ML21173A262

From kanterella
Revision as of 20:16, 6 July 2021 by StriderTol (talk | contribs) (StriderTol Bot insert)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
NRC-Industry Ticap Workshop 06-23-2021-Combined Slides
ML21173A262
Person / Time
Issue date: 06/23/2021
From: Joseph Sebrosky
Office of Nuclear Reactor Regulation
To:
Uribe J
Shared Package
ML21173A261 List:
References
Download: ML21173A262 (62)
v  d  e


Text

Technology Inclusive Content of Application Project Workshop June 23, 2021 Microsoft Teams Meeting Bridgeline: 301-576-2978 Conference ID: 395 169 492#

Agenda Time Topic* Speaker 10:00 - 10:10 am Opening Remarks NRC/Southern 10:10 - 11:50 am First Issue - principal design criteria (issue #6 NRC/Southern from TICAP workshops) 11:50 - 12:00 pm Stakeholder Questions All 12:00 - 1:00 pm Break All 1:00 - 1:10 pm Opening Remarks NRC/Southern 1:10 - 2:50 pm Second issue to be discussed - reliability and NRC/Southern capability targets (issue #9 from TICAP workshops) 2:50 - 3:00 pm Stakeholder Questions All 3:00 - 3:30 pm Continuation of Discussion NRC/Southern 3:30 - 3:45 pm Stakeholder Questions All 3:45 - 4:00 pm Next Steps and Closing Remarks NRC/Southern

  • Note that list of topics from TICAP workshops including status of the items is available from the May 26, 2021, TICAP workshop meeting summary (see:

https://www.nrc.gov/docs/ML2115/ML21158A223.pdf) 2

TICAP Workshop - Continued

  • The purpose of this meeting is to discuss with the nuclear industry issues related to the draft guidance document for Safety Analysis Report (SAR) content for an advanced reactor application based on the licensing modernization project
  • Key documents associated with the workshop are referenced in the meeting notice and include:
  • Industry-developed draft TICAP guidance document (ADAMS Accession No. ML21106A013)
  • Continuation of TICAP workshops held in May of 2021
  • May 26th meeting summary includes a table with the status of the workshop items up to the date of that meeting (ADAMS Accession No. ML21158A223)

ARCAP and TICAP - Nexus

  • Additional contents of application outside of SAR are still under discussion. The above list is draft and for illustration purposes only.

Principal Design Criteria

  • GDCs in 10 CFR 50, Appendix A are not applicable to non-LWRs, therefore, non-LWR applicants would not need to request an exemption from the GDC in 10 CFR Part 50 when proposing PDC for a specific design.
  • RG 1.232 provides guidance for developing PDCs for non-LWR advanced reactors 5

Principal Design Criteria

  • Applicant must provide supporting information that justifies to the NRC how their design meets the proposed PDC and how the proposed PDC demonstrate adequate assurance of safety
  • ARDCs developed by the NRC staff are intended to provide insight into the staffs views on how the underlying safety bases for the GDC could be applied to address non-LWR design features; however, these are not considered to be final or binding regarding what may eventually be required from a non-LWR applicant
  • ARDCs are an important first step - NRC recognizes the future benefits to risk informing the non-LWR design criteria to the extent possible
  • NRC recognizes that the LMP process provides a risk-informed, performance-based approach to developing proposed PDCs 6

Principal Design Criteria

  • NRC recognizes that using the LMP process may not address all aspects considered necessary for demonstrating adequate assurance of safety (e.g., normal operations, subcriticality, etc.) and is interested in how these would be proposed to be addressed via the TICAP guidance.

Example:

The LMP design process is focused on off-normal events from AOOs to BDBEs and identifies the design features, performance and special treatment needed to keep those events within the F-C curve and cumulative individual risk targets. Dose at the EAB and cumulative individual risk are the only measures used as acceptance criteria.

However, LMP does not address other concerns associated with the normal operation portion of the design basis, prevention of severe accidents, recovery from off-normal events or non-reactor on-site hazards.

7

Principal Design Criteria Examples:

  • ARDC 26 - specifies that a means be provided to shutdown the reactor and maintain a safe shutdown condition after postulated accidents (DBAs). LMP does not require safe shutdown, only that the dose at the EAB not exceed 25 rem. Safe shutdown is required to terminate the event and provide for refueling, inspections, and/or repair of the facility. Terminating the event is an essential part of safety.
  • ARDC 62 - addresses the prevention of criticality in fuel storage and handling. LMP does not address criticality prevention. Such events can result in doses to the public.

8

Principal Design Criteria Examples:

  • ARDC 10 - protects against fuel damage during normal operation, including AOOs (SAFDLs). This allows continued operation and prevents contaminating the primary coolant system during events which may occur multiple times during the plant lifetime. Such contamination and failed fuel generate additional waste to be disposed of and provide additional radiation hazard to operating personnel. Minimizing waste is a requirement in 10 CFR 20.1406.

LMP does not address this concern. Its also noted that a SAFDL limit could be a surrogate for the dose criteria.

9

Principal Design Criteria Examples:

  • ARDC 35 - specifies that during and following postulated accidents (DBAs), fuel and clad damage do not interfere with effective core cooling. LMP does not require effective core cooling during or after DBAs, only that the dose at the EAB not exceed 25 rem. In effect, LMP would allow a DBA to result in a severe accident as long as the dose does not exceed 25 rem. Loss of effective core cooling should be prevented in the DBE/DBA region to be consistent with the current LWR safety philosophy (as expressed in the LWR regulatory requirements).

10

Principal Design Criteria

  • NRC recognizes that the LMP process assigns special treatments to several design attributes (e.g., quality assurance, protection from external hazards, testability, inspectability, etc.) that are addressed in specific and cross-cutting ARDCs and is interested in how the TICAP guidance could address these (e.g., applicant justifies or demonstrates that these design attributes are integral to LMP-based design process and specification through determination of special treatments based on defense-in-depth adequacy assessment).

