ML23338A279

From kanterella
Jump to navigation Jump to search
Technology-Inclusive, Risk-Informed, and Performance-Based Licensing Approaches
ML23338A279
Person / Time
Issue date: 11/30/2023
From: Stutzke M
Office of Nuclear Reactor Regulation
To:
References
Download: ML23338A279 (1)
v  d  e


Text

Technology-Inclusive, Risk-Informed, and Performance-Based Licensing Approaches Marty Stutzke, Senior Technical Advisor for Probabilistic Risk Assessment Division of Advanced Reactors and Non-Power Production and Utilization Facilities (DANU)

Office of Nuclear Reactor Regulation (NRR)

U.S. Nuclear Regulatory Commission (NRC)

November 30, 2023 1

Learning Objectives By the end of this presentation, you will understand:

  • The basis and context for the licensing modernization project (LMP) methodology
  • The three processes associated with the LMP methodology
  • How the LMP methodology is used to establish a licensing basis for new applicants
  • How the LMP methodology compares to traditional approaches for establishing a licensing basis 2

Course Outline

  • Regulatory foundations and principles
  • Traditional LWR-centric approach
  • Lessons learned, evolving requirements, and increasing use of risk-informed and performance-based approaches
  • The LMP methodology
  • PRA event sequences
  • The Frequency-Consequence (F-C) Target
  • Identification of licensing basis events (LBEs)
  • Risk-significant event sequence families and systems, structures and components (SSCs)
  • Safety functions and design criteria
  • SSC safety classification
  • Defense-in-depth adequacy 3

Regulatory Foundations and Principles International Atomic Energy Agency (IAEA)

The fundamental safety objective is to protect people and the environment from harmful effects of ionizing radiation.

This fundamental safety objective of protecting people individually and Nuclear Regulatory Commission (NRC) collectively and the environment has to be achieved without unduly limiting the operation of facilities or the conduct of activities that give rise to radiation The NRCs mission is to license and regulate the risks. To ensure that facilities are operated and activities conducted so as to Nations civilian use of radioactive materials, to achieve the highest standards of safety that can reasonably be achieved, provide reasonable assurance of adequate measures have to be taken: protection of public health and safety, to promote the common defense and security, and to protect

  • To control the radiation exposure of people and the release of radioactive the environment.

material to the environment

  • To restrict the likelihood of events that might lead to a loss of control over a Source: NRC, Strategic Plan: Fiscal Years 2022-nuclear reactor core, nuclear chain reaction, radioactive source or any other 2026, NUREG-1614, Vol. 8, April 2022.

source of radiation

  • To mitigate the consequences of such events if they were to occur.

Source: IAEA, Fundamental Safety Principles, IAEA Safety Standards Series No.

SF-1, 2006. 4

Regulatory Foundations and Principles:

Nuclear Reactor Safety

  • Normal Operations
  • Occupational
  • Public
  • Effluents and direct radiation exposure
  • Unplanned Events
  • Typically organized into categories such as:
  • Postulated accidents
  • The risk triplet* provides a useful paradigm:
  • What can go wrong?
  • How likely is it?
  • What are the consequences?
  • Stanley Kaplan and B. John Garrick, On The Quantitative Definition of Risk, Risk Analysis, Vol. I, No. 1, March 1981. Source: NUREG/CR-1250, Vol. 1, 1980.

5

Regulatory Foundations and Principles:

Safety Assessment for Facilities and Activities Design Principles

  • Radiation Risks
  • Defense-in-Depth
  • Safety Functions
  • Safety Margins
  • Site Characteristics
  • Barriers
  • Engineering Approach
  • Human Factors Licensing Applications
  • License, Permit, and Certification Applications Operations Analyses
  • Changes to Licenses
  • Limits, Conditions
  • Deterministic
  • Maintenance, Inspections
  • Probabilistic
  • Management, Staffing
  • Safety Criteria
  • Programs (radiation
  • Uncertainty/Sensitivity protection, emergency
  • Verification and Validation preparedness, etc.)

