ML031110430

From kanterella
Revision as of 20:10, 25 March 2020 by StriderTol (talk | contribs) (StriderTol Bot insert)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
E-mail from G. Lanik to D. Marksberry, Regarding ASP Insights
ML031110430
Person / Time
Site: Davis Besse Cleveland Electric icon.png
Issue date: 04/30/2002
From: Lanik G
Office of Nuclear Regulatory Research
To: Long S, Marksberry D, O'Reilly P
Office of Nuclear Reactor Regulation, Office of Nuclear Regulatory Research
References
FOIA/PA-2003-0018
Download: ML031110430 (5)
v  d  e


Text

- 1.._ _~_@-X4^I~d2I. 9 kde*

[ Don Marksberry - ASP insights.wpd I Don Marksberry-ASP insghts.wpd Page 1 From: George Lanik / ZZ , ;E5 To: Don Marksberry; Aatrick O'Reilly, Steven Long Date: Tue. Apr 30, 2002 11:17 AM

Subject:

ASP insights Don, Steve I revised the short paper I sent to you earlier. See attached. Any comments now 9 Thanks, George XJQ\

As- f w^-.

YAW-Don Marksbe.rry

. .....gfl2- - aASPcf

- .wpd t.. 00

........-1.

-.....- ................. .......... .. ..... ..... .... -.... ........... ..I -......-.a ..... ........ ge..

.11-....

MEMORANDUM TO: Farouk Eltawila, Director, Chief Division of Systems Analysis and Regulatory Effectiveness Office of Regulatory Research THRU: John Flack, Chief Regulatory Effectiveness Analysis and Human Factors Branch Division of Systems Analysis and Regulatory Effectiveness Office of Regulatory Research FROM: George F. Lanik, Team Leader Regulatory Effectiveness Analysis and Human Factors Branch Division of Systems Analysis and Regulatory Effectiveness Office of Regulatory Research

SUBJECT:

REGULATORY EFFECTIVENESS OBSERVATIONS FROM RECENT ASP ANALYSES As part of the RES activity associated with regulatory effectiveness and independent review of operating experience, REAHFB staff developed some observations based on the information in the SECY-02-0041 "STATUS OF ACCIDENT SEQUENCE PRECURSOR AND SPAR MODEL DEVELOPMENT PROGRAMS" (03/08/2002). Table 6 of SECY-02-0041 lists the precursor events not typically modeled in PRAs or IPEs - the table covers ASP events for the years 1993 to 2000 and identifies eight precursors, some affecting multiple units.

6E-03 5E-03 - ccop___

0X 4E CCDP NOTI PRA g 3E E 2E-03 - -_As__

1 E-03 - ____

0 E+00 -- 5 Range E^4 Range E-3 Range Figure 1 - CCDP Not Captured in Typical PRA We collected the CCDP values of all ASP events with CCDP > E-5 for the years 1993 to 2000.

We grouped the events within CCDP ranges of E-5, E-4, and E-3, and added the CCDPs of all events in each group. We did the same for all events listed in the table as not covered by a typical PRA. The results are presented in figure 1.

We also plotted the CCDP values in rank order in Figure 2, distinguishing between PRA and non-PRA events. The results show that a few high CCDPs contribute more of the cumulative CCDP than the sum of a large number of lower CCDP events. It also shows that 5 ASP events or conditions not included in PRAs (of a total of 8) are concentrated among the top ten high

,Don Marksbexrfy- aASPgflwp Page2 CCDPs. The ASP program looks at many events which are not quantified - this discussion only addresses those which are quantified.

The results show that for events with CCDP > E-5:

(1) approximately 48% of the cumulative CCDP from ASP events is not modeled in current PRAs; and (2) events with higher CCDPs are much less likely to be represented in current PRAs - only about 5.4% for events in the E-5 CCDP range, 38% in the E-4 range, while over 58% in the E-3 CCDP range are not represented in current PRAs.

Several High CCDP Events Not In PRAs 1E-02

_ - - -__ -_ -_- -:::: _-o - - -

_-Ev~ets h PRA

> 1E _

il E,.,to NOTI PRA o t *a-A--Be L) 1 E-04 -. _ ____

1E-05 10 20 30 CCDP Rank of Event Figure 2 - ASP Events Ranked by CCDP 1993-2000 A s seen in Figure 2, the cumulative CCDP is dominated by a small number of events. The E-3 group includes only two events - the highest CCDP is the Wolf Creek blow-down event. During that event, while in hot shutdown, operator errors resulted in a loss of primary coolant via a flow path which by-passed containment and could have disabled the ECCS pumps which are used to restore reactor coolant. That event was a shutdown event, and PRAs do not typically model shutdown events.