Examples:

  • Various ARDCs (39 & 40 as examples) include requirements that the design of certain SSCs accommodate the capability for their inspection and testing. These kinds of considerations should be included when translating SSC special treatments into associated PDCs, where applicable.

11

TICAP Proposal on Formulation of Principal Design Criteria (PDC) 23 June 2021 Brandon Chisholm, Southern Company Ed Wallace, GNBC Associates Steve Nesbit, LMNT Consulting Amir Afzali, Southern Company

Resolution from TICAP Workshop #3

  • A future conversation will be held between TICAP and NRC/INL staff regarding the definition [description] of Principal Design Criteria (PDC) in Appendix A of 10 CFR Part 50 and the most efficient way for TICAP PDC to comply with existing [applicable]

regulations while not losing the advantages provided by an RIPB approach. One specific aspect to discuss is the amount of specificity (i.e., how detailed a PDC must be) that is appropriate and/or required for the set of PDC (e.g., are derived requirements necessary to be identified as PDC?).

  • Potentially relevant references:

- 10 CFR Part 50

>> 10 CFR 50.34 (plus 10 CFR 52.47, 52.79, 52.137, and 52.157)

>> Appendix A

- Regulatory Guide 1.232 13

PDC Description and RIPB Approach

  • PDC are described in the introduction of Appendix A of 10 CFR Part 50:

- The principal design criteria establish the necessary design, fabrication, construction, testing, and performance requirements for structures, systems, and components important to safety; that is, structures, systems, and components that provide reasonable assurance that the facility can be operated without undue risk to the health and safety of the public.

  • Although both are fundamental (and necessary) aspects of a design-specific safety case, the philosophy of the TICAP approach to PDC formulation separates the functions (How?) from the programs and configurations applied to the SSCs performing the functions (How Well?)

- How do plant capabilities (functional and structural) demonstrate that the performance objectives of the Fundamental Safety Functions are met?

>> E.g., SSC design and performance requirements

- How Well do these capabilities need to be performed to provide reasonable assurance of adequate protection to the public?

>> E.g., special treatments related to fabrication, construction, and/or testing 14

PDC and Elements of a Safety Case Aspect of Safety LMP/TICAP GDC/ARDC Case Adequate protection RFDC ensure plant capabilities Principal design of the health and satisfy the performance objectives criteria cover both safety of the public of the FSFs via plant functions. adequate protection SRDC ensure SSCs are designed and reasonable to perform these capabilities assurance Reasonable Reasonable assurance is provided assurance (of by RIPB Special Treatments (e.g.,

adequate protection) Plant Programs)

Other aspects of safety case Additional design Complementary Design Criteria Prescriptive wording in margins & Defense- (CDC) associated with NSRST GDC/ARDC (e.g.,

in-Depth SSCs single failure criterion)

The proposed TICAP framework for an LMP-based affirmative safety case includes all elements of the safety case related to the PDC relating to LBEs 15

PDC Formulation Challenges and Opportunities

  • By LMP design (to allow for graded approach for defining requirements), PDC established based on the proposed TICAP approach (i.e., PDC RFDC) will not include information regarding items such as fabrication, construction, and testing requirements for structures, systems, and components.

- These topics are included in an affirmative LMP-based safety case as design philosophies, programmatic capabilities, and defense-in-depth measures As a result, PDC defined based on the TICAPs proposed approach do not include all attributes from the description in Appendix A of 10 CFR Part 50 o Additionally, as discussed during Workshop #3, the TICAP PDC are focused on LBEs and not on normal operations (e.g., waste effluents addressed via ARCAP) 16

PDC Formulation Challenges and Opportunities

  • From Appendix A of 10 CFR Part 50: The development of these General Design Criteria is not yet complete. For example, some of the definitions need further amplification. Also, some of the specific design requirements for structures, systems, and components important to safety have not as yet been suitably defined.
  • From RG 1.232: The non-LWR design criteria developed by the NRC staff and included in Appendices A to C of this regulatory guide are intended to provide stakeholders with insight into the staffs views on how the GDC could be interpreted to address non-LWR design features; however, these are not considered to be final or binding regarding what may eventually be required from a non-LWR applicant.

17

PDC Formulation Challenges and Opportunities

  • From RG 1.232: It is the applicants responsibility to develop the PDC for its facility based on the specifics of its unique design, using the GDC, non-LWR design criteria, or other design criteria as the foundation. Further, the applicant is responsible for considering public safety matters and fundamental concepts, such as defense in depth, in the design of their specific facility and for identifying and satisfying necessary safety requirements.

The GDC/ARDC (the current precedent for PDC) do not provide a comprehensive basis for the safety of a non-LWR design 18

PDC Formulation Challenges and Opportunities

  • From RG 1.233: This methodology also provides a logical and structured approach to identifying the safety or risk significance of SSCs and associated programmatic controls. The methodologys focus on those measures needed to address risks posed by non-LWR technologies will help an applicant provide sufficient information on the design and programmatic controls, while avoiding an excessive level of detail on less important parts of a plant.
  • From RG 1.233: A designer can use safety-analysis methods appropriate to early stages of design, such as failure modes and effects analyses and process hazard analyses. Designers may likewise use the design criteria from RG 1.232 and confirm or refine them throughout the design process to develop the final PDC provided in an application.

19

PDC Formulation Challenges and Opportunities

  • From RG 1.233:

- The staff finds that the NEI 18-04 methodology, including assessments of event sequences and DID, obviates the need to use the single-failure criterion as it is applied to the deterministic evaluations of AOOs and DBAs for LWRs.

- The staffs finding is based primarily on the integrated methodology described in NEI 18-04 and to a lesser degree on the design attributes of non-LWRs.

