Download hardcopy - Meetings and Conferences Online Home Page
Download hardcopy - Meetings and Conferences Online Home Page
Download hardcopy - Meetings and Conferences Online Home Page
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Foreword<br />
Dear Colleagues:<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
March 13-17, 2011<br />
Welcome to Wilmington, North Carolina, the site of the 2011 International Topical Meeting on Probabilistic Safety Assessment,<br />
(PSA 2011). This is the most recent of a series of topical meetings on PSA sponsored by the American Nuclear Society<br />
Nuclear Installation Safety Division. The Wilmington Local Section of American Nuclear Society is proud to act as the<br />
host for this important meeting.<br />
In addition to the society sponsorship we would like to recognize our other sponsors. Our major sponsors include ERIN<br />
Engineering <strong>and</strong> Research, GE Hitachi Nuclear Energy, <strong>and</strong> Sc<strong>and</strong>power. Additional exhibitors <strong>and</strong> sponsors include Engineering,<br />
Planning & Management, Inc. (EPM), Curtiss Wright Flow Control (Scientech), Maracor, Nuclear Safety Associates<br />
(NSA), S<strong>and</strong>ia National Labratories, <strong>and</strong> Westinghouse.<br />
The purpose of PSA 2011 is to provide a world stage for presenting <strong>and</strong> discussing the development <strong>and</strong> evolution of<br />
proba¬bilistic methods <strong>and</strong> their use in the risk management of nuclear facilities. Although we consider PSA to be a mature<br />
technology, we continue to see changes <strong>and</strong> improvements in the methods <strong>and</strong> st<strong>and</strong>ards as a result of new applications,<br />
particularly as it applies to the development of risk management methods <strong>and</strong> approaches, as well as, in advanced reactor<br />
design. The changes in PSA methods are evident in technical areas such as Fire PSA, Seismic PSA, Passive Design PSA,<br />
<strong>and</strong> Dynamic PSA, all of which are focus areas for PSA 2011. These changes highlight the importance of the PSA 2011<br />
conference, where many of the PSA advancements will be shared <strong>and</strong> discussed. Important issues such as aging workforce<br />
<strong>and</strong> translating PSA insights to organizational risk management approaches are important aspects for improving <strong>and</strong> maturing<br />
our technology for the next generation of risk practitioners. The PSA conference will continue to grow in importance for<br />
knowledge management <strong>and</strong> learning, which is why we have sponsored additional student participation <strong>and</strong> a best student<br />
paper award for the conference.<br />
We encourage you to take some time <strong>and</strong> attend a session or two outside of your area of specialty <strong>and</strong> learn about the<br />
diversity of applications of Probabilistic Safety Assessment. We also encourage you to ask questions <strong>and</strong> get into extensive<br />
dialogue with other attendees, which helps build new bridges <strong>and</strong> broadens our field of thinking while making some new<br />
friends in the process.<br />
Approximately 250 full papers have been contributed from the international community, <strong>and</strong> we are proud of the additional<br />
international participating from outside the US including papers from over 25 countries <strong>and</strong> registrants from over 30 countries.<br />
We appreciate our Technical Program Co-Chairs’ efforts to organize this exp<strong>and</strong>ed participation.<br />
On behalf of the members of the organizing committee we invite you to actively participate in the conference <strong>and</strong> wish you<br />
a great stay in Wilmington. We hope you can experience true southern hospitality during your stay, so feel free to call upon<br />
any of the local participants to assist you during your visit.<br />
Rick Grantom Dennis Henneke<br />
General Chair Technical Program Chair<br />
1
2<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
March 13-17, 2011<br />
Acknowledgement<br />
The Probabilistic Safety Analysis (PSA) 2011 Conference Organizing Committee wishes to express our gratitude to the<br />
many people <strong>and</strong> organizations that have contributed to this conference. The ANS’ Nuclear Installation Safety Division<br />
(NISD) <strong>and</strong> the Wilmington Local Section of the ANS provided volunteers that organized <strong>and</strong> managed the Wilmington, NC,<br />
topical meeting. The financial <strong>and</strong> logistical support provided by contributing sponsors significantly enhanced the conference<br />
experience.<br />
In particular, the NISD acknowledges each author <strong>and</strong> participant for your interest, technical contributions <strong>and</strong> willingness to<br />
actively participate. Each participant’s paper <strong>and</strong> presentation represents a significant investment, sometimes summarizing<br />
years’ worth of effort by the authors. These authors’ efforts are invaluable in the PSA community.<br />
The PSA 2011 Conference organizing committee acknowledges the significant contributions of our sponsors, ERIN Engineering<br />
<strong>and</strong> Research, GE Hitachi Nuclear Energy <strong>and</strong> Sc<strong>and</strong>power, along with Curtiss Wright Flow Control (Scientech),<br />
Engineering Planning & Management, Inc. (EPM), Maracor, Nuclear Safety Associates (NSA), S<strong>and</strong>ia National Laboratories<br />
(SNL) <strong>and</strong> Westinghouse.<br />
There were numerous individuals that disseminated the notice of this meeting <strong>and</strong> encouraged submission of technical papers.<br />
This support facilitated a very strong performance by the Technical Program Committee with nearly 260 papers from<br />
over 30 countries.<br />
