ML23130A004

From kanterella
Revision as of 04:54, 27 November 2024 by StriderTol (talk | contribs) (StriderTol Bot change)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Challenges in Assuring Safety of Nuclear Reactor Protection Systems - One Perspective
ML23130A004
Person / Time
Issue date: 05/11/2023
From: Sushil Birla
NRC/RES/DE
To:
Sushil Birla 301-415-2311
References
Download: ML23130A004 (12)
v  d  e


Text

Challenges in assuring safety of nuclear reactor protection systems one perspective Sushil Birla Senior Technical Advisor U.S. Nuclear Regulatory Commission 21st Software Certification Consortium Meeting, May 11-12, 2023, Annapolis The views expressed herein are those of the author and do not represent an official position of the U.S. NRC.

Reactor protection concept Source: IAEA

  1. NP-T-1.5

The industry is not homogeneous Operators (licensee)

Vendors Technical Service Providers Regulators UK Canada USA France Finland Ukraine Japan China Different Drivers & Knowledge levels The Regulated

Unintended behavior caused by dependencies Common cause failure (CCF)

Common mode failure (CMF)

Unknown unknowns The term used in SRM/SECY-93-087, SECY-91-292, SECY-93-087 The term used in review guidance Defense in depth and diversity are intended to protect against unknown unknowns Vocabulary around CCF:

Hardware failure is random Software systemic The term used in PRA NUREGs

Current State & Trends 5

Trends Interconnections Feedback paths Complexity Verifiability Analyzability Deterministic behavior Comprehensibility Side effects Unwanted interactions Independence Hidden dependencies Redundancy Diversity Defense in depth Safety margins Consequence Traditional HA techniques (FTA; DFMEA) ineffective

[RIL-1001; RIL-1002; NUREG/IA-0254; EPRI]

NRCs technical basis eroded Common cause

6 SS1 SS2 SSn N-SS1 N-SS2 N-SSn Service Unit PDN1 PDN2 PDNn Safety System LEGEND I

N T

E R

N E

T HIDDEN INTERDEPENDENCY Non-Safety System Contributory Hazard Scenario (1/2):

S - NS Interconnections Plant Data System B

U S

I N

E S

S N

E T

W O

R K

Business Data System Internet

Contributory Hazard Scenario (2/2):

Cross-Divisional Interconnections Nd Nd Nd Nd A

B C

D NPP Actuators Neutron Detectors (Nd)

Voting Unit core 7

Dependency Example:

System Architecture Dimension 8

Degradation of system safety function External system Interference Supporting function not provided Elementi (Internal dependency)

(External dependency)

Provided too late Elementij

Factors Affecting Quality of HA Quality of HA Competence Quality of Input Technique 9

Challenges in the current paradigm Prescriptive, e.g., diversity in design Performance-based, outcome-oriented Current Regul. Review Approach U

n c

e r

t a

i n

t y

R e

v i

e w

e f

f o

r t

C o

m p

e t

e n

c e

n e

e d

e d

Where we are now Where we would be Without diversity in design, In the current process:

More left to judgment Industry push (e.g., NEI 20-07)

Quality Diversity Diversity in design Q

u a

l i

t y

O f

d e

s i

g n

Assurance with High flexibility Assurance with Low flexibility Changes needed to prevent CCF (fault prevention)

(fault tolerance)

Objective evaluation criteria Paradigm State of practice Competence Culture

Technical challenges - recap Performance-based assurance of a system

  • Identifying what can go wrong

- The specific causes

  • Formulating commensurate requirements

- Validation

  • Verification

- Ability to evaluate the effect of gaps on the system function

Retrieved from "https://kanterella.com/w/index.php?title=ML23130A004&oldid=3774762"