Text

DRAFT 1 The risk evaluation includes both the probabilistic risk assessment and alternative approachesfor addressing contributors to risk as defined in section C.II.1.3 of this guide. For example, in lieu of aseismic PRA the applicant can choose to perform a risk-based seismic margins analysis (SMA) perSECY-93-087. The risk-based SMA is a method for estimating the "margin" above the safe shutdownearthquake (SSE) of the design which allows the identification of risk-important design and operationalfeatures, and associated requirements, to mitigate seismic events. In SECY-93-087, it is indicated thatplants designed to withstand a specific ground acceleration SSE should have the capability to withstandbeyond-design-basis earthquakes without resulting in core damage.

C.II.1-1DRAFT WORK-IN-PROGRESSDate: 06/09/06ML061570285C.II.1 PROBABILISTIC RISK ASSESSMENT (PRA)An application for a combined license under 10 CFR 52 needs to include a comprehensive riskevaluation

1. The submitted information should provide complete and detailed documentation ofthe applicant's risk evaluation sufficient to permit the NRC to conclude that it supports theobjectives delineated in section C.II.1.2 of this guide and should include explanatory details and technical data supplemental to that appropriate for inclusion in Chapter 19 of the final safety analysis report (FSAR). C.II.1.1Regulatory Basis The Commission issued 10 CFR Part 52, "Early Site Permits; Standard Design Certifications;and Combined Licenses for Nuclear Power Plants," on April 18, 1989. This rule provides for issuing early site permits (ESPs), standard design certifications, and combined licenses (COLs) with conditions for nuclear power reactors. It states the review procedures and licensing requirements for applications for these new licenses and certifications and was intended to achieve the early resolution of licensing issues, as well as to enhance the safety and reliabilityof nuclear power plants. With regard to severe accidents, 10 CFR Part 52 codifies some parts of the guidance in the Severe Accident Policy Statement and the Standardization PolicyStatement. Specifically, 10 CFR 52.47 requires the following for a COL application: *demonstrate compliance with any technically relevant portion of the TMIrequirements set forth in 10 CFR 50.34(f) *propose technical resolutions of those Unresolved Safety Issues and medium-and high-priority Generic Safety Issues which are identified in the version of NUREG-0933, "A Prioritization of Generic Safety Issues," current on the date 6months prior to application and which are technically relevant to the design *contain a design-specific PRA On March 13, 2006 (71 FR 12782), the NRC published a proposed rulemaking that wouldrevise 10 CFR 52 to identify the specific requirements for COL applications. Included in the proposed rule is the requirement for a COL application to include a "plant-specific probabilisticrisk assessment" (10 CFR 52.80(a)). The NRC has issued guidance for addressing severe accidents and PRA in the followingdocuments: *NRC Policy Statement, "Severe Reactor Accidents Regarding Future Designsand Existing Plants" (Volume 50, page 32138, of the Federal Register (50 FR 32138) dated August 8, 1985) *NRC Policy Statement, "Safety Goals for the Operations of Nuclear Power DRAFT 2 Commission SRM dated June 26, 1990 in response to SECY-90-016. In addition, theCommission approved the use of a containment performance goal (CPG). The CPG includes (1) a deterministic goal that containment integrity be maintained for approximately 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> following theonset of core damage for the more likely severe accident challenges and (2) a probabilistic goal that theconditional containment failure probability (CCFP) be less than approximately 0.1 for the composite of allcore damage sequences assessed in the PRA. C.II.1-2DRAFT WORK-IN-PROGRESSDate: 06/09/06Plants" (51 FR 28044 dated August 4, 1986) *NRC Policy Statement, Nuclear Power Plant Standardization" (52 FR 34844dated September 15,1987) *NRC Policy Statement, "The Use of Pr obabilistic Risk Assessment Methods inNuclear Regulatory Activities" (60 FR 42622 dated August 16, 1995) *SECY-90-016, "Evolutionary Light-Water Reactor (LWR) Certification Issues andTheir Relationship to Current Regulatory Requirements," issued January 12, 1990, and the corresponding staff requirements memorandum (SRM), issued June 26, 1990 *SECY-93-087, 'Policy, Technical, and Licensing Issues Pertaining toEvolutionary and Advanced Light-Water Reactor Designs," issued April 2,1993, and the corresponding SRM, issued July 21, 1993 *SECY-96-128, 'Policy and Key Technical Issues Pertaining to the WestinghouseAP600 Standardized Passive Reactor Design," issued June 12, 1996, and the corresponding SRM, issued January 15,1997 *SECY-97-044, -Policy and Key Technical Issues Pertaining to the WestinghouseAP600 Standardized Passive Reactor Design," issued February 18, 1997, and the corresponding SRM, issued June 30, 1997The first four documents provide guidance as to the appropriate course for addressing severeaccidents and the use of probabilistic risk assessment (PRA). The SRMs relating to SECY-90-016, SECY-93-087, SECY-96-128, and SECY-97-044 provide Commission-approved guidance for implementing features in new designs to prevent severe accidents and to mitigate their effects, should they occur. Summaries of these documents are provided in Appendix A.