In particular, the ANS NISD acknowledges the following individuals for their volunteer efforts <strong>and</strong> dedication to facilitate the<br />
technical program of this conference; Dennis Henneke, Dr. Enrico Zio, Kohei (Kevin) Hisamochi, Joon-Eon Yang, David<br />
Johnson, Dr. Nathan Siu <strong>and</strong> Dr. Bulent Alpay.<br />
The management <strong>and</strong> organization of PSA 2011 was made possible by the volunteer effort <strong>and</strong> dedication of the following<br />
individuals, Drs. Phillip & Karen Ellison, Dr. Theron Marshall, Dr. Kurshad Muftuoglu, Rick Grantom, Matthew Warner, Dr.<br />
John Bennion, Lisa Marshall, Dr. Jonathan Li, Tyler & Lauren Schweitzer, Glen Seeman, R<strong>and</strong>y Morrill, Jim Fawks, Elizabeth<br />
Dunn, Jesus G Diaz-Quiroz, Benjamin Schmidt, James Young <strong>and</strong> Jose Caro.<br />
In addition, the conference organization committee acknowledges insights provided from the PSA 2008 organization committee<br />
<strong>and</strong> the NISD PSA steering committee members: Dr. Robert Budnitz, Dr. Charles Martin, Dr. Ian Wall <strong>and</strong> Dr. Kevin<br />
O’kula. These insights <strong>and</strong> the contributions from Drs. George Apostolakis, Michael Corradini <strong>and</strong> John Kelly are seen<br />
throughout the program’s organizations.<br />
Of particular note are the invaluable contributions made by Mrs. Hanna Shapira of Techno-Info Comprehensive Solutions<br />
(TICSs) on the Web Site design <strong>and</strong> <strong>Online</strong> Software. The conference organization committee expresses our sincere appreciation<br />
for the professionalism, technical skill, <strong>and</strong> patience she provided.<br />
Best Regards<br />
Dr. Phillip G. Ellison<br />
Co-Chair: PSA 2011 Conference
Welcome<br />
March 2011<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
March 13-17, 2011<br />
SCIENTECH WELCOMES YOU TO PSA 2011<br />
Welcome to Wilmington! Scientech, a business unit of Curtiss-Wright Flow Control Company,<br />
is pleased you are here. As the sponsor of the golf outing, we look forward to seeing you on the<br />
links <strong>and</strong> throughout the conference.<br />
Scientech is a worldwide provider of expert services <strong>and</strong> products to the nuclear power industry<br />
<strong>and</strong> is dedicated to providing solutions to the current <strong>and</strong> future fleet. We are currently<br />
participating in full scope internal event upgrade <strong>and</strong> fire PRA projects for several sites. The fire<br />
PRA projects are full-scope risk-informed performance-based projects for transitioning from<br />
Appendix R to NFPA-805 (10CFR 50.48 (c)). We have successfully completed internal event<br />
<strong>and</strong> fire PRA peer reviews. For the fire PRAs we have developed reasonable (albeit conservative)<br />
<strong>and</strong> defensible results without implementing major plant modifications. We have been able to<br />
implement a st<strong>and</strong>ardized approach, improving our efficiency <strong>and</strong> addressing the uncertainties<br />
inherent in the modeling approaches contained in NUREG/CR-6850. In addition to US clients,<br />
international clients are pursuing this area; <strong>and</strong> we expect additional international projects to start<br />
very soon.<br />
Future opportunities abound for using risk informed, performance based approached to support<br />
further improvements in safety focus <strong>and</strong> performance.<br />
Scientech <strong>and</strong> our sister nuclear-focused companies in Curtiss-Wright Flow Control (EES, EMD,<br />
Enertech, EST Group, NETCO, Nova Machine, QualTech NP, Solent & Pratt <strong>and</strong> Target Rock)<br />
have the resources to support the critical needs of the nuclear power industry… today <strong>and</strong> in the<br />
future.<br />
We look forward to a great week with many engaging conversations <strong>and</strong> technical sessions.<br />
Sincerely,<br />
Jim Chapman<br />
Director Safety <strong>and</strong> Risk<br />
Scientech, Curtiss Wright Flow Control<br />
1540 International Parkway<br />
Suite 2000<br />
Lake Mary, Florida 32746<br />
Phone: 407-536-5338<br />
Fax: 407-536-5156<br />
Cell: 978-870-0432<br />
jchapman@curtisswright.com<br />
3
4<br />
Welcome<br />
March 2011<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
March 13-17, 2011<br />
Dear PSA 2011 Attendee,<br />
Maracor welcomes you to PSA 2011. We are pleased to be a sponsor of this important<br />
conference, <strong>and</strong> a number of our staff will be presenting papers throughout the next few<br />
days. With such a diverse spectrum of presentation topics, we are sure that you will leave<br />
the conference with information that will help you to do your work more efficiently <strong>and</strong><br />
effectively.<br />
Maracor provides analytical consulting services <strong>and</strong> technical software development,<br />
primarily for the electric utility industry. For more than eight years, we have provided<br />
high-quality products <strong>and</strong> services to over one-half of the nuclear power stations in the<br />
US, as well as other clients around the world. Our experienced staff has a proven track<br />
record of technical capability, customer service, <strong>and</strong> on-time product delivery. We<br />
provide PSA development <strong>and</strong> update support, Configuration Risk Management, PSA<br />
applications, reliability analysis, maintenance optimization, software applications, <strong>and</strong><br />
cost-benefit analysis services.<br />
We hope that you will stop by our exhibit booth on Sunday or Monday. We would be<br />
happy to discuss our capabilities <strong>and</strong> experience with you.<br />
Sincerely,<br />
Thomas Morgan<br />
President
Welcome<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
March 13-17, 2011<br />
5
6<br />
Welcome<br />
March 2011<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
