Text

1The probabilistic risk assessment (PRA) may include both probabilistic risk assessment techniques and alternative approaches (e.g., seismic margins analyses) for addressing contributors to risk, as defined in Section C.II.1.3 of this guide. For example, in lieu of a seismic PRA the applicant can choose to perform a risk-based seismic margins analysis (SMA) per SECY-93-087. The risk-based SMA is a method for estimating the margin above the safe shutdown earthquake (SSE) of the design which allows the identification of risk-important design and operational features, and associated requirements, to mitigate seismic events. In SECY-93-087, it is indicated that plants designed to withstand a specific ground acceleration SSE should have the capability to withstand beyond-design-basis earthquakes without resulting in core damage.

DG-1145, Page C.II.1-1 C.II.1. Probabilistic Risk Assessment (PRA)

A combined license (COL) application under Title 10, Part 52, of the Code of Federal Regulations (10 CFR Part 52), Early Site Permits; Standard Design Certifications; and Combined Licenses for Nuclear Power Plants, should include a comprehensive probabilistic risk assessment (PRA).1 The submitted information should provide complete and detailed documentation of the applicants PRA sufficient to permit the NRC to conclude that it supports the objectives delineated in section C.II.1.2 of this guide, and should include explanatory details and technical data supplemental to that appropriate for inclusion in Chapter 19 of the final safety analysis report (FSAR).

C.II.1.1 Regulatory Basis The Commission issued 10 CFR Part 52 on April 18, 1989. This rule provides for issuing early site permits (ESPs), standard design certifications, and combined licenses (COLs) with conditions for nuclear power reactors. It states the review procedures and licensing requirements for applications for these new licenses and certifications and was intended to achieve the early resolution of licensing issues, as well as to enhance the safety and reliability of nuclear power plants.

On March 13, 2006, the NRC published a proposed rulemaking (71 FR 12782) that would revise 10 CFR 52 to identify the specific requirements for COL applications. With regard to severe accidents, 10 CFR Part 52 codifies some parts of the guidance in the Severe Accident Policy Statement and Standardization Policy Statement. Specifically, 10 CFR 52.79 and 10 CFR 52.80 require the following information in a COL application:

information with respect to compliance with technically relevant portions of the Three Mile Island (TMI) requirements set forth in 10 CFR 50.34(f) proposed technical resolutions of those unresolved safety issues and medium-and high-priority generic safety issues that are identified in the version of NUREG-0933, A Prioritization of Generic Safety Issues, current 6 months prior to the application and that are technically relevant to the design a plant-specific PRA The above requirements are similar to the requirements in 10 CFR 52.47 for design certification applications. A COL applicant that does not reference a certified design should ensure that its plant design also satisfies the requirements of 10 CFR 52.47, as well as the COL specific requirements of 10 CFR 52.79 and 10 CFR 52.80.

2The reference to existing operating plants applies to light water reactor (LWR) plant technology contemporary with the issuance of the Commissions Severe Accident Policy Statement on August 8, 1985.

DG-1145, Page C.II.1-2 The NRC has also issued guidance for addressing severe accidents and PRA in the following documents:

NRC Policy Statement, Severe Reactor Accidents Regarding Future Designs and Existing Plants [Volume 50, page 32138, of the Federal Register (50 FR 32138), dated August 8, 1985]

NRC Policy Statement, Safety Goals for the Operations of Nuclear Power Plants (51 FR 28044, dated August 4, 1986)

NRC Policy Statement, Nuclear Power Plant Standardization (52 FR 34844, dated September 15, 1987)

NRC Policy Statement, The Use of Probabilistic Risk Assessment Methods in Nuclear Regulatory Activities (60 FR 42622, dated August 16, 1995)

SECY-90-016, Evolutionary Light-Water Reactor (LWR) Certification Issues and Their Relationship to Current Regulatory Requirements, issued January 12, 1990, and the related staff requirements memorandum (SRM), issued June 26, 1990 SECY-93-087, Policy, Technical, and Licensing Issues Pertaining to Evolutionary and Advanced Light-Water Reactor Designs, issued April 2,1993, and the related SRM, issued July 21, 1993 SECY-96-128, Policy and Key Technical Issues Pertaining to the Westinghouse AP600 Standardized Passive Reactor Design, issued June 12, 1996, and the related SRM, issued January 15,1997 SECY-97-044, Policy and Key Technical Issues Pertaining to the Westinghouse AP600 Standardized Passive Reactor Design, issued February 18, 1997, and the related SRM, issued June 30, 1997 The first four documents provide guidance regarding the appropriate course of action to address severe accidents and the use of PRA. The SRMs relating to SECY-90-016, SECY-93-087, SECY 128, and SECY-97-044 provide Commission-approved guidance for implementing features in new designs to prevent severe accidents and to mitigate their effects, should they occur. Summaries of these documents are provided in Appendix A to this section of DG-1145.