6

Traditional LWR-Centric Approach Anticipated operational occurrences (AOOs) and postulated accidents may be grouped into the following seven types:

1) Increase in heat removal by the secondary system
2) Decrease in heat removal by the secondary system
3) Decrease in reactor coolant system (RCS) flow rate Which apply to non-LWRs?
4) Reactivity and power distribution anomalies Which do not apply to non-LWRs?
5) Increase in reactor coolant inventory Whats missing?
6) Decrease in reactor coolant inventory
7) Radioactive release from a subsystem or component Source: NRC, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition Transient and Accident Analysis, NUREG-0800, Chapter 15.0, Draft Revision 4, July 2023.

7

Traditional LWR-Centric Approach

  • Barrier-based approach with design specifics established based on conservative events defined to challenge barriers. Examples include requirements for:
  • Reactivity insertion rate to protect cladding for decreases in flow
  • Emergency core cooling
  • Containment pressure for loss of coolant accidents
  • Safety-related systems, structures and components (SSCs) to assure:
  • The capability to shut down the reactor and maintain it in a safe shutdown condition
  • The capability to prevent or mitigate accidents which could result in potential offsite exposures comparable to the applicable guidelines
  • Defense in depth provided by multiple barriers along with measures to prevent and mitigate various event categories
  • Design rules such as incorporating the single failure criterion defined by general design criteria (GDC) 8

Lessons Learned & Evolving Requirements

  • Additional requirements added to prevent and mitigate events informed by PRAs and operating experience include anticipated events without scram (ATWS) and station blackout (SBO) which led to terminology such as beyond design basis events
  • Additional focus on human factors (training, control room design) following the accident at Three Mile Island (TMI)
  • Evaluations of containment performance and severe accidents lead to severe accident policies and consideration of PRA insights
  • Advances in PRA lead to policy statements on safety goals and PRA, and guidance for risk-informed decision making (RG 1.174)
  • Events such as 9/11 and the accident at Fukushima Dai-chi lead to addition of mitigating strategies approaches to address degraded plant conditions 9
  • Policy Statements Increasing Use of

Risk-Informed and

Performance-Based

  • White paper on risk-informed and performance-based regulation (SRM-SECY Approaches 0144, 3/1/1999, ADAMS Accession No. ML003753601)
  • Industry PRA consensus standards jointly developed by the American Society of Mechanical Engineers (ASME) and the American Nuclear Society (ANS)
  • The Commissions Phased Approach to PRA Quality
  • Technical Specification Initiatives, e.g., risk-informed completion times (RICTs)
  • Resolution of generic issues
  • Advanced Reactor Policy Statement (73 FR 60612; October 14, 2008)
  • NUREG-1860, Feasibility Study for a Risk-Informed and Performance-Based Regulatory Structure for Future Plant Licensing, 2007
  • Next Generation Nuclear Plant (NGNP)
  • Current pre-licensing and licensing reviews 10

Risk-Informed and Performance-Based Approach:

What is LMP and What Does It Do?

  • The Licensing Modernization Project (LMP) methodology is a technology-inclusive, risk-informed, and performance-based approach developed for informing the licensing basis of non-light water reactors.
  • Developed by the Southern Company
  • Cost-shared by the Department of Energy (DOE)
  • Sponsored by the Nuclear Energy Institute (NEI)
  • NEI 18-04, Rev. 1, Modernization of Technical Requirements for Licensing of Advanced Non-Light Water Reactors: Risk-Informed Performance-Based Technology Inclusive Guidance for Non-Light Water Reactor Licensing Basis Development, August 2019 (ML19241A472).
  • Endorsed by the Nuclear Regulatory Commission (NRC)
  • RG 1.233, Rev. 0, Guidance for a Technology-Inclusive, Risk-Informed, and Performance-Based Methodology to Inform the Licensing Basis and Content of Applications for Licenses, Certifications, and Approvals for Non-Light Water Reactors, June 2020.
  • Uses probabilistic risk assessments and traditional deterministic engineering approaches to risk-inform design decisions and support licensing applications.
  • Methodology centered on: Use the PRA up-front to help define the licensing
  • Licensing basis events (LBEs) basis, rather than after-the-fact to confirm the
  • Safety classification and performance criteria for SSCs acceptability of a design that has been developed
  • Assessing defense in depth using the traditional, deterministic approach.