March 13-17, 2011<br />
Welcome to PSA 2011!<br />
To our fellow Risk Management Professionals:<br />
EPM welcomes you to Wilmington <strong>and</strong> to the 12 th International Topical Meeting on Probabilistic Risk<br />
Assessment <strong>and</strong> Analysis.<br />
Engineering Planning <strong>and</strong> Management was founded more than 30 years ago to provide consulting services to<br />
the nuclear industry, primarily in the areas of fire protection, Appendix R, equipment qualification <strong>and</strong> licensing<br />
support. With the industry move toward a risk informed regulatory environment <strong>and</strong> the transition of many<br />
plants to NFPA 805 in particular, EPM has evolved <strong>and</strong> now provides risk management services as well. A little<br />
more than two years ago, the EPM Risk Solutions Division was formed to enable EPM to provide the full<br />
spectrum of services for plants making the move from Appendix R to NFPA 805 as the basis for their fire<br />
protection program. The core team of the Risk Solutions Division is made up of industry professionals that have<br />
been providing PRA <strong>and</strong> safety analysis expertise to the nuclear industry close to three decades. The Risk<br />
Solutions Division is currently developing Fire PRAs for several clients <strong>and</strong> has also provided support for SDPs,<br />
HRA, thermal hydraulics <strong>and</strong> other general PRA support. EPM developed the GENESIS software suite for<br />
managing cable <strong>and</strong> raceway, safety systems, <strong>and</strong> fire protection information, <strong>and</strong> for performing safe<br />
shutdown / nuclear safety system analyses. The EPM Risk Solutions Division is also developing the PRISM<br />
software to visually display equipment damage due to fire scenarios <strong>and</strong> prepare the files necessary for<br />
quantification of the Fire PRA.<br />
As a new addition to the nuclear risk analysis community, EPM is excited to be a part of PSA 2011. We feel that<br />
we bring a fresh perspective to the industry with additional insights from the utility perspective. We will be<br />
presenting several papers on topics dealing with Fire PRA <strong>and</strong> Fire HRA, <strong>and</strong> we intend to establish a long<br />
tradition of participation in these events.<br />
We hope you enjoy the conference <strong>and</strong> the beautiful Wilmington area this week!<br />
James Masterlark<br />
Division Manager<br />
Risk Solutions Division
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wilmington, NC March 13-17, 2011<br />
Organizing Committee<br />
Honorary Chair Dr. George Apostolakis, Commissioner, US Nuclear Regulatory<br />
Commission<br />
General Chair Rick Grantom, South Texas Project<br />
General Co-Chair Dr. Phillip G Ellison, GE Hitachi Nuclear Energy (GEH)<br />
Technical Program Chair Dennis Henneke, PE, GEH<br />
Co-chair Europe Dr. Enrico Zio, Ecole Centrale Paris-Supelec, France & Politecnico<br />
di Milano, Italy<br />
Co-chair Korea Dr. Joon-Eon Yang, KAERI (Korea)<br />
Co-chair Japan Kohei (Kevin) Hisamochi, Hitachi GE Nuclear Energy (Japan)<br />
Finance Dr. Theron Marshall, GEH<br />
Publications<br />
Hotel & Exhibits<br />
Dr. Kurshad Muftuoglu, GEH<br />
Dr. Karen Ellison, GEH<br />
Apostolakis<br />
Registration Matthew Warner, GEH<br />
Student Coordinators Ms. Lisa Marshall, NC State <strong>and</strong> Dr. John Bennion, GEH<br />
Tours <strong>and</strong> Special Events: Tyler Schweitzer, Glen Seeman, <strong>and</strong> R<strong>and</strong>y Morrill, WLS<br />
ANS Local Section Coordinator Jose Caro <strong>and</strong> Jim Fawks, Wilmington Area Local Section of ANS (WLS)<br />
Web site Bulent Alpay, GEH<br />
Web Site, <strong>Online</strong> Software Hanna Shapira, Techno-Info Comprehensive Solutions (TICSs), Oak Ridge, TN<br />
Grantom P. Ellison Henneke Zio Yang<br />
Hisamochi T. Marshall Muftuoglu K. Ellison Warner<br />
L. Marshall Schweitzer Seeman Morrill Shapira<br />
7
8<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wilmington, NC March 13-17, 2011<br />
Technical Program Committee<br />
Technical Program Chairs<br />
General Dennis Henneke, GE Hitachi Nuclear Energy<br />
Co Chair Europe Dr. Enrico Zio, Ecole Centrale Paris-Supelec, France & Politecnico di Milano, Italy<br />
Co Chair Korea Dr. Joon-Eon Yang, KAERI<br />
Co Chair Japan Kohei (Kevin) Hisamochi, Hitachi GE Nuclear Energy Craig Smith, NPS<br />
Steering Committee<br />
Dr. Robert Budnitz Lawrence Berkley National Laboratory<br />
Dr. Charles Martin Defense Nuclear Facilities Safeguards Board<br />
Dr. Kevin O’Kula URS Safety Management Solutions, LLC<br />
Dr. Ian Wall Consultant<br />
Technical Program Committee Members<br />
Ana Gomez-Cobo, NII (UK)<br />
Andrea Maioli, Westinghouse<br />
Artur Lyubarskiy, IAEA<br />
Barbara Baron, Westinghouse<br />
Bill Burchill, Consultant (Past President ANS)<br />
Bulent Alpay, GE Hitachi Nuclear Energy<br />
Chang-Ju Lee, KINS (Korea)<br />
Dana Kelly, Idaho National Laboratory<br />
Dave Miskiewicz, Progress Energy<br />
David Finnicum, Westinghouse<br />
David Johnson, ABS Consulting<br />
Derek Muliin, NB Power (Canada)<br />
Dominique Vasseur, EDF (France)<br />
Dragan Komljenovic, Hydro-Quebec, Nuclear Generating<br />
Station Gentilly-2 (Canada)<br />
Elmira Popova, University of Texas at Austin<br />
Enrique Lopez Droguett, Universidade Federal de Pernambuco<br />
(Brazil)<br />
Eric Jorgenson, Maracor<br />
Francesco Cadini, Politecnico di Milano (Italy)<br />
Francisco Mackay, (Chile)<br />
Gareth Parry, Consultant/Retired<br />
Gerry Kindred, Scientech<br />
Gopika Vidod, BARC, Trombay (India)<br />
Greg Krueger, Exelon<br />
Gunnar Johanson, ES-Konsult (Sweden)<br />
Hitoshi Muta, Japan Nuclear Energy Safety Organization<br />
Igor Bodnar, Argonne National Laboratory<br />
James Reeves, Global Nuclear Fuels<br />
Jan Vanerp, Argonne National Laboratory<br />
