffs justification for asking the question.

1.0 INTRODUCTION

1. Clarify whether the risk assessment approach for transport of a TNPP will be used only for accidents or will it be used for normal conditions of transport. If the approach is used for normal conditions of transport, then different dose criteria may be needed than for accidents.

Section 1.3 states that the dose rate regulatory limits will be met during transport, which is in conflict with the statement in section 2.1 which states that Compliance with all environmental and test conditions in 10 CFR [Title 10 of the Code of Federal Regulations] 71.41(a) and all leak rate and shielding requirements in 10 CFR 71.51 (Additional requirements for Type B packages) or 10 CFR 71.55 (General requirements for fissile material packages) after hypothetical accident conditions (HAC) will likely prove challenging for TNPP transportation packages. In addition, 10 CFR 71.43 requires no substantial reduction in the effectiveness of the packaging under the conditions specified in normal conditions of transport (10 CFR 71.71); it does not state an acceptable probability.

The transportation regulations in 10 CFR Part 71, have different dose rate and containment criteria for normal conditions of transport and hypothetical accident conditions in 10 CFR 71.47 and 10 CFR 71.51(a). (The dose rate criteria is located in in 10 CFR 71.41 and containment criteria in 10 CFR 71.51(a)(1)) for normal conditions of transport and the dose rate and containment criteria is in 10 CFR 71.51(a)(2) for hypothetical accident conditions.) This recognizes the fact that the impact of radioactive material to the public should be much lower during normal transport conditions than in an accident. In addition, development of the approach recognizes this in section 3.1 where it states, For routine and chronic exposures, 10 CFR Part 20 [Standards for Protection Against Radiation] provides regulatory limits and constraints that must be considered in decisionmaking. However, some of the accidents in table 4-5 appear to Enclosure 1

be similar to the tests and conditions for normal conditions of transport in 10 CFR 71.71, such as items 7e, 8b, 9a, 9c and potentially 11c.

2.0 DEFINITION OF REGULATORY APPROACH No questions 3.0 DEFINITION OF SAFETY GOALS AND RISK EVALUATION GUIDELINES

1. Clarify the discussion in document No. DOE-STD-3009-2014, Preparation of Nonreactor Nuclear Facility Documented Safety Analysis, relating to dose acceptance criteria for an accident.

Section 3.2.1 discusses that the acceptance criteria in DOE-STD-3009-2014 includes A radiological dose of greater than 25 rem to the public and 100 rem to workers is acceptable, if the likelihood of the accident that produces this consequence is 1E-06 per year or less; and is unacceptable if the likelihood of the accident is more than 1E-06 per year. However, on page 17, it also states: The standard [DOE-STD-3009-2014] states that if the unmitigated offsite release consequence of an accident exceeds the Evaluation Guideline (EG) of 25 rem total effective dose (TED) per year, then controls shall be applied to prevent the accident or mitigate its consequences to below the EG.

These appear to be in conflict with one another for a member of the public.

Also, on page 18, last paragraph the DOE-STD-3009-2014 states This analysis shall demonstrate how SC [safety class] mitigative SSCs [structures, systems, and components] and/or SACs [specific administrative controls] reduce consequences below the EG and how SC (if identified) and SS [safety significant] mitigative SSCs and/or SACs reduce co-located worker consequences below 100 rem, which appears to state that dose to a co-located worker should be mitigated to less than 100 rem, which is not what the document shows in its tabular form for the DOE Standard in tables 3-1 and 3-2, as both tables show that, for accidents with a frequency less than 10-6, there is no upper limit on the dose.

2. Clarify whether the results of an accident that meets the dose rate and containment criteria in 10 CFR 71.51, will also have to meet the quantitative health guidelines (QHGs.)

Discussion at the end of section 3.2, Development of Risk Evaluation Guidelines Surrogates for Safety Goal QHOs [quantitative health objectives], notes that some of the lower consequence higher likelihood bins violate the QHGs but seems to argue that the package will be designed to prevent these events anyway. That's more an argument that the package will easily meet these limits rather than an argument that the limits are acceptable.

3. Clarify whether terminology such as accidents, anticipated occurrences, etc., are defined in a manner that is consistent with NRC regulations or provide a definition of the terms.

