ML23338A279

From kanterella
Jump to navigation Jump to search
Technology-Inclusive, Risk-Informed, and Performance-Based Licensing Approaches
ML23338A279
Person / Time
Issue date: 11/30/2023
From: Stutzke M
Office of Nuclear Reactor Regulation
To:
References
Download: ML23338A279 (1)
v  d  e


Text

Technology-Inclusive, Risk-Informed, and Performance-Based Licensing Approaches Marty Stutzke, Senior Technical Advisor for Probabilistic Risk Assessment Division of Advanced Reactors and Non-Power Production and Utilization Facilities (DANU)

Office of Nuclear Reactor Regulation (NRR)

U.S. Nuclear Regulatory Commission (NRC)

November 30, 2023 1

Learning Objectives By the end of this presentation, you will understand:

  • The basis and context for the licensing modernization project (LMP) methodology
  • The three processes associated with the LMP methodology
  • How the LMP methodology is used to establish a licensing basis for new applicants
  • How the LMP methodology compares to traditional approaches for establishing a licensing basis 2

Course Outline

  • Regulatory foundations and principles
  • Traditional LWR-centric approach
  • Lessons learned, evolving requirements, and increasing use of risk-informed and performance-based approaches
  • The LMP methodology
  • PRA event sequences
  • The Frequency-Consequence (F-C) Target
  • Identification of licensing basis events (LBEs)
  • Risk-significant event sequence families and systems, structures and components (SSCs)
  • Safety functions and design criteria
  • SSC safety classification
  • Defense-in-depth adequacy 3

Regulatory Foundations and Principles International Atomic Energy Agency (IAEA)

The fundamental safety objective is to protect people and the environment from harmful effects of ionizing radiation.

This fundamental safety objective of protecting people individually and collectively and the environment has to be achieved without unduly limiting the operation of facilities or the conduct of activities that give rise to radiation risks. To ensure that facilities are operated and activities conducted so as to achieve the highest standards of safety that can reasonably be achieved, measures have to be taken:

To control the radiation exposure of people and the release of radioactive material to the environment To restrict the likelihood of events that might lead to a loss of control over a nuclear reactor core, nuclear chain reaction, radioactive source or any other source of radiation To mitigate the consequences of such events if they were to occur.

Source: IAEA, Fundamental Safety Principles, IAEA Safety Standards Series No.

SF-1, 2006.

4 Nuclear Regulatory Commission (NRC)

The NRCs mission is to license and regulate the Nations civilian use of radioactive materials, to provide reasonable assurance of adequate protection of public health and safety, to promote the common defense and security, and to protect the environment.

Source: NRC, Strategic Plan: Fiscal Years 2022-2026, NUREG-1614, Vol. 8, April 2022.

Regulatory Foundations and Principles:

Nuclear Reactor Safety

  • Normal Operations
  • Occupational
  • Public
  • Effluents and direct radiation exposure
  • Unplanned Events
  • Typically organized into categories such as:
  • Postulated accidents
  • The risk triplet* provides a useful paradigm:
  • What can go wrong?
  • How likely is it?
  • What are the consequences?
  • Stanley Kaplan and B. John Garrick, On The Quantitative Definition of Risk, Risk Analysis, Vol. I, No. 1, March 1981.

5 Source: NUREG/CR-1250, Vol. 1, 1980.

Regulatory Foundations and Principles:

Safety Assessment for Facilities and Activities 6

Design Radiation Risks Safety Functions Site Characteristics Engineering Approach Human Factors Principles Defense-in-Depth Safety Margins Barriers Operations Limits, Conditions Maintenance, Inspections Management, Staffing Programs (radiation protection, emergency preparedness, etc.)

Analyses Deterministic Probabilistic Safety Criteria Uncertainty/Sensitivity Verification and Validation Licensing Applications License, Permit, and Certification Applications Changes to Licenses

Traditional LWR-Centric Approach Anticipated operational occurrences (AOOs) and postulated accidents may be grouped into the following seven types:

1)

Increase in heat removal by the secondary system 2)

Decrease in heat removal by the secondary system 3)

Decrease in reactor coolant system (RCS) flow rate 4)

Reactivity and power distribution anomalies 5)

Increase in reactor coolant inventory 6)

Decrease in reactor coolant inventory 7)

Radioactive release from a subsystem or component Source: NRC, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition Transient and Accident Analysis, NUREG-0800, Chapter 15.0, Draft Revision 4, July 2023.