Jeff LaChance, S<strong>and</strong>ia National Laboratory<br />
Jerry Phillips, Idaho National Laboratory<br />
Jim Chapman, Scientech<br />
Jim Young, GE Hitachi Nuclear Energy<br />
John Andrews, University of Nottingham<br />
Jonathan Li, GE Hitachi Nuclear Energy<br />
Jonathan Rohner, Global Nuclear Fuels<br />
Ken Canavan, Electric Power Research Institute<br />
Kevin O’Kula, URS Corporation, LLC<br />
Lemmer Lusse, PBMR (South Africa)<br />
Luca Podofillini, Paul Scherrer Institute (Switzerl<strong>and</strong>)<br />
Mariano J. Fiol, Iberdrola (Spain)<br />
Marina Röwekamp, GRS (Germany)<br />
Marty Sattison, Idaho National Laboratory<br />
Matt Warner, GE Hitachi Nuclear Energy<br />
Michael Golay, MIT<br />
Mike Snodderly, US NRC<br />
Mohammad Pourgol-Mohammad, FM Global<br />
Moosung Jae, Hanyang University (Korea)<br />
Nathan Siu, US NRC<br />
Oleg Kocharyants, Zaporozhye Nuclear Power Plant<br />
(Ukraine)<br />
Pamela Nelson, UNAM (Mexico)<br />
Parviz Moieni, Southern California Edison<br />
Piero Baraldi, Politecnico di Milano (Italy)<br />
Pierre-Etienne Labeau, Universite’ Libre de Bruxelles<br />
(Belgium)<br />
Ranbir Parmar, NSS Limited (Canada)<br />
Raymond Gallucci, US NRC<br />
See Meng Wong, US NRC<br />
Shahen Poghosyan, NRSC (Armenia)<br />
Stanley Levinson, AREVA NP<br />
Steve Nowlen, S<strong>and</strong>ia National Laboratory<br />
Stuart Lewis, Electric Power Research Institute<br />
Terje Aven, University of Stavanger (Norway)<br />
Tim Wheeler, S<strong>and</strong>ia National Laboratory<br />
Todd Paulos, Alejo Engineering<br />
Tom Morgan, Maracor<br />
Tsu-Mu Kao, INER (Taiwan)<br />
Vesna Dimitrijevic, AREVA NP<br />
Vesselina Ranguelova, Joint Research Centre, European<br />
Commission (Netherl<strong>and</strong>s)<br />
Vincent Ho, MTR (Hong Kong)<br />
Wolfgang Kroger, ETH Zurich (Switzerl<strong>and</strong>)<br />
Woo Sik Jung, KAERI (Korea)<br />
Yol<strong>and</strong>a Akl, Canadian Nuclear Safety Commission<br />
(Canada)<br />
Young In, Maracor<br />
Yukihiro Kirimoto, CRIEPI
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
March 13-17, 2011<br />
General Information<br />
Registration<br />
Registration is required for all attendees <strong>and</strong> presenters.<br />
Badges are required for admission to all events.<br />
Full Conference Registration Fee includes: Technical sessions,<br />
continental breakfast, morning & afternoon breaks<br />
(Mon. through Thu.), <strong>and</strong> proceedings’ CD. Special events<br />
included are Sun. night reception (heavy hors d’oeuvres),<br />
Mon. afternoon reception, Tuesday night banquet, Wednesday<br />
Student Awards Lunch <strong>and</strong> Wednesday night Social.<br />
1D Registration Fee includes: Continental breakfast, morning<br />
& afternoon breaks, proceedings’ CD, <strong>and</strong> the evening event<br />
for that day (based on availability).<br />
Student Registration Fee includes: All technical sessions,<br />
continental breakfast, morning & afternoon breaks (Mon.<br />
through Thu.), Proceedings’ CD, the Wednesday Student<br />
Awards Lunch, <strong>and</strong> the Wednesday night Social.<br />
Retiree Registration Fee includes: Same as student plus<br />
Sunday night reception.<br />
Guest Registration Fee includes: Hospitality suite for all days,<br />
the Sunday night reception <strong>and</strong> Wed. night Social. Registration<br />
for additional guest events <strong>and</strong> the Tuesday night banquet<br />
is optional.<br />
Conference Proceedings<br />
Conference Proceedings, in CD-ROM format, are included<br />
with the program book. Please check the vinyl pocket inside<br />
the back cover of the program book.<br />
Meeting Registration Desk<br />
Next to the Gr<strong>and</strong> Ballroom<br />
Sunday 2:00 PM – 6:00 PM<br />
Monday 7:00 AM – 4:00 PM<br />
Tuesday 7:00 AM – 4:00 PM<br />
Wednesday 7:00 AM – 4:00 PM<br />
Thursday 7:00 AM – Noon<br />
Guidelines for Speakers<br />
There will be six parallel sessions. Each presentation will<br />
last 15 minutes, followed by a five minutes for questions.<br />
The remaining time in the session will be used for further<br />
discussion on the topic. In order to allow conference participants<br />
to attend the presentation of papers in different sessions<br />
in a timely manner, we, as organizers, will request the<br />
chairpersons to comply with the time schedule rigorously.<br />
In view of the given time constraints, please make sure that<br />
your presentation fits within the prescribed 20-minute limit<br />
leaving adequate time for questions from the audience.<br />
The conference rooms will be equipped with a laptop<br />
computer, an LCD projector, <strong>and</strong> a microphone. Microsoft<br />
Windows XP, MS Office (PowerPoint) 2010, <strong>and</strong> the latest<br />
Adobe Acrobat Reader (PDF reader) will be installed on the<br />
computers. Presenters using the provided computer are<br />
expected to preload their presentation slides in the computer<br />
at the beginning of the respective session.<br />
All presenters are to report to the Session Chair at the assigned<br />
room 10 minutes before the start of the session. On<br />
the day of your presentation, you may load <strong>and</strong> test your<br />
presentation slides on the computer at the assigned room<br />
during the tea/coffee/lunch break before the session.<br />
It is highly encouraged to test the presentation (especially<br />
if you have animation) at the lobby area where two computers<br />
with the same settings as that in the session room will<br />
be provided.<br />
We highly recommend that you create a PDF version of the<br />
presentation so that you can switch to the PDF in case of a<br />
problem with the PowerPoint.<br />
A microphone will be used for the presentation, please<br />
make sure that you keep close to the microphone during<br />
your talk.<br />
When developing your presentation slides <strong>and</strong> material,<br />