11

Probabilistic Risk Assessment (PRA) Event Sequences All initiating events Event sequences:

  • Pathways through the event tree Initiating Mitigating Events Frequency Consequence Consequences may be expressed
  • Consists of an initiating Event A B C in a variety of ways, depending on event and one or more f1 c1 the purpose(s) of the PRA:

mitigating event successes

  • Conditional individual early and failures . . fatality risk (per event)
  • All event sequences are
  • Conditional latent cancer important when using PRA fatality risk (per event) to help establish the . .
  • Population dose (person-rem licensing basis per event)
  • Individual event sequences . .
  • Offsite economic consequence may be grouped into ($/event) families (similar challenges
  • Quantity of radioactive material to the plant safety . . released (curies per event) functions, response of the
  • Dose over a specific period at a plant in the performance fn cn fixed location (e.g., the 96-hour of each safety function, dose at the exclusion area response of each boundary (EAB))

radionuclide transport barrier, and end state.) How likely What are the What can go wrong?

is it? consequences?

The Risk Triplet 12

PRA Scope to Support LMP 1)

PRA Elements Plant operating state analysis

2) Initiating event analysis
3) Event sequence analysis
4) Success criteria development
  • All radiological sources 5) Systems analysis
6) Human reliability analysis
  • All plant operating states (at- 7) 8)

Data analysis Internal flood PRA power, various low-power and 9) Internal fire PRA shutdown configurations) 10) 11)

Seismic PRA Hazards screening analysis

12) High winds PRA
  • All internal and external hazards 13) External flooding PRA
14) Other hazards PRA
  • Event sequences modeled from 15) Event sequence quantification
16) Mechanistic source term analysis occurrence of an initiating event 17) Radiological consequence analysis to release or safe stable end state 18) Risk integration

13

LMP: Frequency-Consequence (F-C) Target Plot the results of the PRA for individual event sequences to:

  • Evaluate risk significance of individual LBEs and SSCs
  • Help define the required safety functions (RSFs)

Note: The F-C- Target is not a regulatory acceptance criterion.

14

LMP: Identification of Licensing Basis Events (LBEs)

Event Sequence Family LBE Category Description Mean Frequency Range Plant Response Anticipated Anticipated event sequences expected to occur one or Operational more times during the life of a nuclear power plant, 1x10-2/plant-year Occurrences (AOOs) which may include one or more reactor modules.

Infrequent event sequences that are not expected to Account for the Design Basis Events occur in the life of a nuclear power plant, which may expected response of 1x10-4 to 1x10-2/plant-year (DBEs) include one or more reactor modules, but are less all SSCs within the likely than AOOs. plant regardless of Rare event sequences that are not expected to occur in safety classification.

Beyond Design Basis the life of a nuclear power plant, which may include 1x10-4 to 5x10-6/plant-year Events (BDBEs) one or more reactor modules, but are less likely than a DBE.

Postulated event sequences that are used to set design DBAs are derived from the DBEs by prescriptively criteria and performance objectives for the design of assuming that only Safety Related SSCs are available to Design Basis Accidents Safety Related SSCs. DBAs are derived from DBEs based mitigate postulated event sequence consequences to (DBAs) on the capabilities and reliabilities of Safety-Related within the 10 CFR 50.34 dose limits.

SSCs needed to mitigate and prevent event sequences, respectively. Identified by an integrated decision-making process (IDP) 15

AOOs DBEs BDBEs

< BDEBs 16

LMP: Identification of Risk-Significant Event Sequence Families

  • Risk-significant LBEs are those with frequencies within 1% of the F-C Target with site boundary doses exceeding 2.5 mrem (see crosshatched region of Figure 3-4).
  • To consider the effects of uncertainties, the upper 95th percentile estimates of both frequency and dose should be used.