- Non-LWR developers that construct a licensing basis for a design using an alternative to the NEI 18-04 methodology would need to maintain or justify not applying the single-failure criterion to those LBEs analyzed in a deterministic or stylized approach, such as DBAs. RG 1.232 describes an approach that maintains the single-failure criterion, but acknowledges the potential future benefits of risk informing the non-LWR design criteria.

20

PDC Formulation Challenges and Opportunities

  • From RG 1.233:

- For SSCs classified as SR, required functional design criteria (RFDC) and lower-level design criteria are defined to capture design-specific criteria that may supplement or may not be captured by the principal design criteria for a reactor design developed using the guidance in RG 1.232. These criteria are used within the methodology to frame specific design requirements as well as special treatment requirements for SR SSCs.

- The RFDC, design requirements, and special-treatment requirements that result from the methodology in NEI 18-04 also define key aspects of the SSCs that will be described in safety analysis reports.

21

PDC Formulation Challenges and Opportunities

  • The TICAP team contends that the description of the affirmative LMP-based safety case, as proposed by TICAP, provides:

- A more complete basis for a facilitys safety based on the specifics of its unique design.

>> The RFDC, SRDC, applied special treatments, Complementary Design Criteria (CDC),

and description of both programmatic and configuration specific requirements provide a more complete picture than provided by the GDC (in Appendix A of 10 CFR Part 50) or ARDC (in Regulatory Guide 1.232).

>> As previously noted, the exception to this more complete basis is the set of design criteria pertaining to normal operations

- The same type of information described as PDC in the introductory text to Appendix A of 10 CFR Part 50, although the information is not uniformly identified as PDC.

22

Possible Solutions (in order of preference)

1. NRC finding in the TICAP Regulatory Guide that an applicant with an adequate LMP-based affirmative safety case conforming to NEI 18-04 and to RG 1.233 has provided an acceptable alternative to the requirements of 10 CFR 50.34, 10 CFR 50 Appendix A, 10 CFR 50.47, and 10 CFR 52.79 related to establishing PDC (within the scope of NEI 18-04 and RG 1.233)

- Implementation:

>> Functional plant capabilities necessary to meet the performance objectives of the Fundamental Safety Functions are identified as RFDC

>> Programmatic requirements are identified as Special Treatments and/or Plant Programs

- TICAP team thoughts:

>> Removes conflict between PDC description and TICAP approach

>> Maintains advantages of RIPB graded, safety-focused approach

>> Clarifies otherwise competing terminology (i.e., PDC vs. RFDC)

>> May simplify ARCAP handling of design criteria for normal operation 23

Possible Solutions (in order of preference)

2. NRC finding in the TICAP RG that an applicant with an adequate LMP-based affirmative safety case conforming to NEI 18-04 and Reg Guide 1.233 has thereby provided an adequate basis for a departure that satisfies the fabrication, construction, testing, and performance requirements elements of the PDC description in 10 CFR Part 50 Appendix A

- Implementation:

>> TICAP guidance would clarify that the RFDC would constitute the set of design-specific PDC

>> Programmatic requirements would be identified as Special Treatments and/or Plant Programs (i.e., not PDC)

- TICAP team thoughts:

>> Enables systematic grouping of requirements (i.e., PDC = functional, programmatic =

Special Treatments and/or Plant Programs)

>> Would prefer not to include competing terminology (i.e., both RFDC and PDC) 24

>> PDC related to normal operations would be identified via ARCAP

Discussion Point #2:

Specificity of PDC

Resolution from TICAP Workshop #3

  • A future conversation will be held between TICAP and NRC/INL staff regarding the definition [description] of Principal Design Criteria (PDC) in Appendix A of 10 CFR Part 50 and the most efficient way for TICAP PDC to comply with existing regulations while not losing the advantages provided by an RIPB approach.

One specific aspect to discuss is the amount of specificity (i.e., how detailed a PDC must be) that is appropriate and/or required for the set of PDC (e.g., are derived requirements necessary [appropriate]

to be identified as PDC?).

26

TICAP Discussion - PDC Specificity

  • The combination of the following is sufficient to establish reasonable assurance that the facility can be operated without undue risk to the health and safety of the public:

- RFDC: ensures function(s) necessary to satisfy performance objectives of regulation is/are included in design

- SRDC: ensures SR SSC(s) are designed to perform necessary function(s) to satisfy performance objectives

- Special Treatments: ensures SSC(s) perform function(s) with sufficient reliability and capabilities, influenced by RIPB considerations

  • There are a number of other requirements that will be developed during the design process of a plant

- Many of these requirements relate to objectives other than protecting the health and safety of the public Other derived requirements should not be included in the PDC 27

Example - TerraPower MCRE Tabletop Exercise

  • RFDC: The primary system boundary shall be designed to reliably retain fuel and other radionuclides under operating, maintenance, testing, and postulated accident conditions.
  • SRDC: The reactor vessel shall be designed with sufficient margin to assure that when stressed under operating, maintenance, testing, and postulated accident conditions the probability of rupture is minimized. The design shall reflect consideration of service temperatures, service degradation of material properties, creep, fatigue, stress rupture, and other conditions of the boundary material under operating, maintenance, testing, and postulated accident conditions and the uncertainties in determining (1) material properties, (2) the effects of coolant chemistry, and irradiation on material properties, (3) residual, steady state and transient stresses, and (4) size of flaws.

28

Some Example SR SSC Special Treatments

  • From NEI 18-04, Rev. 1: Table 5-7. Examples of Special Treatments Considered for Programmatic DID 29

Examples of GDC that might not be RIPB PDC From Appendix A of 10 CFR Part 50:

Components which are part of the reactor coolant pressure boundary shall be designed to permit

- (1) periodic inspection and testing of important areas and features to assess their structural and leaktight integrity, and

- (2) an appropriate material surveillance program for the reactor pressure vessel.