7 Which apply to non-LWRs?

Which do not apply to non-LWRs?

Whats missing?

Traditional LWR-Centric Approach

  • Barrier-based approach with design specifics established based on conservative events defined to challenge barriers. Examples include requirements for:
  • Reactivity insertion rate to protect cladding for decreases in flow
  • Emergency core cooling
  • Containment pressure for loss of coolant accidents
  • Safety-related systems, structures and components (SSCs) to assure:
  • The capability to shut down the reactor and maintain it in a safe shutdown condition
  • The capability to prevent or mitigate accidents which could result in potential offsite exposures comparable to the applicable guidelines
  • Defense in depth provided by multiple barriers along with measures to prevent and mitigate various event categories
  • Design rules such as incorporating the single failure criterion defined by general design criteria (GDC) 8

Lessons Learned & Evolving Requirements

  • Additional requirements added to prevent and mitigate events informed by PRAs and operating experience include anticipated events without scram (ATWS) and station blackout (SBO) which led to terminology such as beyond design basis events
  • Additional focus on human factors (training, control room design) following the accident at Three Mile Island (TMI)
  • Evaluations of containment performance and severe accidents lead to severe accident policies and consideration of PRA insights
  • Advances in PRA lead to policy statements on safety goals and PRA, and guidance for risk-informed decision making (RG 1.174)
  • Events such as 9/11 and the accident at Fukushima Dai-chi lead to addition of mitigating strategies approaches to address degraded plant conditions 9

Increasing Use of Risk-Informed and Performance-Based Approaches

  • Policy Statements Severe accidents (50 FR 32138; August 8, 1985)

Safety goals (51 FR 28044; August 4, 1986 as corrected and republished at 51 FR 30028; August 21, 1986)

Use of PRAs (60 FR 42622; August 16, 1995)

  • White paper on risk-informed and performance-based regulation (SRM-SECY 0144, 3/1/1999, ADAMS Accession No. ML003753601)
  • Industry PRA consensus standards jointly developed by the American Society of Mechanical Engineers (ASME) and the American Nuclear Society (ANS)
  • Technical Specification Initiatives, e.g., risk-informed completion times (RICTs)
  • Resolution of generic issues
  • Advanced Reactor Policy Statement (73 FR 60612; October 14, 2008)
  • NUREG-1860, Feasibility Study for a Risk-Informed and Performance-Based Regulatory Structure for Future Plant Licensing, 2007
  • Next Generation Nuclear Plant (NGNP)
  • Current pre-licensing and licensing reviews 10

Risk-Informed and Performance-Based Approach:

What is LMP and What Does It Do?

  • The Licensing Modernization Project (LMP) methodology is a technology-inclusive, risk-informed, and performance-based approach developed for informing the licensing basis of non-light water reactors.
  • Developed by the Southern Company
  • Cost-shared by the Department of Energy (DOE)
  • Sponsored by the Nuclear Energy Institute (NEI)
  • NEI 18-04, Rev. 1, Modernization of Technical Requirements for Licensing of Advanced Non-Light Water Reactors: Risk-Informed Performance-Based Technology Inclusive Guidance for Non-Light Water Reactor Licensing Basis Development, August 2019 (ML19241A472).
  • Endorsed by the Nuclear Regulatory Commission (NRC)
  • RG 1.233, Rev. 0, Guidance for a Technology-Inclusive, Risk-Informed, and Performance-Based Methodology to Inform the Licensing Basis and Content of Applications for Licenses, Certifications, and Approvals for Non-Light Water Reactors, June 2020.
  • Uses probabilistic risk assessments and traditional deterministic engineering approaches to risk-inform design decisions and support licensing applications.
  • Methodology centered on:
  • Licensing basis events (LBEs)
  • Safety classification and performance criteria for SSCs
  • Assessing defense in depth 11 Use the PRA up-front to help define the licensing basis, rather than after-the-fact to confirm the acceptability of a design that has been developed using the traditional, deterministic approach.