Source: NEI 18-04, Rev. 1, Figure 3-4 17

LMP: Identifying Risk-Significant SSCs Traditional PRAs Use Relative Risk Significance LMP Uses Absolute Risk Significance Measure Abbreviation Principle

  • Determined by assuming failure of the SSC in Risk Reduction RR ( = 0) performing a prevention or mitigation function and checking how the resulting LBE risks compare with

( = 0) the F-C Target. The LBE is considered within the F-C Fussell-Vesely FV () Target when a point defined by the upper 95th percentile uncertainty of the LBE frequency and dose Risk Reduction RRW estimates is within the F-C Target.

Worth ( = 0)

  • A significant contribution to each cumulative risk Criticality CR

= 1 ( = 0) x metric limit is satisfied when the total frequency of Importance ()

all LBEs with failure of the SSC exceeds 1% of the cumulative risk metric limit based on the mean Risk Achievement RA = 1 () estimates of frequencies and consequences.

  • The total mean frequency of exceeding a site boundary Risk Achievement RAW

= 1 dose of 100 mrem < 1/plant-year (10 CFR 20)

Worth ()

  • The average individual risk of early fatality within 1 mile

+ ( ) of the EAB < 5x10-7/plant-year (QHO)

Partial Derivative PD

  • The average individual risk of latent cancer fatalities within 10 miles of the EAB shall not exceed 2x10-6/plant-Birnbaum year (QHO)

BI = 1 ( = 0)

Importance The term R represents the total risk, R(base) is the risk with each basic event probability set to its base value, and the term xi represents the probability of a basic event i (e.g., the event that a specific valve fails to perform its function). 18

Input from 1. Identify SSC PRA safety 2. Identify and evaluate SSC SSC Safety Classification Process PRA and LBE functions in prevention and capabilities and programs to evaluation mitigation of LBEs support defense-in-depth Safety-significant functions include those classified as 3. Determine required and risk-significant or required for safety-significant functions defense-in-depth Special Treatment for Safety-Significant Functions 6a. Determine SR SSC 7a. Determine required 4a. SSC selected YES 5a. Classify SSC as reliability and capability functional design, SR design to meet required Safety-Related (SR) targets to perform required criteria, and special Only those SSCs selected by safety function?

safety functions treatments designer to perform functions required to keep DBEs and NO high-consequence (> 25 rem)

BDBEs inside the F-C Target 6b. Determine NSRST SSC are classified as SR. All other 4b. Non-SR SSC 5b. Classify SSC as YES reliability and capability 7b. Determine NSRST SSC SSCs not so selected are function is risk Non-Safety Related with targets to perform safety- special treatments considered for classification significant? Special Treatment (NSRST) significant functions.

as NSRST or NST NO 4c. Non-SR SSC function required YES for defense-in-depth adequacy?

6c. Determine NST SSC 5c. Classify SSC as 7c. Determine non-NO reliability and capability Non-Safety-Related with No regulatory NST SSC design targets to meet user Source: NEI 18-04, Rev. 1, Figure 4-1 Special Treatment (NST) requirements requirements 19

Safety Functions and Design Criteria Quality Assurance Principal Design Criterion Fundamental Safety Functions PRA Safety Functions (PSFs) Required Safety Functions safety-significant SSCs (FSFs) (RSFs)

Reactor design-specific SSC Safety functions common to all functions modeled in a PRA A PRA Safety Function that Required Functional Safety-Related Design reactor technologies and that serve to prevent and/or is required to be fulfilled to Design Criteria (RFDC) Criteria (SRDC) designs: mitigate a release of maintain the consequence SR SSCs Assigned to specific SSCs

  • Control heat generation radioactive material or to of one or more DBEs or the that perform RSFs
  • Control heat removal protect one or more frequency of one or more
  • Confinement of barriers to release. high-consequence BDBEs Complementary Design radioactive material inside the F-C Target Criteria (CDC)

NSRST SSCs Principal Design Criteria

  • The general design criteria (GDC) in 10 CFR 50, App. A and the advanced reactor design criteria Designers may also specify (ARDC) in RG 1.232 may be used probabilistic (reliability) criteria in as guideposts for the initial lieu of the single failure criteria.

design

  • Designers may also specify probabilistic (reliability) criteria in lieu of the single failure criteria.