C.II.1.2 Purpose and Objectives The NRC intends to use the applicants PRA results and insights to determine whether the following objectives are met:

During the design phase, the PRA should have been used to:

Identify and address potential design and operational vulnerabilities (i.e., failures or combinations of failures that are significant risk contributors that could drive the risk to unacceptable levels with respect to the Commissions goals, as presented below).

Reduce or eliminate known weaknesses of existing operating plants2 that are applicable to the new design, by introducing appropriate features and requires.

Select among alternative features, operational strategies, and design options.

3This criterion is applicable for designs that have evolved from light water reactor (LWR) plant technology (contemporary with issuance of the Commissions Severe Accident Policy Statement on August 8, 1985) through the incorporation of features intended to enhance plant safety, availability, and operation.

DG-1145, Page C.II.1-3 Determine how the risk associated with the design compares against the Commissions goals of less than 1E-4/yr for core damage frequency (CDF) and less than 1E-6/yr for large release frequency (LRF). These goals were established in the Commission SRM dated June 26, 1990 in response to SECY-90-016. In addition, the Commission approved the use of a containment performance goal (CPG), which includes (1) a deterministic goal that containment integrity be maintained for approximately 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> following the onset of core damage for the more likely severe accident challenges and (2) a probabilistic goal that the conditional containment failure probability (CCFP) be less than approximately 0.1 for the composite of all core damage sequences assessed in the PRA. It should be noted that these are goals and not regulatory requirements and applicants should not artificially (or intentionally) increase PRA results associated with one metric simply to meet the goal associated with another metric. Rather, the applicant should compare their plant-specific PRA results and insights against these goals and address how their plant features properly balance severe accident prevention and mitigation.

Identify risk-informed safety insights based on systematic evaluations of the risks associated with the design:

Develop an in-depth understanding of the designs robustness and tolerance of severe accidents initiated by either internal or external events.

Develop an appreciation of the risk-significance of specific human errors associated with the design, and characterize the significant human errors in preparation for better training and more refined procedures.

Identify and support the development of design requirements, such as inspections, tests, analyses, and acceptance criteria (ITAACs), reliability assurance program (RAP), technical specifications (TS), and COL action items and interface requirements.

Support the process used to determine whether regulatory treatment of non-safety systems (RTNSS) is necessary, if applicable.

Determine whether the plant design, including the impact of site-specific characteristics, represents a reduction in risk compared to existing operating plant designs.3 Assess the balance of preventive and mitigative features of the design per 10 CFR 52.79(a)(38)

(71 FR 12782) including consistency with Commissions guidance in SECY-93-087.

Support, as a minimum, regulatory oversight processes [e.g., Mitigating Systems Performance Index (MSPI), Significance Determination Process (SDP)] and programs that will be associated with plant operations (e.g., technical specifications, reliability assurance, human factors, Maintenance Rule).

The review objectives are drawn from 10 CFR Part 52, the Commissions Severe Reactor Accident Policy Statement regarding future designs and existing plants, the Commissions Safety Goals Policy Statement, the Commission-approved positions concerning severe accidents contained in SECY-93-087, and NRC interest in the use of PRA to help improve future reactor designs. In general, the PRA and the NRC staffs review achieve these objectives.

4Risk-informed applications (e.g., implementation of 10 CFR 50.69 or NFPA-805) may involve a scope, level of detail, and/or technical adequacy for the affected areas that is greater than that needed for the COL application.

DG-1145, Page C.II.1-4 C.II.1.3 Scope The applicants PRA should be comprehensive in scope and address all applicable internal and external events and all plant operating modes. The scope should be sufficient to enable the NRC staff to meet the objectives identified in section C.II.1.2. The scope of the PRA may need to be expanded if the applicant voluntarily chooses to use the PRA to support other, additional risk-informed applications.4 C.II.1.4 Level of Detail The level of detail of the applicants PRA should be commensurate with the purpose and objectives discussed in Section C.II.1.2 (i.e., sufficient to gain risk-informed insights and use such insights, in conjunction with assumptions made in the PRA, to identify and support requirements important to the design and plant operation). The PRA should reasonably reflect the actual plant design, planned construction, anticipated operational practices, and relevant operational experience of the applicant and the industry.