C.II.1.2Purpose and Objectives The NRC intends to use the applicant's risk evaluation to conclude the following objectives aremet: !Identify and address potential design and operational vulnerabilities (i.e., failuresor combinations of failures which are large risk contributors that could drive the risk to unacceptable levels) at the design stage

!Determine how the risk associated with design relates to the Commission's goalsof less than 1 E-4/yr for core damage frequency (CDF) and less than 1 E-6/yr for large release frequency (LRF).

2 !Identify risk-informed safety insights based on systematic evaluations of riskassociated with the design:

• Develop an in-depth understanding of design robustness and tolerance ofsevere accidents initiated by either internal or external events*Develop a good appreciation of the risk significance of human errorsassociated with the design and characterize the key errors in preparation DRAFT 3 Applicable for designs that have evolved from light water reactor (LWR) plant technology(contemporary with issuance of the Commission's Severe Accident Policy Statement on August 8, 1985)through the incorporation of features intended to enhance plant safety, availability, and operation. C.II.1-3DRAFT WORK-IN-PROGRESSDate: 06/09/06for better training and more refined procedures

!Identify and support design requirements, such as inspection, tests, analyses,and acceptance criteria (ITAACs), design reliability assurance program (D-RAP),and technical specifications (TS), as well as COL and interface requirements

!Support the process used to determine whether regulatory treatment of non-safety systems (RTNSS) is necessary, if applicable

!Determine, in a quantitative manner, whether the design, including the site,represents a reduction in risk over existing plants.

3!Assess the balance of preventive and mitigative features of the design per 10CFR 52.79 (a) (38) [71 FR 12782] including consistency with Commission guidance in SECY-93-087.

!Support, as a minimum, regulatory oversight processes (e.g., MSPI, SDP) andprograms (e.g., Technical Specifications, reliability assurance, human factors, Maintenance Rule) that will be associated with plant operationsThe review objectives are drawn from 10 CFR Part 52, the Commission's Severe ReactorAccident Policy Statement regarding future designs and existing plants, the Commission'sSafety Goals Policy Statement, the Commission-approved positions concerning severe accidents contained in SECY-93-087, and NRC interest in the use of PRA to help improvefuture reactor designs. In general, the PRA and the staff's review achieve these objectives.The PRA needs to be revised as the plant is constructed and subsequently operated to accountfor updated site-specific information, as-built (plant-specific) information refinements in the level of design detail, Technical Specifications, plant-specific emergency operating procedures, severe accident management guidelines, and design changes. The Commission believes that updated PRA insights, if properly evaluated and used, could strengthen programs and activities in areas such as training, emergency operating procedures development, reliability assurance,maintenance, and 10 CFR 50.59 evaluations. PRA updates are the responsibility of the COL applicant. During the construction stage, theCOL applicant is able to consider as-built information. As plant experience data accumulates, the COL holder is able to update failure rates (taken from generic databases) and human errors assumed in the design PRA and incorporate the information, as appropriate, into quality assurance and maintenance programs. Any changes in the licensing basis during the COL application, construction and operation stages (e.g., changes to address site-specific or plant-specific considerations or resulting from the resolution of COL action items, as-built plant information, and actual plant operational experience) should be evaluated to assess their riskimpact. Such changes, including the associated risk impacts, need to be submitted for NRC review and approval and reflected in the updated PRA updates, as necessary. C.II.1.3Scope The applicant's risk evaluation needs to be comprehensive in scope and include all applicableinternal and external events and all plant operating modes. The scope should be sufficient to DRAFT 4 Risk-informed applications (e.g., implementation of 10 CFR 50.69 or NFPA-805) may involve ascope, level of detail, and/or technical adequacy for the affected areas that is greater than that neededfor the COL application. C.II.1-4DRAFT WORK-IN-PROGRESSDate: 06/09/06enable the NRC staff to meet the objectives identified in section C.II.1.2. The scope of the riskevaluation may need to be expanded if it supports other risk-informed applications.