20

LMP SSC Classification Traditional definition of SR SSCs in 10 CFR 50.2 Determined by using Safety-related structures, systems and components the F-C target means those structures, systems and components that are relied upon to remain functional during and following design basis events to assure:

  • The integrity of the reactor coolant pressure boundary Safety- Risk- Safety-
  • The capability to shut down the reactor and PRA-Modeled maintain it in a safe shutdown condition; or Related Significant Significant The capability to prevent or mitigate the SSCs consequences of accidents which could result SSCs SSCs SSCs in potential offsite exposures comparable to the applicable guideline exposures set forth in

§ 50.34(a)(1) or § 100.11 of this chapter, as applicable.

Notice the difference!

Safety-Significant SSCs include: All Plant SSCs

  • Determined by the IDP
  • Includes:

dose limits using conservative assumptions o Risk-significant SSCs o SSCs selected for required safety functions to mitigate o SSCs needed for defense-in-depth DBEs within F-C Target o SSCs selected for required safety functions to prevent high-consequence BDBEs from entering DBE region beyond F-C Target Source: NEI 18-04, Rev. 1, Figure 4-2 21

LMP SSC Safety Categories and Safety Significant SSCs SSCs including radionuclide barriers Safety-Related (SR) Non-Safety-Related with Special Non-Safety-Related with No SSCs Treatment (NSRST) SSCs Special Treatment (NST)

SSCs selected for required safety Non-SR SSCs performing risk- SSCs performing non-safety-functions to mitigate DBEs within significant functions significant functions F-C Target*

SSCs selected for required safety Non-SR SSCs performing functions to prevent high-consequence functions required for BDBEs from entering DBE region defense-in-depth beyond F-C Target

  • SR SSCs are also relied upon during DBAs to meet 10 CFR 50.34 dose limits Safety-Significant Non-Safety-using conservative assumptions SSCs Significant SSCs Source: NEI 18-04, Rev. 1, Figure 4-3 22

Special Treatments (1 of 2)

Special treatment refers to those requirements that provide increased assurance beyond normal industrial practices that structures, systems, and components (SSCs) perform their design-basis functions.

Special Treatment Category SR SSC NSRST SSC NST SSC Requirements Associated with SSC Safety Classification Document basis for SSC categorization by IDP Document evaluation of adequacy of special treatment to support SSC categorization Change control process to monitor performance and manage SSC categorization changes Basic Requirements for All Safety-Significant SSCs Reliability Assurance Program including reliability and availability targets for SSCs in performance of PRA Safety Functions Design Requirements for SSC capability to mitigate challenges reflected in LBEs Maintenance Program that assures targets for SSC availability and effectiveness of maintenance to meet SSC reliability targets Licensee Event Reports 10 CFR 50 Appendix B Quality Assurance Program User provided Quality Assurance (QA) Program for non-safety SSCs 23

Special Treatments (2 of 2)

Special Treatment Category SR SSC NSRST SSC NST SSC Additional Special Treatment Requirements Required Functional Design Criteria case-by-case Technical Specifications Seismic design basis see note see note Seismic qualification testing Protection against design basis external events Equipment qualification testing Materials surveillance testing Pre-service and risk-informed in-service inspections case-by-case Pre-service and in-service testing case-by-case Note: NSRST and NST SSCs required to meet Seismic II/I requirements (required not to interfere with the performance of SR SSC RSFs following a Safe Shutdown Earthquake)

Source: NEI 18-04, Re. 1, Table 4-1 24

Framework for Establishing RIPB Evaluation Input to LBE selection Input to SSC classification Defense-in-Depth Adequacy of DID