  • Criterion 39 - Inspection of containment heat removal system. The containment heat removal system shall be designed to permit appropriate periodic inspection of important components, such as the torus, sumps, spray nozzles, and piping to assure the integrity and capability of the system.

30

Examples of GDC that might not be RIPB PDC From Appendix A of 10 CFR Part 50:

  • Criterion 53 - Provisions for containment testing and inspection. The reactor containment shall be designed to permit

- (1) appropriate periodic inspection of all important areas, such as penetrations,

- (2) an appropriate surveillance program, and

- (3) periodic testing at containment design pressure of the leaktightness of penetrations which have resilient seals and expansion bellows.

31

Concluding TICAP Discussion - PDC Specificity

  • The exact solution to this specific concern depends upon handling of prior topic
  • Within the LMP-based affirmative safety case, Special Treatments are identified for SR and NSRST SSCs using a RIPB approach

- Chapter 6 of the SAR will identify the STs for each SR SSC (Chapter 7 for the NSRST SSCs)

  • If PDC are identified within the TICAP framework, it is the position of the TICAP team that the PDC would not prescribe design criteria to implement the STs for individual SSCs. The ST are derived as part of the execution of the LMP process based on the specific design.

32

Important to Safety and LMP

[Backup Slide 1]

- The term important to safety that is used in the NRC regulatory framework including the Advanced Reactor Design Criteria and General Design Criteria is not used within the LMP methodology. All the SSCs that have risk significance or perform functions necessary for DID adequacy are contained within the LMP safety-significant SSCs and are either SR SSCs or NSRST SSCs. There are no non-safety-significant SSCs within the LMP methodology that are judged to be important to safety. Hence it was deemed unnecessary to introduce an additional category called important to safety in order to formulate performance criteria for safety-significant SSCs.

34

TICAP FSF Chart [Backup Slide 2]

When? How?

Required Required Safety Functional SR SSC Design Functions (RSFs) Design Criteria Criteria (SRDC)

(RFDC)

Functions Safety SR SSC SR SSC Special Provided in the Related Performance Treatment Design (SR) SSCs Targets Requirements LBEs from LMP Design Basis Design Basis PRA Safety (AOOs, DBEs, Accidents External Hazard Functions (PSFs) and BDBEs) (DBAs) Levels (DBEHLs)

Input to Design and Frequency- Other Risk Fundamental Consequence Significant Safety Functions and Cumulative Safety Functions Non-SR NSRST SSC (FSFs) NSRST SSC Risk Targets with ST Special Performance Content of Application (NSRST) Treatment Targets SSCs Requirements Other Safety Functions for Adequate DID What? Non-SR Other Safety How Well?

With No ST Functions SSCs (NST) 35

PDC and CDC are answers to How? [Backup 3]

Principal Design Criteria (PDC)

Required Required Safety Functional SR SSC Design Functions (RSFs) Design Criteria Criteria (SRDC)

(RFDC)

Frequency-Fundamental Consequence Safety SR SSC SR SSC Special Safety Functions and Cumulative Related Performance Treatment (FSFs)

Risk Targets (SR) SSCs Targets Requirements LBEs from LMP Design Basis Design Basis PRA Safety (AOOs, DBEs, Accidents External Hazard Functions (PSFs) and BDBEs) (DBAs) Levels (DBEHLs)

Other Risk Input to Design and Significant Functions Safety Functions Provided in the Non-SR NSRST SSC NSRST SSC Design with ST Special Performance Content of Application (NSRST) Treatment Targets Other Safety SSCs Requirements Complementary Design Functions for Adequate DID Criteria (CDC)

Non-SR Other Safety With No ST Functions SSCs (NST) 36

Reliability and Capability Targets Summary of TICAP Workshop #3 discussion held May 26, 2021:

  • NRC staff noted that the reliability and capability targets were not proposed to be captured in the safety analysis report (SAR) contrary to guidance in NEI 18-04, Section 4.1, Task 7.
  • From the NRCs perspective the SAR should describe reliability and capability targets and performance requirements used as input to the PRA and for SR and NSRST SSCs that were used to develop the selection of special treatment requirements (i.e., programmatic actions used to maintain performance within the design reliability targets).
  • The NRC noted that this information is important to capture in the SAR and in some cases will be used as input to technical specification requirements.

37

Reliability and Capability Targets Additional observations from the LMP Lessons Learned Report:

(see table of reports under Industry-led Licensing Modernization Project on NRC's public website:

https://www.nrc.gov/reactors/new-reactors/advanced/details.html#modern)

  • When the SSC safety classification steps of the LMP are applied, reliability and capability targets are set for the safety significant SSCs.

These targets consider how reliable and capable the SSCs were assumed to be when assessed in the PRA, including how much the performance may deviate without adversely impacting the risk significance of LBEs and SSCs relative to Frequency-Consequence Target (F-C Target) and cumulative risk targets.

  • All safety significant SSCs, which include SR and NSRST SSCs, will have performance targets for reliability and capability. These targets are set as part of the DID adequacy evaluation.
  • The DID baseline is developed as part of the plant license application. 38

Reliability and Capability Targets

  • The maintenance of a DID baseline is a necessary component of the design and licensing process and supports plant changes (design or operations) throughout the plant lifetime that may impact nuclear safety. The change management of the DID baseline begins following the submittal of the license application. (See NEI 18-04 Section 5.9.7.)
  • In response to SSCQ7 on the availability of guidance on how to set reliability and capability targets for safety significant SSCs the concept of using the Reliability and Integrity Management (RIM) was discussed (ref. Section 3.5.1 in the LMP report on SSC safety classification and performance requirements). In the RIM program, the allocation of reliability targets starts at the plant level, which in the LMP methodology is represented by the F-C Target and the cumulative risk targets. SSC level targets are then set based on controlling the frequencies and consequences of the LBEs within those targets.