please keep in mind the diversity of the audience at PSA<br />
2011. Many of the attendees are new to PSA, <strong>and</strong> almost<br />
half of the attendees are non-US. We recommend two<br />
simple guidelines you keep in mind: 1) Try to include 2-3 introduction<br />
slides, which provide background on the subject<br />
area. This might be as simple as “What is Proliferation Risk<br />
Assessment?” or “How is Fire Modeling use in a Fire PRA,”<br />
or however you can easily introduce your subject area;<br />
<strong>and</strong> 2) Spell out all acronyms <strong>and</strong> abbreviations. You may<br />
know what an SRP from the NRC is, but half the audience<br />
will likely not. Keeping the diversity of the audience in mind<br />
when developing your presentation will help communicate<br />
your presentation material to the largest audience.<br />
9
10<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
March 13-17, 2011<br />
Things to do in Wilmington<br />
From the Hilton, take a walk on the River Walk along the Cape Fear River, take a ride on a Cape Fear Riverboat or catch<br />
the free downtown trolley. Other attractions include:<br />
Cape Fear Museum of History <strong>and</strong> Science<br />
814 Market Street<br />
Featured Exhibits include Photography in Focus <strong>and</strong> Going<br />
to the Movies<br />
www.capefearmuseum.com<br />
Battleship North Carolina<br />
#1 Battleship Rd<br />
Moored in quiet dignity <strong>and</strong> majesty the Battleship NORTH<br />
CAROLINA, across the river from downtown Wilmington,<br />
beckons visitors to walk her decks. Envision the daily life<br />
<strong>and</strong> fierce combat her crew faced in the Pacific Theatre<br />
during World War II.<br />
http://www.battleshipnc.com/<br />
Airlie Gardens<br />
Established in 1901, Airlie Gardens is a valuable cultural<br />
<strong>and</strong> ecological component of New Hanover County <strong>and</strong><br />
North Carolina history. After celebrating more than a<br />
century of gardens by the sea, Airlie continues to amaze<br />
visitors with its breathtaking combination of formal gardens,<br />
wildlife, historic structures, walking trails, sculptures, views<br />
of Bradley Creek, 10-acres of freshwater lakes, <strong>and</strong> the<br />
gr<strong>and</strong>eur of the 462-year-old Airlie Oak. The Gardens are<br />
known for a collection of over 100,000 azaleas <strong>and</strong> countless<br />
camellia cultivars, which bloom throughout the winter<br />
<strong>and</strong> early spring.<br />
http://www.airliegardens.org/<br />
Bellamy Mansion<br />
The Bellamy Mansion is one of North Carolina’s most spectacular<br />
examples of antebellum architecture built on the<br />
eve of the Civil War by free <strong>and</strong> enslaved black artisans,<br />
for John Dillard Bellamy (1817-1896) physician, planter<br />
<strong>and</strong> business leader; <strong>and</strong> his wife, Eliza McIlhenny Harriss<br />
(1821-1907) <strong>and</strong> their nine children. After the fall of Fort<br />
Fisher in 1865, Federal troops comm<strong>and</strong>eered the house<br />
as their headquarters during the occupation of Wilmington.<br />
Now the house is a museum that focuses on history <strong>and</strong><br />
the design arts <strong>and</strong> offers tours, changing exhibitions <strong>and</strong><br />
an informative look at historic preservation in action.<br />
http://www.bellamymansion.org/<br />
Greenfield Park <strong>and</strong> Gardens<br />
The park is located on Burnett Boulevard off South 3rd<br />
Street. A 5-mile scenic drive surrounds the 250-acre city<br />
park with lake, 20-acres of gardens, nature trail <strong>and</strong> a walking/biking<br />
trail looped through dense cypress swamp. Skate<br />
park, canoe <strong>and</strong> paddleboat rentals.<br />
http://www.wilmingtonnc.gov/community_services/parks_<br />
l<strong>and</strong>scaping/parks/city_parks.aspx<br />
North Carolina Aquarium at Fort Fisher<br />
900 Loggerhead Road, Kure Beach<br />
www.ncaquariums.com/fort-fisher<br />
Ghost Walk of Old Wilmington<br />
Riverfront at Market & Water Streets<br />
Join locally renowned actors <strong>and</strong> ghost hunters on a journey<br />
into the depths of Old Wilmington.<br />
www.hauntedwilmington.com<br />
Cameron Art Museum<br />
3201 S. 17th Street<br />
Museum committed to arts education, <strong>and</strong> presents exhibitions<br />
<strong>and</strong> public programs of both historical <strong>and</strong> contemporary<br />
significance.<br />
www.cameronartmuseum.com<br />
Nearby beaches include:<br />
Wrightsville (12 miles away)<br />
A clean, uncluttered stretch of white s<strong>and</strong> <strong>and</strong> sparkling<br />
water just begs for swimming, sunbathing, beachcombing,<br />
<strong>and</strong> fishing. The athletic at heart can take on the Loop, a<br />
fitness trail that circles the inner isl<strong>and</strong>. Bargain hunters<br />
gravitate to the beachside stores <strong>and</strong> distinctive, welcoming<br />
shopping village. Boaters launch from full-service marinas,<br />
<strong>and</strong> history buffs soak up the local museum <strong>and</strong> narrated<br />
scenic cruises along the Intracoastal Waterway that offer<br />
a glimpse into the isl<strong>and</strong>’s past. And clustered around<br />
the bridge are some of the finest seafood restaurants on<br />
the coast, along with vibrant nightspots. It’s all enough to<br />
make visitors feel as if Wrightsville is still their own private<br />
getaway isl<strong>and</strong>.<br />
http://www.visitwrightsville.com/<br />
Carolina Beach (16 miles away)<br />
It’s all here: the fishing piers filled with kids <strong>and</strong> old-timers<br />
alike angling for their first big one. The boardwalk, perfect<br />
for evening strolls <strong>and</strong> ice cream cones. The arcades, as<br />
challenging <strong>and</strong> addictive as when you were a teenager.<br />