Section 3, page 13, discusses potential risk evaluation guideline approaches and presents proposed risk evaluation guidelines for TNPP transportation package risk that are consistent with the U.S. NRCs safety goal philosophy, guidance, and historical practice.

Although the classification of not unlikely as greater than 10-4 per year could imply the scale could go all the way to 1 or more per year, the NRC has typically used other terms such as anticipated occurrences, or off-normal conditions to describe events or occurrences that can be anticipated to occur rather than referring to these conditions/events as accidents. In contrast, figures 3-1 and 3-2 in the SCO report provide accident frequency versus consequences based on DOE-STD-3009-2014 that cuts off the curve at a frequency of 0.01 per year, which is inconsistent with an accident as an event that does not have a frequency of 1.

In summary, discussion regarding the intent of calling items that are expected to occur as accidents versus what NRC might consider normal conditions of transport should be included in order to distinguish them from hypothetical accident conditions, see question 1 above, in section 1, INTRODUCTION. The term normal conditions is not used in 10 CFR Part 70 to represent such things as expected conditions and events. Importantly the regulatory requirements are different for accidents than for normal conditions (e.g.,

the occupational dose limit in 10 CFR 20.1201 for adults), only apply to normal operating conditions, and are the primary guidelines in emergencies - see 56 FR 23365; May 21, 1991; the dose limit of 100 mrem/year in 10 CFR 20.1301(a) for the public is the limit for normal operations. Discussion of the use of the term accidents versus normal conditions (e.g., is the intention to apply guidelines/limits for accidents to normal conditions of transport?) may be helpful.

Figure 3-5 (taken from NEI 18-04) uses the term event sequence. Regardless of the term used, discussion regarding the limits/requirements for normal conditions of transport (e.g., events expected to occur) and accidents (e.g., those events with a low likelihood of occurrence) - including how this is represented in figures and tables in the document, may be helpful. In discussing TNPP Safety Functions (section 4.3, page 61) there is an identification of normal conditions of transport and hypothetical accident conditions but figures just reflect all events as accidents. Additionally, the term anticipated is provided on page 73 as a frequency greater than or equal to 0.01 as an accident likelihood category - accidents should not be considered normal operating conditions, but this implies they are.

4. Revise section 3.2.2, to clarify that not all accidents with a dose of less than 5 rem are acceptable.

Section 3.2.2 NRC Performance Criteria for Integrated Safety Analyses of Nuclear Fuel Cycle Facilities depicts acceptable and unacceptable accident risk regions for the offsite public (Figure 3.3) and workers (figure 3.4) based on information in 10 CFR Part 70, Domestic Licensing of Special Nuclear Material, and NUREG-1520, Standard Review Plan for Fuel Cycle Facilities License Applications. Although NRC understands how these figures were constructed from portions of NRCs regulations and NUREG-1520, the construct of these figures need clarification to accurately represent key elements of NRCs regulations and NUREG-1520.

In particular, figure 3-3 depicts all accidents below 5 rem are acceptable for a license issued under 10 CFR Part 70. Although this is consistent with the development of the Integrated Safety Analysis (ISA) in 10 CFR 70.62, Safety Program and Integrated Safety Analysis, there are other requirements in 10 CFR Part 70 and expressed in NUREG-1520 that would make unacceptable a blanket approval of a 5 rem dose to the public (e.g., 10 CFR 70.61(c) requires controls to ensure an event with a dose of 5 rem is unlikely). The regulations provide requirements for unlikely and highly unlikely accidents at 10 CFR 70.61 and NUREG-1520 provides guidance regarding a numerical definition of unlikely and highly unlikely (i.e., unlikely is less than 10-4 per event per year and highly unlikely is less than 10-5 per event per year; page 3-32) and identify dose limits with respect to high and intermediate consequences (e.g., greater than 25 rem and 5 rem, respectively, for the offsite public; page 3-A-2). As explained in NUREG-1520, this construct was done to identify accidents for which the consequences and likelihoods yield an unacceptable risk index and to which items relied on for safety must be applied (page 3-A-3). The risk-informed methodology by the SCO appears to interpret this information as a public dose less than 5 rem is acceptable in all situations including accidents with a probability of 1 (the previous Item #3 discusses the concern with considering high probability events as accidents). The SCO risk-informed methodology ignores the fundamental aspect of the 10 CFR Part 70, in general, that the acceptability of the not unlikely accidents is evaluated under the radiation protection program as described in NUREG-1250, Report on the Accident at the Chernobyl Nuclear Power Station, (section 4):