The burden is on the applicant to justify that the PRA approach, methods, and data, as well as the requisite level of detail necessary for the NRC staffs review and assessment, are appropriate for the COL application. Additional guidance on the level of detail that should be included in the PRA is provided in Regulatory Guide 1.200, An Approach For Determining The Technical Adequacy Of Probabilistic Risk Assessment Results For Risk-Informed Activities, and Regulatory Guide 1.174, An Approach for Using Probabilistic Risk Assessment In Risk-Informed Decisions On Plant-Specific Changes To The Licensing Basis.

In cases where detailed design information (regarding cable and pipe routing, for example) is not available or when it can be shown that detailed modeling does not provide significant additional information, it is acceptable to make bounding-type assumptions consistent with the guidelines in Regulatory Guide 1.200. However, the risk models should still be able to be used to identify vulnerabilities, as well as design and operational requirements, such as ITAAC and COL action items. In addition, the bounding assumptions should not mask any risk-significant information about the design and its operation.

C.II.1.5 Technical Adequacy Consistent with the guidance in Section 2.5 of Regulatory Guide 1.174 regarding quality assurance, the staff expects the applicants PRA will have been subjected to quality control. The methods acceptable to the NRC staff to ensure that the pertinent quality assurance requirements of Appendix B to 10 CFR Part 50 are met and that the PRA is sufficient to be used in demonstrating that the objectives identified in Section C.II.1.2 of this guide are met, include:

C Use of personnel qualified for the analysis.

C Use of procedures that ensure control of documentation, including revisions, and provide for independent review, verification, or checking of calculations and information used in the analyses (an independent peer review or certification program can be used as an important element in this process).

5The issue of T-H uncertainties arises from the passive nature of safety-related systems used for accident mitigation. Passive safety systems rely on natural forces, such as gravity, to perform their functions. Such driving forces are small compared to those of pumped systems, and the uncertainty in their values, as predicted by a best-estimate T-H analysis, can be of comparable magnitude to the predicted values themselves. Therefore, some accident sequences with a frequency high enough to impact results, but which are not predicted to lead to core damage by a best-estimate T-H analysis, may actually lead to core damage when T-H uncertainties are considered in the PRA models.

DG-1145, Page C.II.1-5 C

Provide for documentation and maintenance of records, including archival documentation as well as submittal documentation.

C Use of procedures that ensure appropriate attention and corrective actions are taken if assumptions, analyses, or information used previously are changed or determined to be in error.

Toward this end, the applicants PRA submittal should be consistent with the prevailing PRA standards, guidance, and good practices, as needed to support its uses and applications, and as endorsed by the NRC (e.g., Regulatory Guide 1.200). The adherence to the recommendations provided in Regulatory Guides 1.200 and 1.174 pertaining to quality and technical adequacy will result in a more efficient and consistent NRC staff review process. Alternatively, the applicant should identify, and justify the acceptability of, alternative measures for addressing PRA quality and technical adequacy.

In addressing the technical adequacy of the PRA, the applicant should include (1) a discussion of prior NRC staff review of the PRA (e.g., during design certification), findings (i..e., facts and observations) from that review, disposition to those findings, and the relevance of that review to the technical adequacy of the current plant-specific PRA; (2) a discussion of the scope, level of detail, and technical adequacy needed to support the specific uses and risk-informed applications; (3) a discussion regarding how technical adequacy is determined for pertinent PRA scope areas in which the NRC has not endorsed PRA standards (i.e., identify the guidance and good practices documents relied upon to determine the technical adequacy of the PRA); (4) a discussion on the use of and criteria for independent peer reviews; and (5) a discussion on the process for dispositioning independent peer review findings and maintaining or upgrading the PRA, as appropriate.

As noted in Element 1.1 of Table A-1 in Appendix A to Regulatory Guide 1.200, special emphasis should be placed on PRA modeling of novel and passive features in the design, as well as addressing issues related to those features, such as digital instrumentation and control, explosive (squib) valves, and the issue of thermal hydraulic (T-H) uncertainties.5 C.II.1.6 Risk Insights In addition to using the PRA models to assess risk and determine significant accident sequences and major contributors, the applicant should perform uncertainty, importance, and sensitivity analyses.

Such analyses provide important information about (1) areas where certain design features are the most effective in reducing risk with respect to operating reactor designs; (2) major contributors to risk, such as hardware failures and human errors; (3) major contributors to maintaining the built-in plant safety and ensuring that the risk does not increase unacceptably; (4) major contributors to the uncertainty associated with the risk estimates; and (5) sensitivity of risk estimates to uncertainties associated with failure data, assumptions made in the PRA models, lack of modeling details in certain areas, and previously raised issues.