The gazebo, paddleboats <strong>and</strong> miniature golf. And of course<br />
the clean, uncrowded ribbon of beach by the warm ocean<br />
waters.<br />
In addition to its nostalgic charm, Carolina Beach also<br />
boasts an active charter boat basin – home to offshore<br />
fishing excursions <strong>and</strong> nightly party cruises – a state park<br />
full of coastal vegetation (think Venus Flytrap!), fine locally<br />
owned restaurants, <strong>and</strong> shopping for everything from sunglasses<br />
to surfboards to area souvenirs.<br />
http://www.carolinabeachgetaway.com/<br />
Cotton Exchange<br />
321 N Front Street
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
March 13-17, 2011<br />
Things to do in Wilmington - continued<br />
Nearby Restaurants *Open for Lunch<br />
Circa 1922<br />
8 North Front Street<br />
Southern, International Cuisine<br />
www.circa1922.com<br />
Caffe Phoenix*<br />
35 North Front Street<br />
Fresh, innovative cuisine in a comfortable bistro style atmosphere<br />
www.caffephoenix.com<br />
Deluxe-Casual Upscale Dining<br />
114 Market Street<br />
New American style dinners, with the largest selection of<br />
fine wines in the region, <strong>and</strong> one of Wilmington’s superior<br />
brunches.<br />
www.deluxenc.com<br />
George On the Riverwalk<br />
128 South Water Street<br />
American, Pasta, Seafood, Southern, Steak Cuisine<br />
Elijah’s Restaurant*<br />
2 Ann Street<br />
Casual American Grill <strong>and</strong> Oyster Bar on the Cape Fear<br />
River<br />
www.Elijahs.com<br />
Pilot House Restaurant<br />
2 Ann Street<br />
Innovation in Southern Cuisine<br />
www.pilothouserest.com<br />
Front Street Brewery*<br />
9 North Front Street<br />
The only microbrew pub in Southeastern North Carolina<br />
serving 9 h<strong>and</strong>crafted beers on tap <strong>and</strong> delicious food for<br />
the entire family.<br />
www.frontstreetbrewery.com<br />
Eat Spot*<br />
34 North Front Street<br />
Great selection of good food <strong>and</strong> great service.<br />
Slice of Life<br />
122 Market Street<br />
Pizza <strong>and</strong> casual Italian Food<br />
Fat Tony’s<br />
131 N. Front Street<br />
Casual American Food<br />
25 Unique Shops <strong>and</strong> 4 Distinct Restaurants<br />
(German Café*, Paddy’s Hollow*, The Basics* <strong>and</strong> The<br />
Scoop Ice Cream <strong>and</strong> Café*) directly across from the Hilton<br />
www.shopcottonexchange.com<br />
Nearby Golf Courses<br />
(average March high temp 66°F/19°C)<br />
Echo Farms Golf & Country Club<br />
4114 Echo Farms Boulevard<br />
www.echofarmsnc.com<br />
Wilmington City Golf Course<br />
311 South Wallace Avenue<br />
Donald Ross designed<br />
www.wilmington.nc.us<br />
Cape Fear National<br />
1281 Cape Fear National Drive<br />
Lel<strong>and</strong>, NC<br />
www.capefearnational.com<br />
Magnolia Greens<br />
1800 Linkwood Dr<br />
Lel<strong>and</strong>, NC<br />
www.manoliagreensgolf.com<br />
Carolina National<br />
1643 Goley Hewett Road Southeast<br />
Bolivia, NC<br />
www.carolinanationalgolf.com<br />
Farmstead Golf Links<br />
541 McLamb Rd NW<br />
Calabash, NC<br />
www.farmsteadgolflinks.com<br />
11
12<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
March 13-17, 2011<br />
Meeting Rooms
Ed Halpin - CEO STPNOC<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Monday March 14, 2011 - 8:00 AM - Gr<strong>and</strong> Ballroom<br />
Plenary Session I<br />
Edward D. Halpin is President <strong>and</strong> Chief Executive Officer for the South Texas Project (STP)<br />
Nuclear Operating Company. In this role, he is responsible for the overall strategic direction<br />
of the company. Halpin also serves as the companyʼs Chief Nuclear Officer, responsible for<br />
the safe <strong>and</strong> reliable operation of Units 1 & 2 as well as the oversight of licensing <strong>and</strong> construction<br />
for Units 3 & 4. Upon completion of new construction, he will be responsible for the<br />
overall operation of one the nationʼs largest commercial nuclear facilities – STP Units 1-4. In<br />
his 22 years with the company, Halpin has advanced through positions of increasing responsibility<br />
<strong>and</strong> leadership, including site vice president, vice president of oversight, vice president<br />
<strong>and</strong> assistant to the CEO, plant general manager, operations manager, maintenance manager,<br />
systems engineering manager <strong>and</strong> design manager. He joined STP in 1988 as a start up<br />
engineer in the initial commercial operations of Unit 1 <strong>and</strong> the completion of Unit 2. His role<br />
as system certification recovery manager in the 1993 NRC diagnostic evaluation was instrumental<br />
in moving STP in the direction of operational excellence. He also played a key role in<br />
developing <strong>and</strong> sustaining the companyʼs strong collaborative culture, which has been critical<br />
to STPʼs transition to excellence.<br />
Halpin served as an officer in the U.S. Navyʼs Nuclear Power Submarine Service.<br />
In 1983, Halpin graduated with honors from the U.S. Naval Academy earning a Bachelor of Science in Ocean Engineering.<br />
In 2002, he graduated as valedictorian with a masterʼs degree in Strategic Communication <strong>and</strong> Leadership from<br />
Seton Hall University. He also recently earned a masterʼs degree in Human Development from Fielding Graduate University<br />
(2010).<br />
Additionally, Halpin has a Senior Reactor Operator Certification <strong>and</strong> is a graduate of the Institute of Nuclear Power<br />
Operationsʼ Senior Nuclear Plant Management course, <strong>and</strong> the Senior Nuclear Executives Seminar.<br />
Current & Past Memberships<br />
• NEI Board of Directors<br />
• Executive Advisory Group Institute of Nuclear Power Operations<br />
• Community Incident Response Executive Advisory Committee (Nuclear Energy Institute)<br />