[T]he reviewer should be aware that accident sequences considered not unlikely in the ISA summary are constricted, under the ALARA requirement in 10 CFR Part 20, to minimize exposure to personnel and the public (NUREG-1520; page 4-13). The not unlikely category includes those accidents with a probability greater than 10-4 per event per year (NUREG-1520; page 3-A-6). Thus, the dose for the not unlikely accidents are subject to additional constraints that would be expected to reduce the dose especially for those accidents with a high likelihood of occurring (events greater than 10-2). Additionally, 10 CFR 70.62(c)(i-v) requires the licensee/applicant to identify all credible accident sequences including those that are not unlikely."

Although the identification of the not unlikely accident sequences are not required to be submitted to the NRC, the licensee is required to maintain the analysis of these events onsite including the consequences and likelihood. This information is reviewed by the NRC staff during the initial horizontal and vertical slice review and can be reviewed by the NRC inspectors during routine inspections.

5. Revise section 3.2.3 to clarify the intent of the use of the Q system from the International Atomic Energy Agencys Specific Safety Guide No. SSG-26 (Rev. 1), Advisory Material for the IAEA Regulations for the Safe Transport of Radioactive Material (2018 Edition).

Section 3.2.3 states: The analysis of accidents that could damage a package uses the reference dose of 5 rem to judge when a Type A package is insufficient to limit the transportation risk of the package. The Q system isnt based on analyses of accidents to determine when Type A package is insufficient, as the Q system uses dose to an individual, without regard to evaluation of specific accidents. For special form radioactive material, the Q system uses calculation of a whole body dose limit of 30 mSv (3 Rem) assuming a distance of 3 m over a period of 3 h. For normal form material, the dose limit for A2 is set based on a release of 10-6A2, which is a median accident. The median accident is defined as one which leads to complete loss of shielding and to a release of 0.1% of the package contents in such a manner that a bystander subsequently received an intake of 0.1% of this released material, hence the 10-6A2 release. Based on this calculation the A2 value is set to limit the dose to a radiation worker to half the annual limit on intake for each specific radionuclide.

6. Clarify what appear to be errors/typos in the following:
a. Table 3-4 contains many acceptable/unacceptable, more than/less than phrases which appear to be reversed. e.g. "A doseis acceptable if the likelihood is more than"
b. In table 3-6:

Numbers for worker (last row) appear to be incorrect Risk columns don't have any unit labels (fatalities/yr)

QHG for acute fatality would not apply for the lower consequence bins

c. Section 3.2.4, NRC Endorsed Risk-Informed Methodology in Support of Licensing Advanced Reactor Design, should the phrase None-the-less, the guidance document presents the frequency-consequence evaluation plot shown in Figure 3-3 really be Figure 3-5, since the caption for Figure 3-5 states Frequency-Consequence Targets from NEI 18-04, Revision 1? The caption for Figure 3-3 states Frequency Consequence Chart for Offsite Public Based on 10 CFR Part 70 and NUREG-1520.
7. Revise the statement in the first paragraph in section 3.2.3, Risk Reference Used in Developing the IAEA Q System, regarding Type B(U) and Type B(M) package testing.

The statement in the first paragraph of section 3.2.3: The more robust Type B(U) or Type B(M) packages require testing that takes into account a large range of accidents which expose packages to severe dynamic forces is incorrect. Hypothetical accident conditions were not designed to represent an actual accident the package would experience during transport but, as stated in the proposed rulemaking dated December 21, 1965 (30 FR 15748), was chosen that satisfactory performance of a package exposed to them may be considered to give reasonable assurance of satisfactory performance in accidents likely to occur in transportation.

8. Clarify what is meant by the not applicable blocks in table 3-4.

Table 3-4, Summary of Relevant Risk Limits from Other Applications, shows a number of dose rate blocks labeled not applicable. It is not clear what not applicable means in this context.

9. Clarify the following statement in section 3.3, a TNPP package will be designed to remain intact for most hazards and initiating events that can cause accidents particularly if the event is not highly unlikely.