4 C.II.1.4Level of Detail The level of detail of the applicant's risk evaluation needs to be commensurate with thePurpose and Objectives discussed in C.II.1.2 (i.e., sufficient to gain risk-informed insights and use such risk-insights, in conjunction with assumptions made in the PRA, to identify and support requirements important to the design and plant operation). The risk evaluation shouldrealistically reflect the actual plant design, planned construction, anticipated operationalpractices, and relevant operational experience of the applicant and the industry. The burden is on the applicant to justify that the risk evaluation approach, methods, and data, as well as therequisite level of detail necessary for the NRC staff review and assessment, are appropriate forthe COL application. Additional guidance on the level of detail that should be provided in therisk evaluation is in Regulatory Guide 1.200, "An Approach For Determining The Technical Adequacy Of Probabilistic Risk Assessment Results For Risk-Informed Activities" andRegulatory Guide 1.174, "An Approach for Using Probabilistic Risk Assessment In Risk-Informed Decisions On Plant-Specific Changes To The Licensing Basis."In cases where detailed design information (such as regarding cable and pipe routing) is notavailable or when it can be shown that detailed modeling does not provide significant additional information, it is acceptable to make bounding-type assumptions consistent with RG 1.200 guidelines. However, the risk models should still be capable to be used to identifyvulnerabilities as well as design and operational requirements, such as ITAAC and COL actionitems. In addition, the bounding assumptions should not mask any risk significant information about the design and its operation. C.II.1.5Technical Adequacy The quality of the applicant's methodologies, processes, analyses, and personnel associatedwith the risk evaluation need to comply with the provisions for nuclear plant quality assurance (e.g., Appendix B to 10 CFR Part 50). To this end, the applicant's risk evaluation submittal needs to meet the applicable ASME and ANS standards endorsed by the staff in Regulatory Guide 1.200 at the time of submittal. In addition, the risk evaluation should adhere to the recommendations provided in Regulatory Guides 1.200 and 1.174 pertaining to quality and technical adequacy. Such adherence will result in a more efficient and consistent NRC staffreview process. Alternatively, the applicant should identify, and justify the acceptability of,alternative measures for addressing the risk evaluation quality and technical adequacy. Special emphasis, as noted in RG 1.200, Appendix A (Table A-1, Element 1.1), should beplaced on PRA modeling of novel and passive features in the design, as well as addressing issues related to these features, such as digital instrumentation and control, explosive (squib)

DRAFT 5 The issue of T-H uncertainties arises from the "passive" nature of safety-related systems usedfor accident mitigation. Passive safety systems rely on natural forces, such as gravity, to perform theirfunctions. Such driving forces are small compared to those of pumped systems, and the uncertainty intheir values, as predicted by a "best-estimate" T-H analysis, can be of comparable magnitude to thepredicted values themselves. Therefore, some accident sequences with a frequency high enough toimpact results, but which are not predicted to lead to core damage by a "best-estimate" T-H analysis,may actually lead to core damage when T-H uncertainties are considered in the PRA models.C.II.1-5DRAFT WORK-IN-PROGRESSDate: 06/09/06valves, and the issue of thermal hydraulic (T-H) uncertainties

5. C.II.1.6Risk Insights The applicant, in addition to using the PRA models to assess risk and determine significantaccident sequences and major contributors, needs to perform uncertainty, importance and sensitivity analyses. Such analyses provide important information about (1) areas where certain design features are the most effective in reducing risk with respect to operating reactor designs, (2) major contributors to risk, such as hardware failures and human errors, (3) major contributors to maintaining the "built-in" plant safety and ensuring that the risk does notincrease unacceptably, (4) major contributors to the uncertainty associated with the risk estimates, and (5) sensitivity of risk estimates to uncertainties associated with failure data, to assumptions made in the PRA models, to lack of modeling details in certain areas, and to previously raised issues.For designs that have evolved from current plant technology, through the incorporation ofseveral features intended to make the plant safer, more available and easier to operate, the results of the risk evaluation should indicate that the design represents a reduction in risk overexisting plants.