Probabilistic Risk Assessment (PRA) Event Sequences 12 Initiating Event A

B C

Mitigating Events Frequency Consequence f1 c1 fn cn All initiating events What are the consequences?

What can go wrong?

How likely is it?

The Risk Triplet Event sequences:

  • Pathways through the event tree
  • Consists of an initiating event and one or more mitigating event successes and failures
  • All event sequences are important when using PRA to help establish the licensing basis
  • Individual event sequences may be grouped into families (similar challenges to the plant safety functions, response of the plant in the performance of each safety function, response of each radionuclide transport barrier, and end state.)

Consequences may be expressed in a variety of ways, depending on the purpose(s) of the PRA:

  • Conditional individual early fatality risk (per event)
  • Conditional latent cancer fatality risk (per event)
  • Population dose (person-rem per event)
  • Offsite economic consequence

($/event)

  • Quantity of radioactive material released (curies per event)
  • Dose over a specific period at a fixed location (e.g., the 96-hour dose at the exclusion area boundary (EAB))

PRA Scope to Support LMP

  • All radiological sources
  • All plant operating states (at-power, various low-power and shutdown configurations)
  • All internal and external hazards
  • Event sequences modeled from occurrence of an initiating event to release or safe stable end state
  • Estimation of radiological consequences 13 PRA Elements 1)

Plant operating state analysis 2)

Initiating event analysis 3)

Event sequence analysis 4)

Success criteria development 5)

Systems analysis 6)

Human reliability analysis 7)

Data analysis 8)

Internal flood PRA 9)

Internal fire PRA

10) Seismic PRA
11) Hazards screening analysis
12) High winds PRA
13) External flooding PRA
14) Other hazards PRA
15) Event sequence quantification
16) Mechanistic source term analysis
17) Radiological consequence analysis
18) Risk integration Source: ASME/ANS RA-S-1.4-2021, Probabilistic Risk Assessment Standard for Advanced Non-Light Water Reactor Nuclear Power Plants, which is endorsed in RG 1.247, TRIAL - Acceptability of Probabilistic Risk Assessment Results for Non-Light Water Reactor Risk-Informed Activities, March 2022.

LMP: Frequency-Consequence (F-C) Target Plot the results of the PRA for individual event sequences to:

  • Evaluate risk significance of individual LBEs and SSCs
  • Help define the required safety functions (RSFs)

Note: The F-C-Target is not a regulatory acceptance criterion.

14

LMP: Identification of Licensing Basis Events (LBEs)

LBE Category Description Event Sequence Family Mean Frequency Range Plant Response Anticipated Operational Occurrences (AOOs)

Anticipated event sequences expected to occur one or more times during the life of a nuclear power plant, which may include one or more reactor modules.

1x10-2/plant-year Account for the expected response of all SSCs within the plant regardless of safety classification.

Design Basis Events (DBEs)

Infrequent event sequences that are not expected to occur in the life of a nuclear power plant, which may include one or more reactor modules, but are less likely than AOOs.

1x10-4 to 1x10-2/plant-year Beyond Design Basis Events (BDBEs)

Rare event sequences that are not expected to occur in the life of a nuclear power plant, which may include one or more reactor modules, but are less likely than a DBE.

1x10-4 to 5x10-6/plant-year Design Basis Accidents (DBAs)

Postulated event sequences that are used to set design criteria and performance objectives for the design of Safety Related SSCs. DBAs are derived from DBEs based on the capabilities and reliabilities of Safety-Related SSCs needed to mitigate and prevent event sequences, respectively.

DBAs are derived from the DBEs by prescriptively assuming that only Safety Related SSCs are available to mitigate postulated event sequence consequences to within the 10 CFR 50.34 dose limits.