The term remain intact is vague. Does this mean no release of radioactive material from the package? Also, it appears that these events seem to be normal conditions of transport; however, the acceptance criteria in 10 CFR Part 71 for normal conditions of transport (dose rate criteria in 10 CFR 71.41 and containment criteria in 10 CFR 71.51(a)(1)) are lower than the acceptance criteria for hypothetical accident conditions (dose rate and containment criteria in 10 CFR 71.51(a)(2)). The dose criteria listed in the document appear to be for accidents, not normal conditions of transport. (See question 1, above, in the Introduction.)

4.0 TNPP TRANSPORTATION PRA METHODOLOGY, DATA, AND RESULTS

1. Revise the risk assessment approach for a TNPP to:
a. Provide information on when a screening analysis will be performed and what screening criteria is used, including, if applicable, what types of scenarios will be screened out. The basis for screening and how it will be performed and documented as part of the framework should be further described/explained. This should include an initial list of events, the screening process, and a final list of events. Currently, it is not clear which, if any, scenarios have been excluded and is also not clear how several scenarios that have no, or minimal consequences survived the screening process.

Section 4.4.2.2 (Page 70, Item 14) states: Hazardous conditions qualitatively evaluated to be low risk were not carried forward for detailed accident analysis.

Low risk scenarios were screened out because the likelihood was determined to be Beyond Extremely Unlikely or the consequences were determined not to significantly impact any of the TNPP radiological inventory contributors; however, table 4-26 presents a risk summary of the bounding representative accidents (BRA) and includes accidents that have no release of radiological material and no loss of shielding (presenting 0 consequences in the table) for BRA 1, BRA 4L; consequences on the order of a microrem for BRA 7; and consequences on the order of a millirem or less for BRA 2 and BRA 8 (5 of the 12 BRAs have very low consequences).

b. Clarify the definition of fission products used in the document.

A wide range of radionuclides (e.g., Pu isotopes, which are actinides) are included as a class of fission products, for example, in table 4-1; however, in section 4.2.4.1 (page 56) the text indicates that fission products and actinides are separate groupings. Consider defining what the term fission products includes in the document and then use it consistently throughout the document.

c. Clarify the release fractions in section 4.4.3.1.1, Accident 1(a) - Collision with a Light Vehicle, for collision with a light vehicle.

Section 4.4.3.1.1 (Page 79) states: The damage ratio, airborne release fraction, and respirable fraction used in the consequence analysis for this accident should be set lower than values used for collision with a light vehicle. This sentence states that the values should be set lower than the values used for collision with a light vehicle; however, this section is for collision with a light vehicle.

2. With respect to section 4.4.2.2, Hazardous Condition Evaluation Assumptions, provide clarifications for the following:
a. In item number 11 (page 70) it states that the hazards analysis assumed no prohibition of transport in extreme weather, and that this assumption was reconsidered in the accident analysis. It is not clear what was meant by that statement.
3. With respect to section 4.4.3.1.10, Tornado or High Wind Event, provide information for the following:
a. Additional information is necessary to describe how the likelihood of these events are defined. The section states that the highest frequency along the route could be used to be conservative. Considering the potential that the highest frequency event may result in lower consequences due to lower wind speeds vs. a lesser frequency event that could result in higher consequences due to the higher wind speeds, clarify how these differences in events levels and their associated frequencies are being considered when defining likelihood and consequences in the accident progression analysis (e.g., 40-mph wind event could be more likely to occur (i.e., higher frequency) than a 90-mph event; however, one level of high wind event may fall into anticipated event with low consequences vs. the other be an unlikely with higher consequences; or for tornadoes an F4 tornado may just be considered as extremely unlikely, vs. an F1 tornado may just be unlikely).
b. The frequency of a tornado or a high wind event will vary from one type of event vs. another. Because of this, for similar wind intensity or wind loads each event will be associated with a different frequency. Clarify how these differences will be captured and evaluated for each type of event if they are evaluated under the same accident condition.
4. Clarify the accident progression described in section 4.4.3.2.8, Criticality Accidents, of the report regarding criticality under accident BRA 9.

This section of the report states that the accident consists of drop into a body of water (e.g., from a bridge) and enough impact to cause a change in core geometry. Clarify whether the change in geometry is a necessary precursor to package criticality, or if flooding with water alone is enough to initiate criticality. This information may affect the frequency determination of accident BRA 9.