3 For this purpose, a broad comparison of risks, by initiating event category,between the proposed design and operating plants (from which the proposed design evolved) can be helpful in the identification of the major design features that contribute to the reducedrisk of the proposed design as compared to operating designs.(e.g., passive systems, lessreliance on offsite and onsite power for accident mitigation, and divisional separation).The impact of uncertainties in data on the risk estimates should be investigated. The uncertainty analysis should identify major contributors to the uncertainty associated with the estimated risks.Risk importance studies should be performed at the system, train and component level. Suchstudies provide very useful insights about (1) the systems that contribute the most in achievingthe low risk level assessed in the PRA, (2) events (e.g., component failures or human errors) that contribute the most to decreases in the "built-in" plant safety level, (3) events thatcontribute the most to the assessed risk.Sensitivity studies should be performed to gain insights about the impact of uncertainties (andpotential lack of detailed models) on the estimated risk. The sensitivity studies have the following objectives: (1) determine the sensitivity of the estimated risk to potential biases in numerical values, such as initiating event frequencies, failure probabilities, and equipmentunavailabilities; (2) determine the impact of potential lack of modeling details on the estimatedrisk, and (3) determine the sensitivity of the estimated risk to previously raised issues (e.g.,

DRAFTC.II.1-6DRAFT WORK-IN-PROGRESSDate: 06/09/06MOV reliability). In addition, for designs using passive safety systems and active "defense-in-depth" systems, sensitivity studies can be performed to investigate the impact of uncertaintieson PRA results under the assumption of plant operation without credit for the non-safety-related "defense-in-depth" systems. These studies provide additional insights about the riskimportance of the "defense-in-depth" systems which are taken into account in selecting non-safety-related systems for regulatory oversight according to the "regulatory treatment of non-safety-related systems" (RTNSS) process. The applicant needs to use the results of the risk evaluation, including those from theuncertainty and importance analyses and the sensitivity studies, in an integrated fashion, to perform the following:

!address weaknesses through specific design and/or operational changes

!identify and implement requirements to ensure that assumptions made in the riskevaluation (e.g., regarding design and operational features of a safety system,system interactions and human actions) will remain valid in a future plantreferencing the proposed design and that uncertainties have been appropriately addressed. These are specific requirements for the design, construction, testing, inspection and operation of the plant (e.g., ITAAC, Technical Specifications, Reliability Assurance Program, RTNSS, and COL action items).The applicant's submittal needs to include the results of the risk evaluation and a discussion ofthe corresponding insights. In addition, the submittal should address the application andimplementation of the acquired risk insights. C.II.1.7Format and Content The applicant needs to provide an acceptable level of documentation to enable the NRC staff toconclude that the objectives identified in section C.II.1.2 were met and to reach a finding that the applicant has performed a sufficiently complete and scrutable analysis and that the resultssupport the application for a COL. The submitted risk evaluation needs to include adequateinformation, in terms of both models (initiating events, fault and event trees, success criteria, data, important assumptions and calculations) and results (minimal cut sets, importance, sensitivity, and uncertainty analyses). Consistent with practices for operating plants, the applicant does not need to provide all plant-specific, site-specific PRA information to the NRC; but, the applicant needs to maintain suchinformation and make it available for NRC review. Documentation of the risk evaluation processand findings should be provided and, additionally, should include a description of the applicant's provisions to ensure adequacy per Regulatory Guide 1.200. To support the NRC staff's timely review and assessment of the documentation, applicantsshould adhere to the recommended format and content identified in Appendix B, ProbabilisticRisk Assessment to Support a Combined License Application, Standard Format and Content. In addition to submitted documentation, the applicant should maintain archival documentation toinclude a detailed description of engineering analyses conducted and results obtained, irrespective of whether they were quantitative or qualitative or whether the analyses made useof traditional engineering methods or probabilistic approaches. Such documentation should be DRAFTC.II.1-7DRAFT WORK-IN-PROGRESSDate: 06/09/06maintained as part of the quality assurance program such that it is available for examinationand maintained as lifetime quality records in accordance with Regulatory Guide 1.33. C.II.1.8PRA Maintenance and Upgrade The applicant should develop a PRA maintenance program based on RG 1.200 configurationcontrol guidance.