  • Input to SSC performance requirements Evaluation of LBEs vs. layers of defense
  • Evaluation of risk margins
  • Evaluation of uncertainties and protective measures
  • Demonstration of adequate DID PRA Risk insights and Deterministic Risk insights and judgments to enhance judgments to enhance Evaluation plant capabilities programmatic assurance Plant Capability Programmatic DID DID
  • Inherent reactor, facility, and site characteristics
  • Performance targets for SSC reliability and capability
  • Radionuclide physical and functional barriers
  • Design, testing, manufacturing, construction, operations, and
  • Passive and active SSCs that perform safety functions maintenance programs
  • SSC reliability in prevention of events
  • Tests, inspections, and monitoring of SSC performance; corrective actions
  • SSC reliability in mitigation of events
  • Operational procedures and training to compensate for human errors,
  • SSC redundancy and diversity equipment failures, and uncertainties
  • Defense against common-cause failures
  • Technical specifications for bound uncertainties
  • Conservative design margins in SSC performance

Layers of Defense Layer Guideline Overall Guidelines Layer of Defense*

Quantitative Qualitative Quantitative Qualitative Maintain frequency of plant transients within designed

1) Prevent off-normal cycles; meet owner requirements for plant reliability and operation and AOOs availability
2) Control abnormal Maintain frequency of all Minimize frequency of operation, detect failures, DBEs < 10-2/plant-year challenges to SR SSCs and prevent DBEs No single design or
3) Control DBEs within the No single design or Meet F-C Target for all LBEs operational feature, no analyzed design basis Maintain frequency of all operational feature relied and cumulative risk metric matter how robust, is conditions and prevent BDBEs < 10-4/plant-year upon to meet quantitative targets with sufficient exclusively relied upon to BDBEs objective for all DBEs margins satisfy the five layers of
4) Control severe plant defense conditions and mitigate No single barrier or plant consequences of BDBEs Maintain individual risks feature relied upon to limit
5) Deploy adequate offsite from all LBEs < QHOs with releases in achieving protective actions and sufficient margins quantitative objectives for prevent adverse impact on all BDBEs public health and safety
  • Adapted from IAEA Safety Report Series No. 46, Assessment of Defense in Depth for Nuclear Power Plants, 2005.

Source: NEI 18-04, Rev. 1, Table 5-2 26

Discussion 27

Acronyms and Initialisms ADAMS Agencywide Documents Access and Management System NEI Nuclear Energy Institute AOO anticipated operational occurrence NGNP Next Generation Nuclear Plant ANS American Nuclear Society NRC Nuclear Regulatory Commission ASME American Society of Mechanical Engineers NRR Office of Nuclear Reactor Regulation ATWS anticipated transient without scram NSRST non-safety related with special treatment BDBE beyond design basis accident NST no special treatment BI Birnbaum importance measure PAG protective action guideline CDC complementary design criteria PD partial derivative importance measure CFR Code of Federal Regulations PRA probabilistic risk assessment CR criticality importance measure PSF PRA safety function DANU Division of Advanced reactors and Non-Power Production and QA quality assurance Utilization Facilities QHO quantitative health objective DBA design basis accident RA risk achievement importance measure DBE design basis event RAW risk achievement worth importance measure DOE Department of Energy RCS reactor coolant system EAB exclusion area boundary REM roentgen equivalent man EPA Environmental Protection Agency RFDC required functional design criteria F-C frequency-consequence RICT risk-informed completion time FR Federal Register RR risk reduction importance measure FSF fundamental safety function RAW risk reduction worth importance measure FV Fussell-Vesely importance measure RSF required safety function GDC general design criteria SBO station blackout IAEA International Atomic Energy Agency SR safety related IDP integrated decision-making process SRDC safety-related design criteria LBE licensing basis event SSC systems, structures, and components LMP Licensing Modernization Project TMI Three Mile Island LWR light water reactor 28

Retrieved from "https://kanterella.com/w/index.php?title=ML23338A279&oldid=3644113"