DG-1145, Page C.II.1-6 For designs that have evolved from current plant technology, through the incorporation of several features intended to make the plant safer, more available, and easier to operate, the results of the PRA should indicate that the design represents a reduction in risk compared to existing operating plants.2 For this purpose, a broad (qualitative or quantitative) comparison of risks, by initiating event category, between the proposed design and existing operating plant designs (from which the proposed design evolved) can be helpful in identifying the major design features that contribute to the reduced risk of the proposed design compared to existing plant designs (e.g., passive systems, less reliance on offsite and onsite power for accident mitigation, and divisional separation).

The applicant should also investigate the impact of data uncertainties on the risk estimates. The uncertainty analysis should identify major contributors to the uncertainty associated with the estimated risks.

Risk importance studies should be performed at the system, train, and component level. Such studies provide very useful insights about (1) the systems that contribute the most in achieving the low risk level assessed in the PRA, (2) events (e.g., component failures or human errors) that contribute the most to decreases in the built-in plant safety level, and (3) events that contribute the most to the assessed risk.

Sensitivity studies should be performed to gain insights about the impact of uncertainties (and potential lack of detailed models) on the estimated risk. The objectives of the sensitivity studies are to (1) determine the sensitivity of the estimated risk to potential biases in numerical values, such as initiating event frequencies, failure probabilities, and equipment unavailabilities; (2) determine the impact of potential lack of modeling details on the estimated risk; and (3) determine the sensitivity of the estimated risk to previously raised issues (e.g., motor-operated valve reliability). In addition, for designs using passive safety systems and active defense-in-depth systems, sensitivity studies can be performed to investigate the impact of uncertainties on PRA results under the assumption of plant operation without credit for the non-safety-related defense-in-depth systems. These studies provide additional insights about the risk importance of the defense-in-depth systems, that are taken into account in selecting non-safety-related systems for regulatory oversight according to the RTNSS process.

The applicant should use the results and insights of the PRA, including those from the uncertainty analyses, importance analyses, and sensitivity studies, in an integrated fashion, to perform the following:

Address weaknesses through specific design and/or operational changes.

Identify and establish specifications and performance objectives (e.g., ITAACs, technical specifications, reliability assurance program, RTNSS, and COL action items) for the design, construction, testing, inspection, and operation of the plant to ensure that assumptions made in the PRA (e.g., regarding design and operational features of a safety system, system interactions, and human actions) will remain valid in the as-to-be-built, as-to-be-operated plant and that uncertainties have been appropriately addressed.

The applicants submittal should include the results of the PRA and a discussion of the corresponding insights. In addition, the submittal should address the application and implementation of the acquired risk insights.

DG-1145, Page C.II.1-7 C.II.1.7 Format and Content The applicant should provide an acceptable level of documentation to enable the NRC staff to conclude that the objectives identified in Section C.II.1.2 were met and to reach a finding that the applicant has performed a sufficiently complete and scrutable analysis and that the results support the application for a COL. The submitted PRA should include adequate information, in terms of both models (initiating events, fault and event trees, success criteria, data, important assumptions and calculations) and results (minimal cut sets, importance, sensitivity, and uncertainty analyses).

Consistent with practices for operating plants, the applicant does not need to provide all plant-and site-specific PRA information to the NRC; however, the applicant should maintain such information and make it available for NRC review. Documentation of the PRA process and findings should be provided and, additionally, should include a description of the applicants provisions to ensure adequacy in accordance with Regulatory Guide 1.200.

To support the NRC staffs timely review and assessment of the documentation, the applicant should adhere to the recommended format and content identified in Appendix B, Probabilistic Risk Assessment to Support a Combined License Application: Standard Format and Content.

In addition to submitted documentation, the applicant should maintain archival documentation, consistent with the guidance provided in Section 3.2, Archival Documentation, of Regulatory Guide 1.174. The archival documentation should include a detailed description of engineering analyses conducted and the results obtained, irrespective of whether they were quantitative or qualitative, or whether the analyses made use of traditional engineering methods or probabilistic approaches. Such documentation should be maintained by the applicant, as part of the normal quality assurance program, so that it is available for examination. Documentation of the analyses should be maintained as lifetime quality records in accordance with Regulatory Guide 1.33, Quality Assurance Program Requirements (Operation).

C.II.1.8 PRA Maintenance and Upgrade The applicant should develop a PRA maintenance and upgrade program, based on the configuration control guidance in Regulatory Guide 1.200, and provide a description of this program.