DRAFTC.II.1-8DRAFT WORK-IN-PROGRESSDate: 06/09/06APPENDIX ANRC Regulatory Guidance on Severe AccidentsThe Commission expects that new designs will achieve a higher standard of severe accidentsafety performance than previous designs.

3 In an effort to provide this additional level of safetyin the design of advanced nuclear power plants, the NRC has developed guidance and goals toaccommodate events that are beyond the design basis of the plant. Designers should strive tomeet these goals. For advanced nuclear power plants, including both the evolutionary and passive designs, theNRC concluded that vendors should address severe accidents during the design stage. Designers can take full advantage of the insights gained from such input as probabilistic safetyassessments, operating experience, severe accident research, and accident analysis by designing features to reduce the likelihood that severe accidents will occur and, in the unlikelyoccurrence of a severe accident, to mitigate the consequences of such an accident.

Incorporating insights and design features during the design phase is much more cost effective than modifying existing plants. Severe Accident Policy Statement. The Commission issued its policy statement entitled,"Severe Reactor Accidents Regarding Future Designs and Existing Plants," on August 8, 1985.

This policy statement was prompted by the NRC's judgment that severe accidents, which arebeyond the traditional design-basis events, constitute the major remaining risk to the public associated with radioactive releases from nuclear power plant accidents. A fundamental objective of the Commission's severe accident policy is to take all reasonable steps to reduce the chances that a severe accident involving substantial damage to the reactor core will occurand to mitigate the consequences of such an accident, should one occur. This statement describes the policy that the Commission uses to resolve safety issues related to reactor accidents more severe than DBAs. The statement focuses on the guidance and procedures the Commission intends to use to certify new designs for nuclear power plants. Regarding the decision process for certifying a new standard plant design, an approach the Commission strongly encouraged for future plants, this policy statement affirms the Commission's belief that a new design for a nuclear power plant can be shown to adequately address severe accident concerns if it meets the following guidance: *demonstration of compliance with the requirements of current Commissionregulations, including the TMI requirements for new plants, as reflected in 10 CFR 50.34(f) *demonstration of technical resolution of all applicable unresolved safety issues(USI) and the medium- and high-priority generic safety issues (GSI), including a special focus on assuring the reliability of decay heat removal (DHR) systemsand the reliability of both alternating current (ac) and direct current (dc) electricalsupply systems *completion of a PRA and consideration of the severe accident vulnerabilitiesexposed by the PRA, along with the insights that it may add to providing assurance of no undue risk to public health and safety *completion of a staff review of the design with a conclusion of safetyacceptability using an approach that stresses deterministic engineering analysesand judgment, complemented by PRA DRAFT 6 Following the 1979 accident at the Three Mile Island (TMI) Nuclear Plant, Unit 2, it wasrecognized that "severe accidents" (i.e., those in which substantial damage is done to the reactor core, regardless of whether serious offsite consequences occur) needed further attention. The NRCevaluated, generically, the capability of existing plants to tolerate a severe accident. The NRC found thatthe design-basis approach contained significant safety margins for the analyzed events. These marginspermitted operating plants to accommodate a large spectrum of severe accidents. Based on thisinformation, the Commission, in the Severe Accident Policy Statement (50 FR 32138, August 8, 1985),concluded that existing plants posed no undue risk to public health and safety and that no basis existedfor immediate action on generic rulemaking or other regulatory changes affecting these plants becauseof the risk posed by a severe accident. To address this issue for operating plants in the long term, theNRC issued SECY-88-147, "Integration Plan for Closure of Severe Accident Issues," in May 1988. Thisdocument identified the necessary elements for closure of severe accidents:*performance of an individual plant examination *assessment of generic containment performance improvements*improved plant operations *a severe accident research program *an external events program *an accident management programC.II.1-9DRAFT WORK-IN-PROGRESSDate: 06/09/06At the time it issued the Severe Accident Policy Statement, the Commission believed that anadequate basis existed to establish appropriate guidance. This belief was supported by the current operating reactor experience, ongoing severe accident research, and insights from a variety of risk analyses. The Commission recognized the need to strike a balance between accident prevention and consequence mitigation,'and in doing so, expected vendors engaged indesigning new standard plants to achieve a higher standard of severe accident safety performance than they achieved in previous designs.