5. Clarify the basis for the frequency of accident BRA 9, Criticality Event Involving Drop into a Body of Water.

Section 4.7.11 of the report states, regarding the frequency of criticality events involving a drop of the package into a body of water:

The actual rate is judged to be between 2.1E-06 per year and 5.1E-09 per year and likely less than 5E-07 per year as presented in Table 4-37.

The basis for the conclusion that the frequency is less than 5E-07 per year is not clear.

The 2.1E-06 estimate is well within the frequency range considered in figures 3-1 and 3-2 for the maximally exposed offsite individual and co-located worker, respectively. The applicant does not give a reason for assuming that the frequency is lower than the 2.1E-06 estimate developed in section 4.5.3.1.2, Frequency of Highway Accidents that Could Result in a Criticality Event, of the report.

6. The probabilistic risk assessment (PRA) should consider a less than completely flooded package or fire scenarios for criticality under accident scenario BRA 9.

The TNPP core is significantly moderated by graphite as designed and built, such that small amounts of water added to the system could significantly increase system keff, and result in criticality. The reactor pressure vessel may not need to be fully flooded to achieve criticality. Bodies of water with less depth than required to completely submerge the package may still result in criticality. Criticality analyses of the package with varying levels of water moderation will be necessary to determine the depth for bodies of water to be included in the frequency determination for criticality under accident BRA 9.

Additionally, fires in or near TNPP packages are likely to be aggressively suppressed to prevent radionuclide release. In the event the containment is failed, due to impact or other event, water or other hydrogenous fire suppression materials may enter the core in sufficient quantities to cause criticality. Criticality analyses of the package with varying amounts of water or other hydrogenous fire suppression materials in the core may be necessary to determine the frequency of criticality under this accident scenario.

This information may affect the frequency determination of accident BRA 9.

7. Justify using the Q system is appropriate to calculate doses during an accident.

The methodology in SSG-26 was developed to calculate A1 and A2 values for individual radionuclides to determine the maximum quantity of material in a package that is not evaluated for hypothetical accident conditions. While the methodology includes external photon dose, external beta dose, inhalation dose, skin, and ingestion dose due to contamination transfer and submersion dose, it does not include neutron sources, except for Cf-252, and does not include interactions that may generate neutrons, such as alpha, neutron (,n) reactions.

8. Clarify section 4.2.2 with regard to 10 CFR 50.71, Maintenance of records, making of reports, referencing A2 values.

Section 4.2.2 states: This approach is consistent with 10 CFR 50.71 [Maintenance of records, making of reports] which specifies that an A2 value from Table A-3 of this regulation may be used if an A2 value for the radionuclide is not provided in Table A-1 of this regulation. However, 10 CFR 50.71 does not reference 10 CFR Part 71, Appendix A for isotopes that do not have a specified A2 value. It is unclear what the statement is conveying.

9. Clarify whether the following statement in section 4.2.3.1 is discussing in-reactor operations or during transport:

In design basis events (DBE) and beyond design basis events (BDBE), significant heat soak circumstances may occur where fuel compact temperatures are expected to rise from roughly 1200 °C up to roughly 1400 °C to 1600 °C. At these elevated temperatures, fission product releases increase since diffusion rates increase. However, transportation of an TNPP that has experienced a DBE or BDBE is beyond the scope of this assessment.

10. Clarify table 4-5, item 6, and section 4.4.3.1.12, Accident 6(b) - Diesel Fuel Fire Only Event, to indicate whether any of the fires include any other combustible components of the truck such as tires. If it does not, justify not including combustible portions of the truck.
11. Clarify the language in section 4.4.3.1.1, Accident 2(a) - Collision with a Fixed Object.

In several places there is language like the following: If a worst-case collision with an object is rare and the consequences are high, then... Consider reviewing the document for language consistency. Is rare considered unlikely, highly unlikely? Is high considered High- Consequence group A or Very High - Consequence group B. Several places use the term high consequences that cover both groups.

12. Clarify whether any of the accidents in section 4.4.3.1, Identification and Description of the Full Set of Important Accident Scenarios, includes drop onto a lower elevation which could be caused by another accident, such as impact with a light or heavy vehicle or fixed object, jackknife, or rollover.

