Text

Modeling Plant and System Response Lecture 4-2 1

Overview Key Topics

• Considerations in modeling process

• Principal modeling tools

- Event trees

- Fault trees

• Methods of analysis

- Linked fault trees

- Event trees with boundary conditions

• Useful tools 2

Overview Resources

• American Nuclear Society and the Institute of Electrical and Electronics Engineers, PRA Procedures Guide, NUREG/CR-2300, January 1983.

• W.E. Vesely, et al., Fault Tree Handbook, NUREG-0492, January 1981.

• R.E. Barlow and F. Proschan, Statistical Theory of Reliability and Life Testing: Probability Models, Second Edition, To Begin With, Silver Spring, MD, 1975.

3

Introduction Standard Framework for Plant/System Analysis 4

Introduction Preliminary Remarks

• Greater variability (art) in modeling post-initiator response than in initiators (at least for operating NPP PRAs)*

• Principal tools (event trees and fault trees) are standard but analysts have modeling choices

- Analysis scope

- Level of detail

- Simplifications

- Parsing of sequence elements

- Method of analysis

• There are exceptions (e.g., modeling of LOOP) 5

Introduction Preliminary Remarks (cont.)

• No one right way, but current processes (e.g., peer reviews, benchmarking, NRC review questions) tend to reduce variability in approaches.

• The act of modeling improves understanding - PRA owners derive maximum benefit if theyre involved in the analysis.

• There are exceptions (e.g., modeling of LOOP) 6

Introduction Cautions

• System details can be intimidating to the uninitiated.

- Need to understand how system works before figuring out how it might fail.

- Time required to develop understanding can be significant.

• Many attempts to automate model construction, none yet satisfactory. Increasing importance for organizations that cycle staff through PRA department.

• Many models already exist.

- Existing models provide templates for new modeling efforts, also serve as points of comparison

- Need to be careful of biases from the anchoring and adjustment heuristic (Lecture 2-3) 7

Modeling Process Example Choices

• Analysis scope (given overall project scope)

- Time (e.g., pre-initiator processes, mission time)

- Space (e.g., single unit vs. multi-unit, regional hazards)

- Organization (e.g., plant staff only, offsite organizations)

• Level of detail

- Piece-part vs. component vs. super-component/module/train

- Sub-task vs. task vs. human failure event (Lecture 5-2) 8

Modeling Process Example Choices (cont.)

• Simplifications

- Unlikely failures and failure combinations (e.g.,

locked manual valves, multiple instrument line valves)

- Failures that should have little effect on performance (e.g., non-safety strip chart recorder)

- Uncredited recovery actions (e.g., untrained, non-proceduralized actions)

- Independence of events (Lecture 6-1)

- Treatment of uncertainty (e.g., Point estimate vs.

full characterization) 9

Modeling Process Example Choices (cont.)

• Simplifications - Miniflow Test Line Example Miniflow Test Line Should the miniflow test T

MV2 line (and valve MV2) be included in the fault tree?

Why or why not?

P1 MV1 CV P2 10

Modeling Process Example Choices (cont.)

• Parsing

- System-based event trees vs. functional event tree vs. no event tree

- Human failure events in event trees or fault trees

- Note:

• Difficulty is conserved

• Results should be the same, given the same modeling assumptions. However, risk communication can be affected 11

Modeling Process Guiding Principles in Choosing

• Availability and quality of supporting evidence

• Required degree of realism

- Key dependencies

- PRA-user confidence Important: choices => responsibility

• Document understanding and assumptions

• Be able to defend analysis - take ownership 12

Analysis Methods and Models Analysis Methods and Models

• Linked fault tree vs event tree with boundary conditions

• Logic modeling vs object-oriented simulation (Lecture 9-3)

• Static vs dynamic (Lecture 9-3) 13

Analysis Methods and Models Linked Fault Tree Example Overbar for success.

Also slash (/).

Initiating Event System 1 System 2 1 No CD 2 Late CD = IE S1 S2 3 Early CD VA P1 VA P3 P2 14

Analysis Methods and Models Fault Tree for System 1 System 1 Failure Assume

• Each pump can supply the necessary flow (i.e., the pumps Failure of Failure of Valve A Both Pumps are redundant), so system failure requires both pumps to fail

• The pumps and the valve have the same electric power source Failure of Failure of (EP) EP VA Pump 1 Pump 2 EP P1 EP P2 15

Analysis Methods and Models Boolean Operators, Laws, etc

• AND: also and multiplication symbols (e.g., * )

• OR: also U V and addition symbols (e.g., +)

• NOT: also / and overscore

• = True, =

• = , =

• = , =

• = , =

• = , =

• =

• = ,

=

16

Analysis Methods and Models Application: Fault Tree to Boolean

• System 1 failure:

1 = 1 2

= 1 2 1 2

=

• More generally, a fault tree can be drawn as the conjunction/union (OR) of all of the minimal cut sets

=

=1 where MCSi is the disjunction/intersection (AND) of the basic elements in the MCS 17

Analysis Methods and Models Simplification via Boolean Reduction 18

Analysis Methods and Models Application: Fault Tree to Success Tree, Minimal Cut Sets to Minimal Path Sets AND OR OR AND Success Failure Failure Success MCS = {EP}, {VA}, {P1, P2} MPS = {/EP, /VA, /P1}, {/EP, /VA}, /P2}