6Safety Goals Policy Statement. The Commission issued its policy statement entitled, "SafetyGoals for the Operation of Nuclear Power Plants," on August 4, 1986. This policy statementfocused on the ri sks to the public from nuclear power plant operations with the objective ofestablishing goals that broadly define an acceptable level of radiological risk that might beimposed on the public as a result of nuclear power plant operation. These risks are associatedwith the release of radioactive material from the reactor to the environment during normal operations, as well as from accidents. The Commission established the following two qualitative safety goals: (1) Individual members of the public should be provided a level of protection from the consequences of nuclear power plant operation such that individuals bear no significant additional risk to life and health.

(2) Societal risks to life and health from nuclear power plant operation should becomparable to or less than the risks of generating electricity by viable competingtechnologies and should not be a significant addition to other societal risks. These goals are supported by the following two quantitative objectives that determineachievement of the above safety goals:(1) The risk to an average individual in the vicinity of a nuclear power plant of a prompt fatality that might result from reactor accidents should not exceed one-tenth of onepercent (0.1 percent) of the sum of prompt fatality risks resulting from other accidents towhich members of the U.S. population are generally exposed.

(2) The risk to the population in the area near a nuclear power plant of cancer fatalities DRAFTC.II.1-10DRAFT WORK-IN-PROGRESSDate: 06/09/06that might result from nuclear power plant operation should not exceed one-tenth of onepercent (0.1 percent) of the sum of cancer fatality risks resulting from all other causes. This statement of the NRC safety policy expresses the Commission's views on the level of riskto public health and safety that the industry should strive for in its nuclear power plants. The Commission recognizes the importance of mitigating the consequences of a core melt accident and continues to emphasize such features as the containment, siting in less populated areas, and emergency planning as integral parts of the defense-in-depth concept associated with its accident prevention and mitigation philosophy. The Commission approves the use of the qualitative safety goals, including use of the quantitative health effects objectives, in the regulatory decisionmaking process. Standardization Policy Statement. The Commission issued its policy statement entitled,"Nuclear Power Plant Standardization," on September 15, 1987. This policy statementencourages the use of standard plant designs and contains information concerning the certification of plant designs that are essentially complete in terms of scope and level of detail.

The intent of these actions was to improve the licensing process and to reduce the complexity and uncertainty in the regulatory process for standardized plants. With respect to severe accidents, the NRC expects applicants to address the guidance for new plant designs providedin the Commission's Severe Accident Policy Statement.Use of PRA Methods in Nuclear Regulatory Activities Policy Statement. The Commissionissued its policy statement entitled, "Use of Nuclear Probabilistic Risk Assessment Methods inNuclear Regulatory Activities," on August 16, 1995. This statement outlines the policy that theNRC will follow for using PRA methods in nuclear regulatory matters. The Commissionestablished this policy so that the many potential applications of PRA could be implemented in aconsistent and predictable manner to promote regulatory stability and efficiency. TheCommission adopted the following policy statement regarding the expanded NRC use of PRA: *The use of PRA technology should be increased in all regulatory matters to theextent supported by the state-of-the-art in PRA methods and data and in amanner that complements the NRC's deterministic approach and supports theNRC's traditional defense-in-depth philosophy. *PRA and associated analyses (e.g., sensitivity studies, uncertainty analyses, andimportance measures) should be used in regulatory matters, where practical within the bounds of the state-of-the-art, to reduce unnecessary conservatism associated with current regulatory requirements, regulatory guides, license commitments, and staff practices. Where appropriate, PRA should be used to support the proposal for additional regulatory requirements, in accordance with 10 CFR 50.109 (Backfit Rule). Appropriate procedures for including PRA in the process for changing regulatory requirements should be developed and followed.

It is, of course, understood that the intent of this policy is that existing rules and regulations shall be complied with unless such rules and regulations are revised. *PRA evaluations in support of regulatory decisions should be as realistic aspracticable and appropriate supporting data should be publicly available for review. *The Commission's safety goals for nuclear power plants and subsidiarynumerical objectives are to be used with appropriate consideration of uncertainties in making regulatory judgments on the need for proposing and DRAFTC.II.1-11DRAFT WORK-IN-PROGRESSDate: 06/09/06backfitting new generic requirements on nuclear power plant licensees. SECY-90-016. On January 12, 1990, the NRC staff issued SECY-90-016 which requestedCommission approval for the staff's recommendations concerning proposed departures from current regulations for the evolutionary light-water reactors (LWR). The issues in SECY-90-016 were significant to reactor safety and fundamental to the NRC decision on the acceptability ofevolutionary LWR designs. The positions in SECY-90-016 were developed as a result of the following activities:*NRC reviews of current-generation reactor designs and evolutionary LWRs *consideration of operating experience, including the TMI-2 accident