39

Reliability and Capability Targets

  • The NRC is interested in how the TICAP guidance proposes to address the documentation of reliability and capability targets (e.g.,

through the SAR or other documents submitted with the application or auditable, inspectable owner-controlled documents/programs)

  • The guidance must take into consideration that any of the reliability/capability target information and resulting LBE margins relied upon by the NRC in making its safety findings must be docketed information Examples for discussion:
  • How would the reliability and capability targets be documented?
  • in the DID baseline document
  • in the RIM program
  • in the Technical Specification
  • are there other potential approaches 40

Reliability and Capability Targets Examples for discussion:

  • How would achievement of the reliability and capability targets be demonstrated?
  • What if a reliability or capability target is not achieved (Tech Spec completion times including RICTs, ROP and SDP, use of fleet-wide or industry-wide reliability data such as EPIX, appropriate and timely enforcement actions, etc.)?

41

TICAP Proposal on Reliability and Capability Targets June 23, 2021 Mike Tschiltz, Nuclear Energy Institute Karl Fleming, KNF Consulting Services Travis Chapman, X-energy Stephen Vaughn, X-energy

Reliability and Capability Targets Issue: NEI 18-04 Section 4.1 notes that the reliability and capability targets for Safety Related (SR) and Non-Safety Related with Special Treatment (NSRST)

Systems Structure and Components (SSCs), and special treatment requirements for SR and NSRST SSCs define safety-significant aspects of the descriptions of SSCs that should be included in safety analysis reports.

- The main purpose of setting reliability and capability targets per NEI 18-04 is to identify special treatment requirements.

- X-energy developed examples of reliability and capability targets to support in determining the level (plant level, functional level or SSC level) for documenting the targets in the SAR.

- The purpose of the examples was to provide greater clarify how best to meet the intent of NEI 18-04 Sect 4.1 for reliability and capability targets while avoiding the duplication of information that is documented and maintained in licensee programs.

43

Discussion Topics

  • Clarify NEI 18-04 intent of definitions of reliability and capability
  • Role of Targets in the Xe-100 Safety Case

- Selection of functional reliability and capability targets

- Allocation of functional reliability and capability targets to individual components

  • Example Functional Targets for Control of Helium Pressure Boundary (HPB) and Core Geometry

- Review of applicable RFDC and LBEs which frame the development of targets

- Selection of functional reliability and capability targets

- Identification of SSCs for future component level reliability and capability targets

- Documentation considerations

  • Summary and insights for TICAP guidance 44

LMP Intended Definitions of Reliability and Capability

  • The term reliability as used informally in NEI 18-04 refers to the reliability performance metrics involved in the estimation of event sequence frequencies and includes:

- Initiating event frequencies

- Metrics such as unavailability, unreliability, event occurrences, time out-of-service, fraction of time in an operating state, etc. as needed to evaluate safety function failure probabilities in the PRA

- Note that reliability is not observable but rather calculated based on observed performance measures and available generic evidence

- LMP intends flexibility in the metrics to be used to express targets

  • The term capability is a performance measure used to establish the successful completion of a function; in LMP the functions are the prevention and mitigation of LBEs
  • Reliability and capability targets can be established at different levels including:

- Plant level by controlling the frequencies, consequences, and risk significance of the LBEs

- Functional level by controlling the reliabilities and capabilities of SSCs in the performance of safety functions across multiple SSCs

- Component level by controlling the reliabilities and capabilities of individual components supporting a safety function for a specific LBE or set of LBEs.

45

More on Capability

  • Capability is linked to the success criterion used to quantify the failure probability

- Example: the reliability target for the failure probability of a pump is 10-2. The capability target is reflected in the success criterion used to evaluate the failure probability, e.g. the pump shall deliver fluid at a flow rate of X gpm at Y psi for 24 hrs in response to the challenge to the pump defined along LBE z.

  • Capability is also linked to the plant capabilities to prevent or mitigate the consequences of LBEs 46

Xe-100 Functional Reliability and Capability Targets

  • Purpose is to define quantitative targets for capability and reliability:

- at level of functions directly supporting the RSFs and the RFDCs

- linked to controlling the frequency and consequences of LBEs

- to maintain the classification and risk significance of LBEs

- to provide a basis for allocating reliability and capability targets to individual SSCs

  • Xe-100 considers functional reliability and capability targets for

- Helium Pressure Boundary and Core Geometry Targets (developed here)

- Fuel performance targets (not developed here)

- Core heat removal control targets (not developed here)

- Core reactivity control targets (not developed here)

- Water/steam ingress control targets (not developed here)

  • Functional reliability targets presented in the following slides similar to the Plant Level Reliability Goals in Section 3.5.1 of the LMP SSC Report SC-29980-102 Rev 1
  • Functional targets to be allocated to individual components in the formulation of component reliability and capability targets (TBD) 47

Reliability and Capability Targets for Helium Pressure Boundary (HPB) and Core Geometry

  • The Xe-100 HPB includes:

- Reactor, steam generator, and cross vessels

- Bolted attachments and connections between vessels

- Interfacing piping and weldments for fuel inlet and outlet, Helium Service System, primary relief valves, and instrument lines

  • Xe-100 barriers to radionuclide release:

- Primary barrier is the TRISO particle/pebble matrix fuel

- Helium pressure boundary (HPB) provides a secondary barrier

- Reactor building and its HVAC filtration provide a tertiary barrier

  • Xe-100 safety case does not rely on maintaining an inventory of Helium or primary pressure for performance of any Required Safety Function
  • Large HPB components are classified as SR for the function of maintaining core geometry and safety valves are SR for controlling system pressure (not for maintaining a leak tight pressure boundary)
  • Smaller HPB components are candidates for NSRST because they serve as a barrier to radionuclide release from the fuel pebbles for many LBEs
  • Reliability and capability targets based on the Xe-100 RSFs, RFDCs, and LBEs developed in the Xe-100 LMP and TICAP pilots and summarized on following slides 48

Preliminary Xe-100 Required Functional Design Criteria (RFDC) 1 of 4 Required Safety Function Required Functional Design Criteria The reactors in the plant shall be designed, fabricated, and operated in such a Retain Radionuclides 1 manner that radionuclide releases from the fuel to the primary heat transport fluid will in Fuel Particles not exceed acceptable values.