One other observation regarding the Wolf Creek event is pertinent. Wolf Creek involved a LOCA, potentially inoperable ECCS, containment bypass, human error, and limited time for operator response. However, immediately following the event, neither the licensee nor the NRC recognized the significance of the event - the licensee did not plan to issue an LER. The region issued a morning report which did not address the significance of the event. The potential significance was recognized by a manager in headquarters with the authority to initiate a more thorough assessment of the event. If this precursor had not been identified, about one third of the cumulative CCDP for the period 1993-2000 would have been missed.

This highlights the importance of an aggressive inspection and oversight process in ensuring that potentially significant events and conditions (even if not counted as such in risk models) are recognized and investigated. Precursors such as Wolf Creek, while not included in current PRAs, can and should be quantified when the details and mechanics of the event are understood. Absent an aggressive inspection and oversight process, failure to identify such precursors can result in significant underestimation of risk and unwarranted confidence regarding nuclear safety performance.

The recent Davis-Besse reactor vessel head corrosion event is another example of a risk-significant condition not considered in current PRAs. Boric acid ate away carbon steel

[ Don Marksb~errv - aASPgfl2.wpd ~~ _ ._ Cows we .w w~~~~~ave aOww{t Y l

Don Marksberrv aASPafl2.wpd

.... .... ww. ww.. . Awe Page 31 leaving only the thin layer of stainless cladding intact.

On the other hand, the recent condition at Point Beach with a potential common mode failure of the AFW system on loss of air which existed for the life of the plant was also not modeled in the plant PRA. Although AFW failure modes are typically modeled, the plant-specific unrecognized system interaction with the air system leading to common mode failure of both AFW trains at Point Beach was not modeled.

The NRC has adopted a regulatory approach which focuses oversight activities on high risk sequences developed from existing plant PRAs. It can be argued that what is analyzed and measured has resulted in actions to reduce the most significant risks. However, the ASP results show that many high risk scenerios are not modeled in the PRAs.

It is understandable that some events not represented in PRAs would appear with high CCDPs.

Nuclear plants are complex machines which are difficult to model accurately; and large uncertainties exist in model results due equipment and operator performance. For situations where high risk event sequences have been identified in a PRA, licensee or regulatory action has been taken to limit the risk to a small fraction of the total risk - if the risk is recognized and measured, it will be addressed. The benefits would show up both in CDF and CCDP.

However, sequences which are not recognized or are eliminated would not show a contribution in risk space. The PRA is a normative tool for those sequences it includes, but has no impact on the risk profile of those not included. Or stated differently: if the risk is not measured, it is less likely to be addressed than if it is measured.

As a consequence, inspectors and reviewers must continue to address events or conditions which: reduce defense in depth; manifest previously unrecognized common mode failure mechanism or system interactions; invalidate the assumptions of current PRAs; and are not included in current PRAs.

We believe the ASP results suggest the following general observations:

(1) the ASP program is of unique value because it quantifies the risk of events not modeled in current PRAs or IPEs - and those appear to account for a large fraction of the cumulative CCDP; (2) the current NRC policy of risk-informed, performance-based (rather than risk-based) is bolstered since ASP shows that a large fraction of CCDP is not included in PRAs; in particular, regulatory approaches to reduce or eliminate inspection and review programs based on risk estimates need to address the concern that a large fraction of the risk may be missed by the PRA; (3) the risk-informed approach is important to direct attention to important systems, however, the ASP results provide motivation to NRC inspectors and reviewers to maintain a "questioning attitude" and an open mind regarding identification of safety concerns not adequately treated in PRAs; (4) a mechanism is needed to better incorporate the lessons learned from events and conditions found in operating experience into PRAs and IPEs as part of updating of risk models.

fDnn Mnrkhprrv - nARPfI2 wnrd l llL4E l8_yl l l Ad Gil Hllf * '-be,, ,,,, ,,, _

Page41 IE OVA It is sometimes difficult to identify the risk significance of events or conditions, even if they are included in a typical PRA. It is much more difficult to identify the risk significance of events or conditions if they are not included in the oversight guidance or the plant's PRA. Consequently, important precursors may be missed under any oversight program. Events and conditions will continue to occur which are not included in PRAs. Given that about half of the cumulative CCDP of actual operating events and conditions was not included in PRAs should spark debate over how to focus the reactor oversight process.

Retrieved from "https://kanterella.com/w/index.php?title=ML031110430&oldid=2693886"