• results of PRAs of current-generation reactor designs and the evolutionaryLWRs *early efforts conducted in support of severe accident rulemaking

• research to address previously identified safety issuesThe Commission approved some of the staff positions stated in SECY-90-016 and providedadditional guidance regarding others in an SRM dated June 26, 1990.SECY-93-087. On April 2, 1993, the NRC staff issued SECY-93-087 which sought Commissionapproval for the staff's positions pertaining to evolutionary and passive LWR design certification policy issues. This paper evolved from SECY-90-016. SECY-93-087 addresses the following preventive and mitigative feature issues relating to the AP 1000:Preventive: *anticipated transient without scram (ATWS)

• mid-loop operation

• station blackout (SBO)

• fire protection

• inter-system loss-of-coolant accident (ISLOCA)Mitigative:

• hydrogen control

• core debris coolability *high-pressure core melt ejection

• containment performance

• dedicated containment vent penetration

• equipment survivability *containment bypass potential resulting from steam generator tube ruptures The Commission approved some of the staff positions stated in SECY-93-087 and providedadditional guidance regarding others in an SRM dated July 21, 1993.SECY-96-1 28. On June 12, 1996, the NRC staff issued SECY-96-128 which soughtCommission approval for the staff's position pertaining to the AP600 reactor design. The issues involving severe accidents include the following:*prevention and mitigation of severe accidents

• external reactor vessel cooling (ERVC)

The Commission provided additional guidance concerning prevention and mitigation of severe DRAFTC.II.1-12DRAFT WORK-IN-PROGRESSDate: 06/09/06accidents and approved the staff's position concerning ERVC in an SRM dated January 15, 1997.SECY-97-044. On February 18,1997, the NRC staff issued SECY-97-044 which provided theCommission with additional information regarding prevention and mitigation of severe accidents. This paper responded to the Commission's SRM dated January 15, 1997, and provided additional information regarding the type of non-safety-relat ed system that wouldachieve an appropriate balance between prevention and mitigation of severe accidents for the AP600 reactor design, which is also applicable to the AP1 000 design. The Commission approved the staff's position in an SRM dated June 30, 1997. Severe Accident Resolution. The basis for resolving the severe accident issues associated withnew reactor designs are the requirements of 10 CFR Part 52 and the guidance, as applicable, in SECY-93-087, SECY-96-128, SECY-97-044, and other SECY papers as approved by the Commission.

DRAFTC.II.1-13DRAFT WORK-IN-PROGRESSDate: 06/09/06APPENDIX B Probabilistic Risk Assessment to Support a Combined License Application Standard Format and Content [Note: This standard format is consistent with the guidance provided in RegulatoryGuide 1.200, "An Approach For Determining The Technical Adequacy Of ProbabilisticRisk Assessment Results For Risk-Informed Activities," and adapted to the specific uses of the PRA to support a COL application. The content of the applicant's submittal should include adequate information (e.g., interms of models, results, and interpretation of results) to enable the NRC staff toconclude whether the objectives identified in C.II.1.2 are met. The requisite level of detail, technical adequacy, and risk insights to be included in the submittal are identified in sections C.II.1.4, C.II.1.5, and C.II.1.6, respectively.] 1.0Introduction - General Overview2.0Core Damage Evaluation (includes internal and external events)2.1Methodology Overview2.2Internal Events (includes shutdown operation)2.2.1Initiating Events 2..2.2Success Criteria