The reactors in the plant shall be designed, fabricated, and operated in such a 1.1 Control Reactivity manner that the inherent nuclear feedback characteristics and the reactivity control systems will ensure that the acceptable fuel performance limits are not exceeded.

The reactor characteristics including the geometry, materials, core power density, Control Heat internals, and vessel, and the passive cooling pathways from the core to the 1.2 Removal environment shall be designed, fabricated, and operated in such a manner that the fuel performance limits are not exceeded.

The reactor systems and structures that prevent or mitigate the ingress of water and Control Water/Steam 1.3 steam to the primary system shall be designed, fabricated, and operated in such a Ingress manner that core geometry is maintained.

49

Preliminary - Xe-100 Required Functional Design Criteria (RFDC) 2 of 4 1.1 Control Reactivity Required Safety Sub-Functions Required Functional Design Criteria (RFDC)

Control with Passive The reactor shall be designed with sufficient negative reactivity feedback to preclude the 1.1.1 Reactivity Feedback need for rapid insertion of movable poisons to control heat generation.

The equipment needed to sense, command, and execute insertion of movable poisons, Reactor Shutdown 1.1.2 along with any necessary support systems, shall be designed in such a manner that Capability effects and maintains reactor shutdown.

Maintain Geometry for The design of structures such as the guide tubes, graphite reflectors, core support 1.1.3 Insertion of Movable structure, core lateral restraint assemblies, reactor vessel, and reactor vessel supports Poisons shall ensure geometry is maintained for insertion of movable poisons.

50

Preliminary Xe-100 Required Functional Design Criteria (RFDC) 3 of 4 1.2 Control Heat Removal Required Safety Sub-Functions Required Functional Design Criteria The reactor shall be designed and configured in a manner that will ensure sufficient heat transfer by conduction, radiation, and convection from the fuel to the reactor vessel wall to maintain fuel Transfer Heat from temperatures within acceptable limits following a loss of forced cooling. The materials which 1.2.1 Fuel to Vessel Wall transfer the heat shall be chosen to withstand the conditions experienced during this passive mode of heat removal. This criterion shall be met regardless of the primary heat transport system pressure and fluid composition.

The vessel shall be designed in a manner that will ensure that sufficient heat is radiated to the Radiate Heat from reactor cavity to maintain fuel, other core components, and vessel temperatures within acceptable 1.2.2 Vessel Wall limits. This criterion shall be met regardless of the primary heat transport system pressure and fluid composition.

Transfer Heat from A means shall be provided to transfer heat from the vessel wall to the ultimate heat sink. Heat 1.2.3 Vessel Wall to Ultimate shall be removed at a rate which limits fuel, other core components, and reactor vessel Heat Sink temperatures to acceptable levels during a loss of forced circulation.

The design of systems and structures to maintain core geometry such as the core support Maintain Geometry for structure, graphite reflector, core barrel, core lateral restraint assembly, reactor vessel, reactor 1.2.4 Conduction and vessel supports, primary relief valve, and reactor building shall be designed in such a manner that Radiation their integrity is sufficiently maintained to transfer heat from the reactor core to the reactor cavity and environment and maintain fuel temperatures within acceptable limits.

51

Preliminary Xe-100 Required Functional Design Criteria (RFDC) 4 of 4 1.3 Control and Mitigate Water and Steam Ingress Required Safety Sub-Functions Required Functional Design Criteria Control Water The steam generator, steam generator isolation systems, and other supporting 1.3.1 and Steam systems shall include a means to prevent and limit the amount of steam and water that Ingress from SG can enter the reactor vessel to an acceptable level.

Control Primary The helium pressure boundary and its pressure relief system shall be designed and 1.3.2 System fabricated to control primary system pressure to acceptable levels and maintain core pressure geometry in the event of water or steam ingress.

52

Xe-100 LBEs informing HPB Targets 1 of 2 Frequency LBE Event End Initiating Event Plant Response (per-plant-ID Seq. ID State*

year)

AOO-09 SD-01 Small Depressurization Leak isolated, OCS maintains power operation 5.00E-02 I AOO-10 SD-03 Small Depressurization Fail to isolate leak, reactor trip, forced cooldown on ML 4.62E-02 SNC SG isolation, SG dump valves open and reclose, forced cooling re-established via SU/SD DBE-01 SG-01 Steam Generator Tube Rupture 9.73E-03 I System DBE-05 SD-09 Small Depressurization Fail to isolate leak, reactor trip, ML failure, forced cooldown on SU/SD system 4.83E-03 SNC DBE-09 MD-01 Medium Depressurization Leak isolated, reactor trip, forced cooldown via SU/SD System, RB filtration 4.93E-04 MNP DBE-10 SD-02 Small Depressurization Leak isolated, OCS fails to maintain power operation, forced cooling via ML 4.85E-04 I Fail to isolate leak, reactor trip, ML failure, SU/SD failure, primary pump-down, DBE-11 SD-10 Small Depressurization 4.55E-04 SND conduction cooldown via RCCS, RB filtration Leak not isolated, reactor trip, forced cooldown via SU/SD System, RB dampers open, RB DBE-12 MD-02 Medium Depressurization 4.55E-04 MRP filtration SG isolation, SG dump valves open and reclose, SU/SD system fails, conduction cooldown BDBE-01 SG-02 Steam Generator Tube Rupture 9.96E-05 I via RCCS SG isolation, SG dump valves open and fail to reclose, forced cooling re-established via BDBE-02 SG-04 Steam Generator Tube Rupture 9.95E-05 XNC SU/SD System SG fails to isolate, FW pump trip, Primary safety valves open and reclose, conduction BDBE-03 SG-18 Steam Generator Tube Rupture 9.01E-05 VNC cooldown via RCCS SG isolation, SG dump valves fail to open, primary safety valves open and reclose, forced BDBE-04 SG-09 Steam Generator Tube Rupture 8.86E-05 VNC cooling re-established via SU/SD System Fail to isolate leak, reactor trip, ML failure, SU/SD failure, primary pump-down failure, BDBE-05 SD-14 Steam Generator Tube Rupture 5.08E-05 SND-p conduction cooldown via RCCS, RB filtration Leak not isolated, reactor trip, conduction cooldown via RCCS, RB dampers open and BDBE-07 MD-14 Medium Depressurization 4.82E-05 MRD-a reclose, RB filtration BDBE-08 FW-04 Feedwater Pump Trip Circulator fail to trip, primary RV opens, recloses, conduction cooldown via RCCS 4.34E-05 VNC BDBE-11 SD-03 Small Depressurization Leak isolated, ML failure, Forced cooling via SU/SD 2.56E-05 I