This description should identify how the PRA will be maintained to ensure that it reasonably reflects as-designed, as-to-be-built, and as-to-be-operated conditions. If the applicant uses a screening process that allows insignificant changes to be deferred or not incorporated during the next scheduled PRA maintenance update, the applicant should describe the process and criteria, including documentation requirements. Likewise, if the process includes conditions that require an immediate maintenance update or upgrade of the PRA prior to the next scheduled PRA maintenance update, the applicant should describe the related process and criteria.

The NRC staff expects the plant-specific PRA to reasonably reflect the plant as it was constructed, in preparations for startup, and therefore, the plant-specific PRA should be upgraded prior to initial operations to incorporate those changes that were deferred (i.e., screened as not being significant) during the design, COL application, and construction phases, and to address findings during the PRA-related plant walkdowns. Therefore, the applicant should describe their approach for ensuring that the plant-specific PRA will reasonably reflect the plant prior to initial operations.

DG-1145, Page C.II.1-8 In addition, the applicant should describe how the applicant will ensure that the PRA maintains the appropriate scope, level of detail, and technical adequacy, consistent with the prevailing PRA standards, guidance, and good practices, as needed to support its uses and risk-informed applications, per the guidance presented in Sections C.II.1.3, C.II.1.4, and C.II.1.5, respectively, of this guide.

Appendix A to Section C.II.1 of DG-1145, Page C.II.1.-1 Appendix A NRC Regulatory Guidance on Severe Accidents The Commission expects that new designs will achieve a higher standard of severe accident safety performance than previous designs.2 In an effort to provide this additional level of safety in the design of advanced nuclear power plants, the NRC has developed guidance and goals to accommodate events that are beyond the design basis of the plant. Designers should strive to meet these goals.

For advanced nuclear power plants, including both the evolutionary and passive designs, the NRC concluded that vendors should address severe accidents during the design stage. Designers can take full advantage of the insights gained from such input as probabilistic safety assessments, operating experience, severe accident research, and accident analysis by designing features to reduce the likelihood that severe accidents will occur and, in the unlikely occurrence of a severe accident, to mitigate the consequences of such an accident. Incorporating insights and design features during the design phase is much more cost effective than modifying existing operating plants.2 Severe Accident Policy Statement. The Commission issued its policy statement, entitled Severe Reactor Accidents Regarding Future Designs and Existing Plants, on August 8, 1985. This policy statement was prompted by the NRCs judgment that severe accidents, which are beyond the traditional design-basis events, constitute the major remaining risk to the public associated with radioactive releases from nuclear power plant accidents. A fundamental objective of the Commissions severe accident policy is to take all reasonable steps to reduce the chances that a severe accident involving substantial damage to the reactor core will occur and to mitigate the consequences of such an accident, should one occur. This statement describes the policy that the Commission uses to resolve safety issues related to reactor accidents that are more severe than design-basis accidents (DBAs). The statement focuses on the guidance and procedures that the Commission intends to use to certify new designs for nuclear power plants. Regarding the decision process for certifying a new standard plant design, an approach the Commission strongly encouraged for future plants, this policy statement affirms the Commissions belief that a new design for a nuclear power plant can be shown to adequately address severe accident concerns if it meets the following guidance:

demonstration of compliance with the requirements of current Commission regulations, including the TMI requirements for new plants, as reflected in 10 CFR 50.34(f) demonstration of technical resolution of all applicable unresolved safety issues (USI) and the medium-and high-priority generic safety issues (GSI), including a special focus on ensuring the reliability of decay heat removal (DHR) systems and the reliability of both alternating current (ac) and direct current (dc) electrical supply systems completion of a PRA and consideration of the severe accident vulnerabilities exposed by the PRA, along with the insights that it may add to providing assurance of no undue risk to public health and safety completion of a staff review of the design with a conclusion of safety acceptability using an approach that stresses deterministic engineering analyses and judgment, complemented by PRA

6Following the 1979 accident at the Three Mile Island (TMI) Nuclear Plant, Unit 2, it was recognized that severe accidents (i.e., those in which substantial damage is done to the reactor core, regardless of whether serious offsite consequences occur) needed further attention. The NRC evaluated, generically, the capability of existing operating plants to tolerate a severe accident. The NRC found that the design-basis approach contained significant safety margins for the analyzed events.