It appears from the discussion of a drop onto a lower elevation that this is a single event or due to a fire; however, a drop onto a lower surface could be caused by another initiating event, such as an accident with another vehicle or a jackknife.

13. Justify the statement in section 4.6.3.1, External Dose Due to Photons, that the distance to the closest member of the public is 25 meters from the accident.

The report assumes that the closest member of the public is 25 meters from the accident based on U.S. Department of Transportation isolation and protective action distance for high level radiological material emergency response. There is no justification for why a member of the public cannot be closer than 25 meters during an accident. While the U.S. Department of Transportation Emergency Response Guide states that a cordon of 25 meters surrounding a spill or leak of radioactive material should be established however, this would occur after the accident. The report includes two consequence-probability curves to account for public and worker dose for accidents; however, it is not clear why there needs to be two curves if a member of the public can be located closer than a worker.

5.0 DEFENSE-IN-DEPTH AND SAFETY MARGIN CONCERNS

1. Revise this section with a focus on what will be developed/presented to describe what is relied on for safety, including the uncertainties with estimating the performance of those items relied on for safety.

While the overall methodology contains the main topics to be addressed in a PRA approach for estimating risk, it appears that the treatment of some of the topic areas, such as defense-in-depth and uncertainty, may not be to the appropriate level of detail or possibly do not address the primary regulatory aspect of the topic. NRC notes that an applicant for package approval should address both areas in much greater detail in its application.

a. Defense-in-Depth A number of statements in section 5 appear to imply that defense-in-depth is not really needed due to the low risk. Although a low-risk value may be estimated for a certain activity, NRCs regulatory approach does not dismiss a need for defense-in-depth simply based on risk. When evaluating defense-in-depth, Regulatory Guide 1.174, "An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis" may be useful. NRC considers risk insights gained from conducting a PRA to promote an improved understanding of the system in support of the appropriate level of defense-in-depth:

Risk insights can make the elements of defense-in-depth more clear by quantifying them to the extent practicable. Although the uncertainties associated with the importance of some elements of defense may be substantial, the fact that these elements and uncertainties have been quantified can aid in determining how much defense makes regulatory sense. Decisions on the adequacy of or the necessity for elements of defense should reflect risk insights gained through identification of the individual performance of each defense system in relation to overall performance. (NRC White Paper on Risk- Informed and Performance-Based Regulation; March 11, 1999; [ML17348B272]).

Defense in depth is invoked primarily as a strategy to ensure public safety given the unquantified uncertainty in risk assessments. The nature and extent of compensatory measures should be related, in part, to the degree of uncertainty. (Letter to Chairman Meserve from B. John Garrick

[Chairman Advisory Committee on Nuclear Waste] and Dana A. Powers

[Chairman Advisory Committee on Reactor Safeguards]); Use of Defense in Depth in Risk-Informing NMSS [Office of Nuclear Materials Safety and Safeguards] Activities; May 25, 2000; [ML003718610]).

Additionally, in Use of Probabilistic Risk Assessment Methods in Nuclear Regulatory Activities; Final Policy Statement (60 FR 42627; August 16, 1995) the NRC has made clear that a defense-in-depth approach is appropriate to all its programs:

Deterministic-based regulations have been successful in protecting the public health and safety and PRA techniques are most valuable when they serve to focus the traditional, deterministic-based, regulations and support the defense-in-depth philosophy.

Below are some of the statements that need further consideration regarding the defense-in-depth approach and how the PRA would support an understanding of the defense-in-depth approach appropriate for the TNPP:

Section 5.1, Defense in Depth Philosophy The primary element of the defense-in-depth philosophy for this application of the exemption process (10 CFR 71.12, Specific exemptions) is the fact that the TNPP transportation risk is quantified and shown to be low, but in addition compensatory actions will be administered that reduce the risk to the worker and the public and associated uncertainty through preventative and mitigative features.

Comment: It would appear the defense-in-depth approach for design is based solely on a low-risk estimate rather than an articulation of the design basis for the low risk (e.g., the compensatory measures represent operational constraints and not attributes of the design - such as ship at night to avoid other traffic, escort provided forward and aft, etc.). Defense-in-depth precludes a complete reliance on one single safety component for safety of the design. The question to be answered is why is the risk low? - what are the safety components that are relied on for safety of the transportation system?