Identified by an integrated decision-making process (IDP) 15

16 AOOs DBEs BDBEs

< BDEBs

LMP: Identification of Risk-Significant Event Sequence Families 17 Source: NEI 18-04, Rev. 1, Figure 3-4 Risk-significant LBEs are those with frequencies within 1% of the F-C Target with site boundary doses exceeding 2.5 mrem (see crosshatched region of Figure 3-4).

To consider the effects of uncertainties, the upper 95th percentile estimates of both frequency and dose should be used.

LMP: Identifying Risk-Significant SSCs LMP Uses Absolute Risk Significance

  • Determined by assuming failure of the SSC in performing a prevention or mitigation function and checking how the resulting LBE risks compare with the F-C Target. The LBE is considered within the F-C Target when a point defined by the upper 95th percentile uncertainty of the LBE frequency and dose estimates is within the F-C Target.
  • A significant contribution to each cumulative risk metric limit is satisfied when the total frequency of all LBEs with failure of the SSC exceeds 1% of the cumulative risk metric limit based on the mean estimates of frequencies and consequences.
  • The total mean frequency of exceeding a site boundary dose of 100 mrem < 1/plant-year (10 CFR 20)
  • The average individual risk of early fatality within 1 mile of the EAB < 5x10-7/plant-year (QHO)
  • The average individual risk of latent cancer fatalities within 10 miles of the EAB shall not exceed 2x10-6/plant-year (QHO) 18 Measure Abbreviation Principle Risk Reduction RR

(= 0)

Fussell-Vesely FV

(= 0)

()

Risk Reduction Worth RRW

(= 0)

Criticality Importance CR

= 1 (= 0)

()

x Risk Achievement RA

= 1 ()

Risk Achievement Worth RAW

= 1

()

Partial Derivative PD

+ ()

Birnbaum Importance BI

= 1 (= 0)

Traditional PRAs Use Relative Risk Significance The term R represents the total risk, R(base) is the risk with each basic event probability set to its base value, and the term xi represents the probability of a basic event i (e.g., the event that a specific valve fails to perform its function).

Special Treatment for Safety-Significant Functions SSC Safety Classification Process 19 Input from PRA and LBE evaluation

1. Identify SSC PRA safety functions in prevention and mitigation of LBEs
2. Identify and evaluate SSC capabilities and programs to support defense-in-depth
3. Determine required and safety-significant functions 4a. SSC selected to meet required safety function?

4b. Non-SR SSC function is risk significant?

4c. Non-SR SSC function required for defense-in-depth adequacy?

5b. Classify SSC as Non-Safety Related with Special Treatment (NSRST) 5c. Classify SSC as Non-Safety-Related with No Special Treatment (NST) 6b. Determine NSRST SSC reliability and capability targets to perform safety-significant functions.

7b. Determine NSRST SSC special treatments YES 6c. Determine NST SSC reliability and capability targets to meet user requirements 7c. Determine non-regulatory NST SSC design requirements 5a. Classify SSC as Safety-Related (SR) 6a. Determine SR SSC reliability and capability targets to perform required safety functions 7a. Determine required functional design, SR design criteria, and special treatments YES YES NO NO Safety-significant functions include those classified as risk-significant or required for defense-in-depth Only those SSCs selected by designer to perform functions required to keep DBEs and high-consequence (> 25 rem)

BDBEs inside the F-C Target are classified as SR. All other SSCs not so selected are considered for classification as NSRST or NST NO Source: NEI 18-04, Rev. 1, Figure 4-1

Principal Design Criteria Safety Functions and Design Criteria 20 Fundamental Safety Functions (FSFs)

Safety functions common to all reactor technologies and designs:

Control heat generation Control heat removal Confinement of radioactive material PRA Safety Functions (PSFs)

Reactor design-specific SSC functions modeled in a PRA that serve to prevent and/or mitigate a release of radioactive material or to protect one or more barriers to release.

Required Safety Functions (RSFs)

A PRA Safety Function that is required to be fulfilled to maintain the consequence of one or more DBEs or the frequency of one or more high-consequence BDBEs inside the F-C Target Required Functional Design Criteria (RFDC)

SR SSCs Complementary Design Criteria (CDC)

NSRST SSCs Safety-Related Design Criteria (SRDC)

Assigned to specific SSCs that perform RSFs Quality Assurance Principal Design Criterion safety-significant SSCs

  • The general design criteria (GDC) in 10 CFR 50, App. A and the advanced reactor design criteria (ARDC) in RG 1.232 may be used as guideposts for the initial design
  • Designers may also specify probabilistic (reliability) criteria in lieu of the single failure criteria.