These margins permitted operating plants to accommodate a large spectrum of severe accidents. Based on this information, the Commission, in the Severe Accident Policy Statement (50 FR 32138, August 8, 1985), concluded that existing operating plants posed no undue risk to public health and safety and that no basis existed for immediate action on generic rulemaking or other regulatory changes affecting these plants because of the risk posed by a severe accident. To address this issue for operating plants in the long term, the NRC issued SECY-88-147, Integration Plan for Closure of Severe Accident Issues, in May 1988. This document identified the necessary elements for closure of severe accidents:

performance of an individual plant examination assessment of generic containment performance improvements improved plant operations a severe accident research program an external events program an accident management program Appendix A to Section C.II.1 of DG-1145, Page C.II.1.-2 At the time it issued the Severe Accident Policy Statement, the Commission believed that an adequate basis existed to establish appropriate guidance. This belief was supported by the current operating reactor experience, ongoing severe accident research, and insights from a variety of risk analyses. The Commission recognized the need to strike a balance between accident prevention and consequence mitigation and, in doing so, expected vendors engaged in designing new standard plants to achieve a higher standard of severe accident safety performance than they achieved in previous designs.6 Safety Goals Policy Statement. The Commission issued its policy statement, entitled Safety Goals for the Operation of Nuclear Power Plants, on August 4, 1986. This policy statement focused on the risks to the public from nuclear power plant operations with the objective of establishing goals that broadly define an acceptable level of radiological risk that might be imposed on the public as a result of nuclear power plant operation. These risks are associated with the release of radioactive material from the reactor to the environment during normal operations, as well as from accidents. The Commission established the following two qualitative safety goals:

(1)

Individual members of the public should be provided a level of protection from the consequences of nuclear power plant operation such that individuals bear no significant additional risk to life and health.

(2)

Societal risks to life and health from nuclear power plant operation should be comparable to or less than the risks of generating electricity by viable competing technologies and should not be a significant addition to other societal risks.

These goals are supported by the following two quantitative objectives that determine achievement of the above safety goals:

(1)

The risk to an average individual in the vicinity of a nuclear power plant of a prompt fatality that might result from reactor accidents should not exceed one-tenth of one percent (0.1 percent) of the sum of prompt fatality risks resulting from other accidents to which members of the U.S.

population are generally exposed.

(2)

The risk to the population in the area near a nuclear power plant of cancer fatalities that might result from nuclear power plant operation should not exceed one-tenth of one percent (0.1 percent) of the sum of cancer fatality risks resulting from all other causes.

Appendix A to Section C.II.1 of DG-1145, Page C.II.1.-3 This statement of the NRC safety policy expresses the Commissions views on the level of risk to public health and safety that the industry should strive for in its nuclear power plants. The Commission recognizes the importance of mitigating the consequences of a core melt accident and continues to emphasize such features as the containment, siting in less populated areas, and emergency planning as integral parts of the defense-in-depth concept associated with its accident prevention and mitigation philosophy. The Commission approves the use of the qualitative safety goals, including use of the quantitative health effects objectives, in the regulatory decisionmaking process.

Standardization Policy Statement. The Commission issued its policy statement, entitled Nuclear Power Plant Standardization, on September 15, 1987. This policy statement encourages the use of standard plant designs and contains information concerning the certification of plant designs that are essentially complete in terms of scope and level of detail. The intent of these actions was to improve the licensing process and to reduce the complexity and uncertainty in the regulatory process for standardized plants. With respect to severe accidents, the NRC expects applicants to address the guidance for new plant designs provided in the Commissions Severe Accident Policy Statement.

Use of PRA Methods in Nuclear Regulatory Activities Policy Statement. The Commission issued its policy statement, entitled Use of Nuclear Probabilistic Risk Assessment Methods in Nuclear Regulatory Activities, on August 16, 1995. This statement outlines the policy that the NRC will follow for using PRA methods in nuclear regulatory matters. The Commission established this policy so that the many potential applications of PRA could be implemented in a consistent and predictable manner to promote regulatory stability and efficiency. The Commission adopted the following policy statement regarding the expanded NRC use of PRA:

The use of PRA technology should be increased in all regulatory matters to the extent supported by the state-of-the-art in PRA methods and data and in a manner that complements the NRCs deterministic approach and supports the NRCs traditional defense-in-depth philosophy.

PRA and associated analyses (e.g., sensitivity studies, uncertainty analyses, and importance measures) should be used in regulatory matters, where practical within the bounds of the state-of-the-art, to reduce unnecessary conservatism associated with current regulatory requirements, regulatory guides, license commitments, and staff practices. Where appropriate, PRA should be used to support the proposal for additional regulatory requirements, in accordance with 10 CFR 50.109 (Backfit Rule). Appropriate procedures for including PRA in the process for changing regulatory requirements should be developed and followed. It is, of course, understood that the intent of this policy is that existing rules and regulations shall be complied with unless such rules and regulations are revised.

PRA evaluations in support of regulatory decisions should be as realistic as practicable and appropriate supporting data should be publicly available for review.