19

Analysis Methods and Models Linked Fault Tree Initiating Event System 1 System 2 1 No CD 2 Late CD 3 Early CD S2 = IE [{/EP, /VA, P1} U {/EP, /VA}, /P2}] [{EP} U {VA} U {P3}]

= IE [{/EP, /VA, P1} U {/EP, /VA}, /P2}] {P3}

Cut Sets: {IE, /EP, /VA, /P1, P3}, {IE, /EP, /VA, /P2, P3}

20

Analysis Methods and Models Event Tree w/Boundary Conditions Example Initiating Event Electric Power System 1 System 2 1 No CD f3 = P{S2l/S1,/EP,IE}

2 Late CD f2 = P{/S1l/EP,IE}

3 Early CD f1 = P{/EPlIE}

4 Early CD Conditional split fraction 2 = 1 , 2 1, ,

= / /1 2 (conditions are understood) l2 = l 1 f1 1 f2 f3 21

Analysis Methods and Models Reminder - Conditional Probability

• Definition A given B => B is assumed to be true

• Venn Diagram A given B =>

The universe of possibilities is B A reduced to B

22

Analysis Methods and Models Linked Fault Trees vs Event Trees w/Boundary Conditions

• Linked fault trees

- Used by most PRA software

- Focus on modeling top events; fault tree software deals with logic-based dependencies

- Special basic event or post-processing rules needed to address other dependencies

- Qualitative information: sequence cut sets, cut sets

• Event trees with boundary conditions

- Less used

- Can be used with reliability block diagrams (discussed later)

- Focus on conditional probabilities, dependencies

- Qualitative information: sequences 23

Useful Tools Useful Tools for Plant Modeling

• Event Sequence Diagrams (ESDs)

• Dependency Matrices

• Note: tools are useful for

- Documenting understanding of system

- Supporting learning by doing (active learning) 24

Useful Tools Event Sequence Diagrams

• Flowchart representing potential scenarios

• Not necessary for simple problems but

- Helps structure thinking regarding myriad possibilities

- Can provide a more literal, richer scenario picture (story) than event trees

• Key parameters and indications

• Important trends

• Loops

• Modeling assumptions

- Documents understanding 25

Useful Tools ESD Concept Probabilistic Risk Assessment Procedures Guide for NASA Managers and Practitioners, NASA/SP-2011-3421, 2nd ed., 2011 26

Useful Tools ESD Example (NPP)

American Nuclear Society and the Institute of Electrical and Electronics Engineers, PRA Procedures Guide, NUREG/CR-2300, January 1983.

American Nuclear Society and the Institute of Electrical and Electronics Engineers, PRA Procedures Guide, NUREG/CR-2300, January 1983.

27

Useful Tools Dependency Matrices

• Tool to help understand and document functional dependencies between systems (and even trains)

• Example:

Support Systems Frontline Systems OP AC-A AC-B SW-A SW-B LPI-A LPI-B LPR-A LPR-B OP X AC-A X X X X AC-B X X X X SW-A (1) X X X SW-B (1) X X X (1) Failure of service water leads to loss of EDG cooling and eventual LOSW (if offsite power is not available).

28

Analysis Methods and Models System Modeling Tools

• Fault Trees

• Reliability Block Diagrams

• Object-Oriented Simulation (Lecture 9-3) 29

Analysis Methods and Models Reliability Block Diagrams Success-oriented, quantitative reliability models 1 +

2 1 + 1 1 = 1 2 = 2 3 3 2 + 2 3 = 5 6 4 = 3 4 = 2 4 6 5 = 1 4 = 3 4 5 6 = 2 5 5 B2 B5

< <

=1 =1 B1 B4 min cut rare event upper bound B3 B6 where 1 1 30

Analysis Methods and Models Comment - Details Matter

• Including the same component in different system models is OK (software algorithms will do Boolean reduction) but errors in labeling can cause errors in results.

• Example: What happens if the analyst for System 1 labels Valve A as S1-VA and the analyst for System 2 labels that valve as S2-VA?

VA P1 VA P3 P2 System 1 System 2 31

Knowledge Check T

MV2 P1 MV1 Check CV Valve P2

• MCS if each pump can provide 100% flow?

• MCS if each pump can provide 50% flow?

32

Knowledge Check (cont.)

Bus 4160 VAC BY Breaker T

Load P1 P2 4160/480 VAC XT MV2 480 VAC BZ Transformer MV1 MV2 P1 MV1 CV P2 Now what are the minimal cut sets?

33

Thought Exercise The plant manager, whos been working at the plant for 40 years, looks at your fault tree for the boiler. He sees that the manual valve at the bottom of the boiler is a single point failure (i.e., a single element MCS). He growls at you Whaddya mean, the valve is going to disappear? And anyways theres no such thing as a random failure!

Whats your response? Hint: There are a number of reasonable choices, but Im just doing my job, is probably not one.

34

35 Closing Remarks

• Rare events => need to search for potential contributors

• Formal tools (e.g., MLDs, ESDs) can:

- help the analyst think about the problem, aid the search process, and increase degree of completeness

- document the analysts understanding and key modeling assumptions

• Examples from past studies provide useful guidance; beware of treating them as templates