Designers may also specify probabilistic (reliability) criteria in lieu of the single failure criteria.

LMP SSC Classification 21 Safety-Related SSCs Safety-Significant SSCs Risk-Significant SSCs PRA-Modeled SSCs All Plant SSCs Source: NEI 18-04, Rev. 1, Figure 4-2

  • Determined by the IDP
  • Includes:

o SSCs relied upon during DBAs to meet 10 CFR 50.34 dose limits using conservative assumptions o

SSCs selected for required safety functions to mitigate DBEs within F-C Target o

SSCs selected for required safety functions to prevent high-consequence BDBEs from entering DBE region beyond F-C Target Determined by using the F-C target Safety-Significant SSCs include:

  • Non-safety-related SSCs with special treatment (NSRST):

o Risk-significant SSCs o

SSCs needed for defense-in-depth Traditional definition of SR SSCs in 10 CFR 50.2 Safety-related structures, systems and components means those structures, systems and components that are relied upon to remain functional during and following design basis events to assure:

The integrity of the reactor coolant pressure boundary The capability to shut down the reactor and maintain it in a safe shutdown condition; or The capability to prevent or mitigate the consequences of accidents which could result in potential offsite exposures comparable to the applicable guideline exposures set forth in

§ 50.34(a)(1) or § 100.11 of this chapter, as applicable.

Notice the difference!

LMP SSC Safety Categories and Safety Significant SSCs 22 SSCs including radionuclide barriers Safety-Related (SR)

SSCs Non-Safety-Related with Special Treatment (NSRST) SSCs SSCs selected for required safety functions to mitigate DBEs within F-C Target*

SSCs selected for required safety functions to prevent high-consequence BDBEs from entering DBE region beyond F-C Target Non-SR SSCs performing risk-significant functions Non-SR SSCs performing functions required for defense-in-depth SSCs performing non-safety-significant functions Non-Safety-Related with No Special Treatment (NST)

  • SR SSCs are also relied upon during DBAs to meet 10 CFR 50.34 dose limits using conservative assumptions Safety-Significant SSCs Non-Safety-Significant SSCs Source: NEI 18-04, Rev. 1, Figure 4-3

Special Treatments (1 of 2)

Special Treatment Category SR SSC NSRST SSC NST SSC Requirements Associated with SSC Safety Classification Document basis for SSC categorization by IDP

Document evaluation of adequacy of special treatment to support SSC categorization

Change control process to monitor performance and manage SSC categorization changes

Basic Requirements for All Safety-Significant SSCs Reliability Assurance Program including reliability and availability targets for SSCs in performance of PRA Safety Functions

Design Requirements for SSC capability to mitigate challenges reflected in LBEs

Maintenance Program that assures targets for SSC availability and effectiveness of maintenance to meet SSC reliability targets

Licensee Event Reports

10 CFR 50 Appendix B Quality Assurance Program

User provided Quality Assurance (QA) Program for non-safety SSCs

23 Special treatment refers to those requirements that provide increased assurance beyond normal industrial practices that structures, systems, and components (SSCs) perform their design-basis functions.

Special Treatments (2 of 2)

Special Treatment Category SR SSC NSRST SSC NST SSC Additional Special Treatment Requirements Required Functional Design Criteria

case-by-case Technical Specifications

Seismic design basis

see note see note Seismic qualification testing

Protection against design basis external events

Equipment qualification testing

Materials surveillance testing

Pre-service and risk-informed in-service inspections

case-by-case Pre-service and in-service testing

case-by-case Note: NSRST and NST SSCs required to meet Seismic II/I requirements (required not to interfere with the performance of SR SSC RSFs following a Safe Shutdown Earthquake) 24 Source: NEI 18-04, Re. 1, Table 4-1