Page 192, Item 1, Preserve adequate capability of design features without an overreliance on programmatic activities as compensatory measures Also, the design will be robust and though it may not meet all the requirements in 10 CFR 71.55 (General requirements for fissile material packages) after HAC, it is expected to meet many or most of the requirements.

Comment: It is unclear what is being conveyed in stating that the Project Pele design may not meet all of the safety requirements. The question to be answered is: what are the different design aspects that reduce the risk (such as the tri-structural isotropic (TRISO) fuel, the reactor containment, etc.)? Defense-in-depth is about describing the various safety components and explaining the limits of their functionality with respect to reducing risk.

Page 192, Item 3, Preserve system redundancy, independence, and diversity commensurate with the expected frequency and consequences Redundancy, independence, and diversity are concepts that are more relevant to an operating reactor with redundant active systems.

Comment: While a TNPP is a reactor, it is not an operating reactor. Section 5 does not appear to focus on what makes transporting a microreactor safe (e.g., the TRISO fuel limits release, the reactor core limits release, and the container, express (CONEX) box offering some protection) and how there are protections beyond just the CONEX box.

Page 193, item 1, Ensure key safety functions do not depend on a single element of design or operation.

For TNPP transport, this is a possible weakness of the TNPP design if damage from a severe impact (e.g., collision with a heavy truck) leads to a significant release of radiological material. Another weakness is that the current design of the demonstration unit does not include transportation poison rods as an additional mechanism to prevent a criticality event from a control insertion event as a result of severe impact. However, the PRA shows that the likelihood of TNPP accidents that produce the highest consequences are beyond extremely unlikely.

Comment: The tone of this statement is that there could be reliance on a single component, which is contrary to a defense-in-depth approach. This does not align with other statements in this section that identify such items as the fuel itself and the reactor vessel as significant barriers to release.

Page 192, item 5, provide time for recovery operations, includes a statement regarding the fuel itself and the reactor vessel as key safety barriers; however, the safety significance of these barriers is completely undermined by items 3 and 4 and emphasis on the lack of redundancy and potential common-cause failures continues on the page 193 with a new set of points (items 1 and 2).

The end of section 5 summarizes by stating defense-in-depth was applied consistent with NRC guidance and available information; however, the summary does not appear consistent with a number of the points made in section 5 that seem to state precisely the opposite. The application should demonstrate that the principle of defense-in-depth is satisfied.

If the package itself is insufficient for this, then the application should identify other attributes of the design that are relied upon or provide a compelling basis for reliance on administrative measures, such as those identified, and compensatory measures in the document that are not explicitly credited in the PRA.

2. Provide a description of a more robust treatment of uncertainty, which could be based on extensive sensitivity analyses.

The proposed framework appears to lack a formal treatment of uncertainties with the exception of proposing sensitivity studies. This is a reasonable approach to characterize the uncertainty and should focus on key parameters that could significantly increase or decrease the estimated risk. If sensitivity studies are the primary method of characterizing the uncertainty, one would expect the number and level of detail of the sensitivities to be robust. Existing guidance, such as that found in NUREG-1855, "Guidance on the Treatment of Uncertainties Associated with PRAs in Risk-Informed Decisionmaking" may be useful.

6.0 TECHNICAL ADEQUACY OF TRANSPORTATION RISK ASSESSMENT No Questions

7.0 CONCLUSION

S No Questions

ML23087A108; ML23087A110 OFFICE NMSS/DFM/STLB NMSS/DFM/STLB NMSS/DFM/CTCFB NMSS/DFM/CTCFB WWheatley DMarcano NAME BWhite BW JPiotter JP JCurry for JC CBajwa for CB DATE Apr 3, 2023 Apr 4, 2023 Apr 11, 2023 Apr 10, 2023 OFFICE NMSS/DFM/IOB NMSS/DFM/MSB NMSS/DFM/STLB NMSS/DFM/STLB NAME ARivera-Varona AR TBoyce TB BWhite BW YDiaz-Sanabria YD DATE Apr 11, 2023 Apr 7, 2023 Apr 12, 2023 Apr 14, 2023 OFFICE NMSS/DFM/STLB NAME BWhite BW DATE Apr 14, 2023

Retrieved from "https://kanterella.com/w/index.php?title=ML23087A110&oldid=3535891"