  • I = Intact HPB with no release, Other codes describe releases with different source term characteristics 53

Xe-100 LBEs informing HPB Targets 2 of 2 LBE Event Initiating Event Plant Response Frequency End ID Seq. ID (per-plant- State*

year)

SG fails to isolate, FW pump trip, Primary safety valves open and fail to reclose, BDBE-15 SG-20 Steam Generator Tube Rupture 1.19E-05 VND-w conduction cooldown via RCCS, RB HVAC filtration SG isolation, SG dump valves fail to open, primary safety valves open and fail to reclose, BDBE-16 SG-12 Steam Generator Tube Rupture 1.18E-05 VNC forced cooling re-established via SU/SD System BDBE-20 MD-02 Medium Depressurization Leak isolated, reactor trip, forced cooldown via SU/SD System, RB filtration fails 6.20E-06 MNP-u Fail to isolate leak, reactor trip, ML failure, SU/SD failure, primary pump-down, BDBE-21 SD-11 Small Depressurization 5.72E-06 SND-u conduction cooldown via RCCS, RB filtration failure BDBE-22 MD-12 Medium Depressurization Leak not isolated, reactor trip, SU/SD fails, conduction cooldown via RCCS, RB filtration 5.71E-06 MNP Leak not isolated, reactor trip, forced cooldown via SU/SD System, RB dampers fail to BDBE-24 MD-26 Medium Depressurization 5.24E-06 MRP-u open, RB filtration BDBE-25 MD-03 Medium Depressurization Leak isolated, reactor trip, SU/SD fails, conduction cooldown via RCCS 5.05E-06 MFD-au BDBE-27 LD-02 Large Depressurization RB dampers open, Conduction cooldown via RCCS, RB dampers fail to reclose 1.77E-06 LOD-au BDBE-28 LD-09 Large Depressurization RB dampers fail to open, Conduction cooldown via RCCS 1.03E-06 LFD-aud SG isolation, SG dump valves open and fail to reclose, conduction cooling via RCCS, RB BDBE-29 SG-05 Steam Generator Tube Rupture 1.01E-06 XND-w HVAC filtration SG isolation, SG dump valves fail to open, primary safety valves open and fail to reclose, BDBE-31 SG-10 Steam Generator Tube Rupture 9.08E-07 VNC forced cooling re-established via SU/SD System SG fails to isolate, FW pump fail to trip, Primary safety valves open and reclose, forced BDBE-32 SG-25 Steam Generator Tube Rupture 8.33E-07 VNC cooling via main loops Fail to isolate leak, reactor trip, ML failure, SU/SD failure, primary pump-down failure, BDBE-33 SD-15 Small Depressurization 6.39E-07 SND-pu conduction cooldown via RCCS, RB filtration failure

  • I = Intact HPB with no release, Other codes describe releases with different source term characteristics 54

Preliminary Functional Reliability Targets for HPB and Core Geometry Target for 4-Unit HPB Failure Mode Related Capabilities Plant Leaks with EBS* > 10mm < 1 x 10-2/plant- Xe-100 design objective to rely only on NST year SSCs to mitigate LBEs classified as AOOs.

Keeps small leaks in HPB in AOO region.

Leaks with EBS > 65mm < 1 x 10-4/plant- Selection of the design basis break size equal to year the size of the largest pipe. Keeps HPB breaks between 10 and 65mm in the DBE region, and those greater than 65mm in BDBE region Major structural vessel < 1 x 10-7/plant- Assures maintenance of core geometry failure year throughout AOO, DBE, and BDBE region Over-pressurization failure < 1 x 10-7/plant- Controls the frequency of challenges to the of Vessels year primary safety valves and Informs the selection of setpoints, capacities, and reliabilities of the relief valves

  • EBS = Equivalent Break size 55

Functional Reliability Targets for HPB and Core Geometry Allocation of Targets to Individual SSCs

  • Because LBEs involve multiple safety functions, the allocation of functional targets to individual SSCs must be done collectively for all the functional targets in an integrated fashion
  • Top-down allocation of functional targets to specific components is based on evolution of PRA and HPB reliability assessments.
  • Specific components for HPB include, as examples:

- Pressure vessels (reactor, steam generator*, and cross vessel)

- Primary system safety valves

- Bolted and seal welded connections between vessels and for vessel attachments (e.g.

control rod standpipes, circulator assemblies, access covers, pipe flanges, many of these)

- Interfacing piping and associated weldments (fuel inlet and outlets, HSS, safety valve piping) and associated isolation valves