Framework for Establishing Defense-in-Depth Adequacy 25 RIPB Evaluation of DID Plant Capability DID Programmatic DID PRA Deterministic Evaluation Inherent reactor, facility, and site characteristics Radionuclide physical and functional barriers Passive and active SSCs that perform safety functions SSC reliability in prevention of events SSC reliability in mitigation of events SSC redundancy and diversity Defense against common-cause failures Conservative design margins in SSC performance Performance targets for SSC reliability and capability Design, testing, manufacturing, construction, operations, and maintenance programs Tests, inspections, and monitoring of SSC performance; corrective actions Operational procedures and training to compensate for human errors, equipment failures, and uncertainties Technical specifications for bound uncertainties Capabilities for emergency plan protective actions Input to LBE selection Input to SSC classification Input to SSC performance requirements Evaluation of LBEs vs. layers of defense Evaluation of risk margins Evaluation of uncertainties and protective measures Demonstration of adequate DID Risk insights and judgments to enhance programmatic assurance Risk insights and judgments to enhance plant capabilities Source: NEI 18-04, Rev. 1, Figure 5-2

Layers of Defense Layer of Defense*

Layer Guideline Overall Guidelines Quantitative Qualitative Quantitative Qualitative

1) Prevent off-normal operation and AOOs Maintain frequency of plant transients within designed cycles; meet owner requirements for plant reliability and availability Meet F-C Target for all LBEs and cumulative risk metric targets with sufficient margins No single design or operational feature, no matter how robust, is exclusively relied upon to satisfy the five layers of defense
2) Control abnormal operation, detect failures, and prevent DBEs Maintain frequency of all DBEs < 10-2/plant-year Minimize frequency of challenges to SR SSCs
3) Control DBEs within the analyzed design basis conditions and prevent BDBEs Maintain frequency of all BDBEs < 10-4/plant-year No single design or operational feature relied upon to meet quantitative objective for all DBEs
4) Control severe plant conditions and mitigate consequences of BDBEs Maintain individual risks from all LBEs < QHOs with sufficient margins No single barrier or plant feature relied upon to limit releases in achieving quantitative objectives for all BDBEs
5) Deploy adequate offsite protective actions and prevent adverse impact on public health and safety 26
  • Adapted from IAEA Safety Report Series No. 46, Assessment of Defense in Depth for Nuclear Power Plants, 2005.

Source: NEI 18-04, Rev. 1, Table 5-2

Discussion 27

Acronyms and Initialisms 28 ADAMS Agencywide Documents Access and Management System AOO anticipated operational occurrence ANS American Nuclear Society ASME American Society of Mechanical Engineers ATWS anticipated transient without scram BDBE beyond design basis accident BI Birnbaum importance measure CDC complementary design criteria CFR Code of Federal Regulations CR criticality importance measure DANU Division of Advanced reactors and Non-Power Production and Utilization Facilities DBA design basis accident DBE design basis event DOE Department of Energy EAB exclusion area boundary EPA Environmental Protection Agency F-C frequency-consequence FR Federal Register FSF fundamental safety function FV Fussell-Vesely importance measure GDC general design criteria IAEA International Atomic Energy Agency IDP integrated decision-making process LBE licensing basis event LMP Licensing Modernization Project LWR light water reactor NEI Nuclear Energy Institute NGNP Next Generation Nuclear Plant NRC Nuclear Regulatory Commission NRR Office of Nuclear Reactor Regulation NSRST non-safety related with special treatment NST no special treatment PAG protective action guideline PD partial derivative importance measure PRA probabilistic risk assessment PSF PRA safety function QA quality assurance QHO quantitative health objective RA risk achievement importance measure RAW risk achievement worth importance measure RCS reactor coolant system REM roentgen equivalent man RFDC required functional design criteria RICT risk-informed completion time RR risk reduction importance measure RAW risk reduction worth importance measure RSF required safety function SBO station blackout SR safety related SRDC safety-related design criteria SSC systems, structures, and components TMI Three Mile Island

Retrieved from "https://kanterella.com/w/index.php?title=ML23338A279&oldid=3765466"