• Communications Advisory Committee (Institute of Nuclear Power Operations)<br />
• Nuclear Safety Review board for Callaway<br />
• Council of the National Academy for Nuclear Training<br />
• Westinghouse Customer First Advisory Board<br />
• Brazosport Community College Foundation Board<br />
Honors & Awards<br />
• Valedictorian, Seton Hall University<br />
• Engineering Honor Society United States Naval Academy (USNA)<br />
• Phi Kappa Phi Honor Society (USNA)<br />
• National Collegiate Boxing Association All-American (1983)<br />
• Numerous awards <strong>and</strong> recognition as a submarine officer<br />
Certifications<br />
• Certified <strong>and</strong> active instructor for Crucial Conversations & Facilitative Leadership<br />
13
14<br />
Session Chair: Carol Smidts<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Monday March 14, 2011 - 10:00 AM - Azalea<br />
10:00 AM<br />
Modeling the Impact of Digital System Failure Into Probabilistic<br />
Safety Assessment<br />
Gopika Vinod, Santosh, V. V. S. Sanyasi Rao, K. K. Vaze <strong>and</strong> A. K. Ghosh<br />
Bhabha Atomic Research Centre, Trombay, Mumbai<br />
Nuclear power plants (NPPs) traditionally relied upon analog instrumentation <strong>and</strong><br />
control (I&C) systems for monitoring, control, <strong>and</strong> protection functions. With a shift in<br />
technology from analog systems to digital systems with their functional advantages,<br />
plants have begun such replacement, while new plant designs fully incorporate digital<br />
I&C systems. However, digital systems have some unique characteristics, such as<br />
using software, <strong>and</strong> may have different failure causes <strong>and</strong>/or modes than the analog<br />
systems; hence, their incorporation into NPP probabilistic safety assessments (PSA)<br />
entails special challenges. This paper highlights our recent work in incorporating contribution<br />
of software in digital I&C reliability analysis.<br />
10:25 AM<br />
Critical Digital Review Procedure Proposal <strong>and</strong> Its Preliminary<br />
Experience<br />
Hui-Wen Huang, Tsu-Mu Kao <strong>and</strong> Ming-Huei Chen<br />
Institute of Nuclear Energy Research (INER), Taiwan (R.O.C.)<br />
This paper describes the critical digital review (CDR) procedure, which was developed<br />
by Institute of Nuclear Energy Research (INER), <strong>and</strong> sponsored by Taiwan Power<br />
Company (TPC). A preliminary CDR application experience which was performed<br />
by INER, is also described in this paper. Currently, CDR becomes one of the policies<br />
for digital Instrumentation <strong>and</strong> Control (I&C) system replacement in TPC. The<br />
contents of this CDR procedure include: Scope, Responsibility, Operation Procedure,<br />
Operation Flow Chart, CDR review items. The “CDR Review Items” chapter proposes<br />
optional review items, including the comparison of the design change, Software Verification<br />
<strong>and</strong> Validation (SV&V), Failure Mode <strong>and</strong> Effects Analysis (FMEA), Evaluation<br />
of Watchdog Timer, Evaluation of Electromagnetic Compatibility (EMC), Evaluation<br />
of Grounding for System/Component, Seismic Evaluation, HFE Evaluation, Witness<br />
<strong>and</strong> Inspection, Lessons Learnt from the Digital I&C Failure Events. Since CDR has<br />
become a TPC policy, Chin Shan Nuclear Power Plant (NPP) performed the CDR<br />
practice of Automatic Voltage Regulator (AVR) digital I&C replacement, even though<br />
the project had been on the half way. The major review items of this CDR were: the<br />
comparison of the design change, SV&V, FMEA, Evaluation of Watchdog Timer,<br />
Evaluation of Electromagnetic Compatibility (EMC), Evaluation of Grounding for System/<br />
Component, Witness <strong>and</strong> Inspection, Lessons Learnt from the Digital I&C Failure<br />
Events. The experience of the CDR showed the importance of preparation of the<br />
documents by the vendor. This means the communication with the vendors for the bid<br />
preparation is crucial.<br />
Digital I&C in PSA 1<br />
10:50 AM<br />
Estimating Failure Probabilities in High Reliability Digital Systems<br />
Dave Blanchard (a), Thuy Nguyen (b), <strong>and</strong> Ray Torok (c)<br />
a) Applied Reliability Engineering, Inc. San Francisco, California, b) EdF R&D, Chatou, France, <strong>and</strong> c)<br />
EPRI, Palo Alto, California<br />
Among the debates regarding the modeling of digital safety systems <strong>and</strong> their components<br />
in PRA is what sources of data are appropriate for use in quantification of the<br />
models. Chief among the differences with the hardware commonly included in PRA<br />
is that digital equipment is systematic in nature rather than probabilistic (that is they<br />
fail deterministically <strong>and</strong> are not subject to wear out or r<strong>and</strong>om failures). In addition,<br />
the available operating experience on which to base failure probabilities is scarce,<br />
particularly in the US where the installation of digital safety systems in nuclear power<br />
plants has been limited.<br />
In this paper, an overview of the various failure mechanisms that may affect elements<br />
making up a typical digital safety system is presented. The failure mechanisms which<br />
are concluded to dominate the reliability of the system are identified <strong>and</strong> design features<br />
<strong>and</strong> defensive measures which result in these being dominant are discussed.<br />
Given the dominant failure mechanisms, quantitative techniques currently available<br />
to develop failure probabilities for digital I&C failure modes modeled in PRA are discussed.<br />
Also discussed are possible common-cause factors that may affect multiple<br />
divisions of digital I&C. Both the failure probabilities <strong>and</strong> common-cause factors are<br />
developed considering the defensive measures that are used in the design of the<br />
digital system.