- More than 100 individual components to be addressed in individual SSC targets for HPB alone

  • At the SSC level the volume of reliability targets and number of LBEs whose risks that they affect leads to documentation that is too voluminous and impractical to include in SAR and better covered in the plant records (i.e., PRA, RIM/RAP, TRM)
  • Targets for the Steam Generator also addressed by functional targets for water ingress 56

Preliminary HPB Reliability Assessment Detailed reliability assessments such as this will be used to inform the allocation of functional level targets to component level targets 57

HPB Capability Requirements

  • Each reliability target is tied to a set of success criteria for specific safety functions tied to a different set of LBEs that are top-level statements of the associated capability target
  • A large body of information on capability targets is currently included in TICAP guidance

- Capabilities of SR SSCs are addressed in:

Section 3 for the safety functions credited in mitigating the LBEs Section 5 for the RFDC, and PDCs that the SR SSCs need to support for specific SSC functions and LBEs Section 6 for the SRDC, DBEHLs, STs, and system descriptions that the SR SSCs need to support

- Capabilities for NSRST SSCs are addressed in:

Section 3 for the safety functions credited in the LBEs Section 5 for CDC and success criteria for specific SSC functions and LBEs Section 7 for STs and system descriptions that the NSRST SSCs need to support

  • Additional functional capability targets for the Xe-100 HPB example

- Capability targets reflected in the above sections for LBEs, RFDC, DBEHLs, CDCs, and STs

- Capabilities to support the RSFs and RFDC by maintaining core geometry for all identified LBEs

- Capability to maintain the HPB integrity for all LBEs classified with intact HPB

- Additional capabilities to be demonstrated by application of the selected building, structure, and design codes for component and structures necessary to assure core geometry 58

Summary

  • Reliability and capability targets are targets that can be measured, quantified, and monitored and are developed as part of the LMP Integrated Decision-making Process
  • Primary purpose is to inform the selection of STs for safety significant SSCs and to implement the performance-based element of the LMP methodology
  • Reliability targets include all the metrics used to determine the frequency of event sequences including the initiating event frequencies, safety function failure probabilities
  • Capability targets are linked to the success criteria that are used to derive the reliability targets
  • Reliability and capability targets may be defined:

- At the plant level by controlling the frequencies, consequences, classification, and risk significance of LBEs

- At the functional level by controlling the reliability and capability of safety functions across multiple LBEs.

- At the component (and human) level by controlling the reliability and capability of components in the performance of a safety function

  • Functional level reliability and capability targets are proposed for inclusion into the SAR consistent with NEI 18-04
  • Allocation of functional targets to components is complex and must be done in an integrated fashion due to the many LBEs, components, and safety function interactions on the LBEs
  • Component level reliability and capability targets are too voluminous and impractical for inclusion into the SAR and, hence, are proposed for inclusion in the plant records 59

Reliability and Capability Targets in the SAR

  • TICAP team planned approach:

- In Chapter 8, description of the plant program(s) that capture SSC-level reliability and capability targets that are incorporated by reference in the SAR (i.e., subject to 10 CFR 50.59 change control);

- Should be noted that plant level targets are already contained in draft TICAP guidance;

>> Chapter 3, plant-level reliability and capability targets in the form of the Frequency-Consequence Target

- Risk-informed, performance-based (RIPB) guidance for 10 CFR 50.59 should be developed to allow effective and efficient change control providing flexibility for appropriate owner changes.

  • TICAP team recognizes other approaches are also viable, such as one which:

- Provides function-level reliability and capability targets in the SAR:

- Captures SSC-level reliability and capability targets in description of the plant program(s) in Chapter 8; and

- Utilizes RIPB guidance for 10 CFR 50.59 as described above.

60

Timeline for Technology Inclusive Content of Application Project (TICAP) Guidance and Advanced Reactor Content of Application Project (ARCAP) Guidance (rev 6/23/2021)

NRC Comments based on TICAP Workshops 6/10/2021 Southern Revision C of TICAP Guidance Document 7/16/2021 TICAP Tabletop Exercises NRC/Industry update ACRS Subcommittee NEI Revision 1 of TICAP Guidance 2/1/2021 4/2/2021 on status of ARCAP/TICAP guidance Document documents 1/19/2022 7/21/2021 NRC/Industry brief ACRS Subcommittee NEI Revision 0 of TICAP Guidance on final ARCAP/ TICAP guidance Legend TICAP Workshops Document 2/9/2022 5/26/2021 8/27/2021 Industry Action 5/2/2021 NRC/Industry brief ACRS Full NRC TICAP Regulatory Guide (Draft) Committee on final TICAP 9/10/2021 guidance NRC Staff Action 3/3/2022 NRC/Industry brief ACRS Subcommittee on Industry/NRC Southern Revision B of TICAP Guidance ARCAP/TICAP guidance documents (NEI, NRC TICAP Regulatory Joint Action Document Rev0 and Staff Draft RG) Guide 4/15/2021 10/12/2021 3/25/2022 Jan Mar May Jul Sep Nov 2022 Mar 2022 1/30/2021 9/10/2021 ARCAP Application Outline Updated to be Draft ARCAP Roadmap ISG, ARCAP ISG for Consistent with TICAP outline "Site Information," and ARCAP Chapters 9, 10, 11, and 12 issued 61

Next Steps - Future Milestones TICAP Near-Term Milestones Target Date Southern Revision C to TICAP Guidance mid July 2021 Document ACRS Future Plant Subcommittee Meeting mid July 2021 providing status of ARCAP and TICAP Guidance Documents NEI Revision 0 of TICAP Guidance August 2021 Document ACRS Future Plant Subcommittee Meeting October 2021 on ARCAP/TICAP Guidance Documents 62

Retrieved from "https://kanterella.com/w/index.php?title=ML21173A262&oldid=3258111"