2.2.3 Accident

Sequence

2.2.4 Systems

Analyses 2.2.5Parameter Estimation

2.2.6 Human

Reliability Analysis

2.2.7 Quantification

(including results) 2.2.8 Importance, Sensitivity, and Uncertainty Analyses 2.2.9Internal Floods2.2.9.1Methodology and Approach 2.2.9.2Flood Identification 2.2.9.3Flood Evaluation 2.2.9.4Quantification (including results) 2.2.9.5Importance, Sensitivity, and Uncertainty Analyses 2.2.10Internal Fires2.2.10.1Methodology and Approach 2.2.10.2Screening Analysis 2.2.10.3Fire Initiation 2.2.10.4Fire Damage 2.2.10.5Plant Response Analysis and Quantification2.2.10.6Quantification (including results) 2.2.10.7Importance, Sensitivity, and Uncertainty Analyses DRAFTC.II.1-14DRAFT WORK-IN-PROGRESSDate: 06/09/062.3External Events2.3.1Methodology and Approach 2.3.2Screening and Bounding Analysis 2.3.3Hazard Analysis 2.3.4Fragility Analysis 2.3.5Accident Sequence and System Model Modification 2.3.6Quantification (including results) 2.3.7Importance, Sensitivity, and Uncertainty Analyses 2.4 Conclusions and Insights related to Core Damage Evaluation 2.4.1Significant Accident Sequences 2.4.2Integrated Insights from the Importance, Sensitivity, and UncertaintyAnalyses2.4.3Risk-significant Design Features and Operator Actions [Note: Include a discussion of features that contribute significantly to thereduced risk, by initiating event category, as compared to operating plant designs, if applicable.]3.0Containment Performance & Radionuclide Release Assessment 3.1Severe accident treatment 3.1.1Treatment of physical processes/phenomena (including evaluations inaccordance with SECY-93-087)3.1.2Severe accident analysis methods/models 3.1.3Severe accident progression for key core damage sequences3.2Containment event tree analysis3.2.1Interface with core damage evaluation 3.2.2Containment event tree top events and success criteria3.2.3Release category definitions3.3Containment ultimate pressure capacity and conditional containment failureprobability3.4Quantification of release frequency and source terms 3.5Importance, sensitivity, and uncertainty analyses 3.6Interpretation of results and insights (including comparisons with goals) 3.7Conclusions and insights related to containment performance assessment4.0Offsite Consequence Evaluation [Note: applicable if such information is included in applicant's PRA] 4.1Methodology Overview 4.2Interface with Containment Performance Assessment DRAFTC.II.1-15DRAFT WORK-IN-PROGRESSDate: 06/09/064.3Evaluation of Fission Product Source Terms 4.4Dose Consequence Modeling 4.5Quantification and Results 4.6Importance, Sensitivity, and Uncertainty Analyses

4.7 Conclusions

and Insights related to Offsite Consequences Evaluation 5.0Use of PRA in the Design Process [Note: Address how the PRA was used in the design process to achieve the followingobjectives (and provide examples): 1) identify vulnerabilities in operating reactor designsand introduce features and requirements to reduce or eliminate those vulnerabilities; 2) quantify the effect of new design features and operational strategies on plant risk.]6.0 Risk Evaluation Conclusions

[Note: Address how the purpose and objectives are met.]5.1CDF, LERF, and offsite dose from internal, external, and low-power events 5.2Important features for reducing risk 5.3PRA input to regulatory processes and programs (e.g., RAP, RTNSS, Tier 1,COL action items, man-machine-interface, EOPs, SAMG) 7.0PRA Maintenance Program/Process DRAFTDRAFT WORK-IN-PROGRESSC.II.1-15Date: 06/09/064.3Evaluation of Fission Product Source Terms 4.4Dose Consequence Modeling 4.5Quantification and Results 4.6Importance, Sensitivity, and Uncertainty Analyses

4.7 Conclusions

and Insights related to Offsite Consequences Evaluation 5.0Use of PRA in the Design Process [Note: Address how the PRA was used in the design process to achieve the followingobjectives (and provide examples): 1) identify vulnerabilities in operating reactor designsand introduce features and requirements to reduce or eliminate those vulnerabilities; 2) quantify the effect of new design features and operational strategies on plant risk.]6.0 Risk Evaluation Conclusions

[Note: Address how the purpose and objectives are met.]5.1CDF, LERF, and offsite dose from internal, external, and low-power events 5.2Important features for reducing risk 5.3PRA input to regulatory processes and programs (e.g., RAP, RTNSS, Tier 1,COL action items, man-machine-interface, EOPs, SAMG) 7.0PRA Maintenance Program/Process ADAMS Accession Number: ML 061570285COG Project Manager: Tom Kevern, 415-0224OFFICETECH ED DNRL/NRRNGDB/DNRLBC: APLB/DRABC: APLA/DRANAMEPGarrityPMagnanelli(LA)TKevern (PM)L. MrowcaM. RubinDATE OFFICEDD: DRAOGCNAMEM. TschiltzDATEOFFICIAL RECORD COPY