The Commissions safety goals for nuclear power plants and subsidiary numerical objectives are to be used with appropriate consideration of uncertainties in making regulatory judgments on the need for proposing and backfitting new generic requirements on nuclear power plant licensees.

Appendix A to Section C.II.1 of DG-1145, Page C.II.1.-4 SECY-90-016. On January 12, 1990, the NRC staff issued SECY-90-016 which requested Commission approval for the staffs recommendations concerning proposed departures from current regulations for the evolutionary light-water reactors (LWR). The issues in SECY-90-016 were significant to reactor safety and fundamental to the NRC decision on the acceptability of evolutionary LWR designs. The positions in SECY-90-016 were developed as a result of the following activities:

NRC reviews of current-generation reactor designs and evolutionary LWRs consideration of operating experience, including the TMI-2 accident results of PRAs of current-generation reactor designs and the evolutionary LWRs early efforts conducted in support of severe accident rulemaking research to address previously identified safety issues The Commission approved some of the staff positions stated in SECY-90-016 and provided additional guidance regarding others in an SRM dated June 26, 1990.

SECY-93-087. On April 2, 1993, the NRC staff issued SECY-93-087 which sought Commission approval for the staffs positions pertaining to evolutionary and passive LWR design certification policy issues. This paper evolved from SECY-90-016. SECY-93-087 addresses the following preventive and mitigative feature issues relating to the AP1000:

Preventive:

anticipated transient without scram (ATWS) mid-loop operation station blackout (SBO) fire protection inter-system loss-of-coolant accident (ISLOCA)

Mitigative:

hydrogen control core debris coolability high-pressure core melt ejection containment performance dedicated containment vent penetration equipment survivability containment bypass potential resulting from steam generator tube ruptures The Commission approved some of the staff positions stated in SECY-93-087 and provided additional guidance regarding others in an SRM dated July 21, 1993.

SECY-96-1 28. On June 12, 1996, the NRC staff issued SECY-96-128 which sought Commission approval for the staffs position pertaining to the AP600 reactor design. The issues involving severe accidents include the following:

prevention and mitigation of severe accidents external reactor vessel cooling (ERVC)

The Commission provided additional guidance concerning prevention and mitigation of severe accidents and approved the staffs position concerning ERVC in an SRM dated January 15, 1997.

Appendix A to Section C.II.1 of DG-1145, Page C.II.1.-5 SECY-97-044. On February 18,1997, the NRC staff issued SECY-97-044 which provided the Commission with additional information regarding prevention and mitigation of severe accidents. This paper responded to the Commissions SRM dated January 15, 1997, and provided additional information regarding the type of non-safety-related system that would achieve an appropriate balance between prevention and mitigation of severe accidents for the AP600 reactor design, which is also applicable to the AP1 000 design. The Commission approved the staffs position in an SRM dated June 30, 1997.

Appendix B to Section C.II.1 of DG-1145, Page C.II.1.B-1 Appendix B Probabilistic Risk Assessment To Support a Combined License Application Standard Format and Content

[Note: This standard format is consistent with the guidance provided in Regulatory Guide 1.200, An Approach For Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities, and adapted to the specific uses of the PRA to support a COL application.

The content of the applicants submittal should include adequate information (e.g., in terms of models, results, and interpretation of results) to enable the NRC staff to conclude whether the objectives identified in Section C.II.1.2 of this guide are met. The requisite level of detail, technical adequacy, and risk insights to be included in the submittal are identified in Sections C.II.1.4, C.II.1.5, and C.II.1.6 of this guide, respectively.]

1.0 Introduction - General Overview 2.0 Core Damage Evaluation (includes internal and external events) 2.1 Methodology Overview 2.2 Internal Events at Full-Power

[Note: This section should provide the plant-specific PRA for internal initiating events under full-power operating conditions. In so doing, this section should identify and describe the internal events evaluated. If some internal events are screened out or incorporated into other evaluations (e.g., grouped events), the screening/bounding/grouping should be described in Subsection 2.2.1, below.]

2.2.1 Initiating Events 2.2.2 Success Criteria 2.2.3 Accident Sequence 2.2.4 Systems Analyses 2.2.5 Parameter Estimation 2.2.6 Human Reliability Analysis 2.2.7 Quantification (including results) 2.2.8 Importance, Sensitivity, and Uncertainty Analyses

Appendix B to Section C.II.1 of DG-1145, Page C.II.1.B-2 2.3 External Events at Full-Power

[Note: This section should provide the plant-specific PRA for external initiating events under full-power operating conditions. In so doing, this section should identify and describe the external events evaluated. If some external events are screened out or incorporated into other evaluations, this section should describe the screening/bounding.]

2.3.1 Internal Floods 2.3.1.1 Methodology and Approach 2.3.1.2 Flood Identification 2.3.1.3 Flood Evaluation 2.3.1.4 Quantification (including results) 2.3.1.5 Importance, Sensitivity, and Uncertainty Analyses 2.3.2 Internal Fires 2.3.2.1 Methodology and Approach 2.3.2.2 Screening Analysis 2.3.2.3 Fire Initiation 2.3.2.4 Fire Damage 2.3.2.5 Plant Response Analysis and Quantification 2.3.2.6 Quantification (including results) 2.3.2.7 Importance, Sensitivity, and Uncertainty Analyses 2.3.3 Seismic Events 2.3.3.1 Methodology and Approach 2.3.3.2 Screening and Bounding Analysis 2.3.3.3 Hazard Analysis 2.3.3.4 Fragility Analysis 2.3.3.5 Accident Sequence and System Model Modification 2.3.3.6 Quantification (including results) 2.3.3.7 Importance, Sensitivity, and Uncertainty Analyses

[Note: Other external events that are evaluated should be provided in subsections that follow the same format and content of information as above.]

Appendix B to Section C.II.1 of DG-1145, Page C.II.1.B-3 2.4 Events During Other Modes of Operation

[Note: This section should provide the plant-specific PRA for modes of operation other than full-power (including shutdown). This section should identify and describe the other (non-full-power) modes of operation evaluated. If the evaluation of some modes is incorporated into (or bounded by) the evaluations of other modes, this section should describe the grouping/bounding.]

2.4.1 Shutdown Events 2.4.1.1 Initiating Events 2.4.1.2 Success Criteria 2.4.1.3 Accident Sequence 2.4.1.4 Systems Analyses 2.4.1.5 Parameter Estimation 2.4.1.6 Human Reliability Analysis 2.4.1.7 Quantification (including results) 2.4.1.8 Importance, Sensitivity, and Uncertainty Analyses

[Note: Other modes of operation (other than full-power) that are evaluated should be provided in subsections that follow the same format and content of information as above.]

2.5 Conclusions and Insights Related to Core Damage Evaluation 2.5.1 Significant Accident Sequences 2.5.2 Integrated Insights from the Importance, Sensitivity, and Uncertainty Analyses 2.5.3 Significant Design Features and Operator Actions

[Note: Include a discussion of features that contribute significantly to the reduced risk, by initiating event category, as compared to operating plant designs, if applicable.]

3.0 Containment Performance & Radionuclide Release Assessment 3.1 Severe Accident Treatment 3.1.1 Treatment of Physical Processes/Phenomena (including evaluations in accordance with SECY-93-087) 3.1.2 Severe Accident Analysis Methods/Models 3.1.3 Severe Accident Progression for Significant Core Damage Sequences 3.2 Containment Event Tree Analysis 3.2.1 Interface with Core Damage Evaluation 3.2.2 Containment Event Tree Top Events and Success Criteria 3.2.3 Release Category Definitions

Appendix B to Section C.II.1 of DG-1145, Page C.II.1.B-4 3.3 Containment Ultimate Pressure Capacity and Conditional Containment Failure Probability 3.4 Quantification of Release Frequency and Source Terms 3.5 Importance, Sensitivity, and Uncertainty Analyses 3.6 Interpretation of Results and Insights (including comparisons with goals) 3.7 Conclusions and Insights Related to Containment Performance Assessment 4.0 Offsite Consequence Evaluation

[Note: applicable if such information is included in applicants PRA]

4.1 Methodology Overview 4.2 Interface with Containment Performance Assessment 4.3 Evaluation of Fission Product Source Terms 4.4 Dose Consequence Modeling 4.5 Quantification and Results 4.6 Importance, Sensitivity, and Uncertainty Analyses 4.7 Conclusions and Insights Related to Offsite Consequences Evaluation 5.0 Use of PRA in the Design Process

[Note: Address how the PRA was used in the design process to achieve the following objectives (and provide examples): (1) identify vulnerabilities in operating reactor designs and introduce features and requirements to reduce or eliminate those vulnerabilities; and (2) quantify the effect of new design features and operational strategies on plant risk.]

6.0 PRA Conclusions

[Note: Address how the purpose and objectives are met.]

6.1 CDF, LRF, and Offsite Dose from Internal, External, and Low-Power/Shutdown Events 6.2 Important Features for Reducing Risk 6.3 PRA input to Regulatory Processes and Programs (e.g., RAP, RTNSS, Tier 1, COL action items, man-machine-interface, EOPs, SAMG) 7.0 PRA Maintenance Program/Process