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Monday March 14, 2011 - 10:00 AM - Camelia/Dogwood<br />
Next Generation Reactor PSA - 1<br />
Session Chair: Donald Helton<br />
10:00 AM<br />
A look at the ABWR Design from a PRA Prospective<br />
Calin Eftimie, Jyh-Tsair Hwu, <strong>and</strong> Dennis Henneke<br />
GE Hitachi<br />
The Advanced Boiling Water Reactor (ABWR) is a Generation III reactor designed<br />
by GE Hitachi Nuclear Energy (GEH) <strong>and</strong> certified by the NRC in 1997. The ABWR<br />
design includes improved features compared to previous GE designs, e.g., a more<br />
balanced ECCS consisting of three high-pressure systems <strong>and</strong> three low-pressure<br />
systems, a diverse instrumentation <strong>and</strong> control system, reactor internal pumps for<br />
recirculation, <strong>and</strong> a new containment design. The ABWR certification submittal included<br />
a Probabilistic Risk Assessment (PRA) that demonstrated the exceptionally high<br />
safety of the design. The certified ABWR design was implemented by GEH for the<br />
first time at Lungmen, units 1 <strong>and</strong> 2, in Taiwan. An updated, more detailed, PRA was<br />
prepared for the Lungmen Final Safety Analysis Report (FSAR). This PRA includes<br />
additional detail that emerged during the detailed design phase of the project, <strong>and</strong> was<br />
updated to satisfy the latest PRA st<strong>and</strong>ards. At the same time, the PRA was used as<br />
a tool for making detailed design decisions. This paper will present the advantages,<br />
from a PRA point of view, of the ABWR design, as implemented at Lungmen, as well<br />
as explain some of the challenges encountered when developing the PRA in parallel<br />
with the design. Additional supporting analyses based on the PRA will also be summarized.<br />
(Presentation only)<br />
10:25 AM<br />
Modifying the Risk-Informed Regulatory Guidance for New<br />
Reactors<br />
CJ Fong <strong>and</strong> Donald A. Dube<br />
US Nuclear Regulatory Commission, Rockville, MD<br />
Since the U.S. Nuclear Regulatory Commission (NRC) published its probabilistic risk<br />
assessment (PRA) policy statement in 1995, the NRC staff has developed or endorsed<br />
many guidance documents to support risk-informed changes to the licensing basis<br />
<strong>and</strong> the Reactor Oversight Process (ROP). In September, 2010, the staff requested<br />
Commission approval of the staff’s recommendation to modify the risk-informed regulatory<br />
guidance to (1) recognize the lower risk profiles of new, large light-water reactors<br />
(LWRs) <strong>and</strong> (2) prevent a significant decrease in the enhanced levels of safety<br />
provided by these new reactors. With the implementation of an enhanced level of<br />
severe-accident prevention <strong>and</strong> mitigation design capability being confirmed through<br />
the review of applications for design certification for new LWRs, the staff is identifying<br />
potential issues that may arise with the transition to operations <strong>and</strong> the use of the existing<br />
risk-informed framework. Although Regulatory Guide (RG) 1.174 <strong>and</strong> the current<br />
ROP have no specific provisions precluding their application to new reactor designs,<br />
the NRC experience with implementing both RG 1.174 <strong>and</strong> the ROP has only involved<br />
currently operating plants. As discussed in a 2009 white paper, the staff identified a<br />
number of potential issues posed by the lower risk estimates of new reactors using the<br />
current risk informed guidance that could potentially allow for a significant erosion of<br />
the enhanced safety of new reactors as originally licensed. As a result, the staff is considering<br />
whether changes to RG 1.174 <strong>and</strong> the ROP are needed in light of the differing<br />
risk profiles <strong>and</strong> the 10 CFR Part 52 process (e.g., design certification rulemaking on<br />
enhanced severe-accident features per Section VIII.B.5 of appendices for each certified<br />
design). A number of industry representatives have expressed interest in pursuing<br />
risk-managed technical specifications <strong>and</strong> risk-informed inservice inspection of piping<br />
for new reactors, <strong>and</strong> the staff expects additional risk-informed applications for new<br />
reactors in the future.<br />
10:50 AM<br />
IRSN Review of EPR Level 1 PSA<br />
G. Georgescu <strong>and</strong> F. Corenwinder<br />
Institute for Radiological Protection <strong>and</strong> Nuclear Safety, Fontenay-aux-Roses, France<br />
The PSA was used for early design verification of EPR Reactor, several design improvement<br />
being defined based on these PSA insights <strong>and</strong> following the discussions<br />
with the French <strong>and</strong> German safety authorities. Now, in the frame of the construction<br />
<strong>and</strong> licensing of Flamanville 3 NPP the PSA is playing an important role for the EPR<br />
Project assessment. There are many uses of PSA in this context. PSA is used firstly<br />
for the verification of the plant safety level, since the “Technical Guidelines” for EPR require<br />
that the probabilistic approach should be used in order to show the achievement<br />
of a significant reduction of the global core melt frequency comparing with the existing<br />
NPPs. The PSA is used to support the demonstration of “practical elimination” of the<br />
large early releases, equally requested by the “Technical Guidelines”. The PSA is also<br />
involved in the verification of the completeness of the deterministic multiple failures<br />
situation (Risk Reduction Categories) features. IRSN, as the French Safety Authority<br />
(ASN) technical support organization, performs the review of the PSA developed by<br />
the plant operator (EDF). The paper presents the main issues regarding the using of<br />
“design PSA”, identified by IRSN following the review of the internal events Level 1<br />
PSA transmitted by EDF in the frame of the anticipated instruction of the application<br />
for operating license of the Flamanville 3 reactor.<br />
11:15 AM<br />
PSA Insights of the New Nuclear Power Plants<br />
Andrija Volkanovski<br />
Reactor Engineering Division, Jožef Stefan Institute, Ljubljana, Slovenia<br />
Four designs of generation III+ pressurized water reactors were analyzed in the framework<br />
of the project entitled “Safety characteristics of potential reactors for JEK 2”. The<br />
project was done at the Reactor Engineering Division of the Jožef Stefan Institute for<br />
the Slovenian utility. The analyzed designs selected as potential designs for construction<br />
of the second unit at the Krško Nuclear Power Plant are: Westinghouse AP1000,<br />
AREVA EPR, Mitsubishi APWR <strong>and</strong> ATMEA1 from AREVA <strong>and</strong> Mitsubishi.<br />
The goal of the project was identification <strong>and</strong> description of the safety characteristics of<br />
analyzed reactor designs. The identification of safety characteristics was based on description<br />
of the structures, systems, components <strong>and</strong> their integral performance given<br />
in the design documentation of the vendors. The identification was supported by the<br />
review of the safety analyses including the Probabilistic Safety Assessment (PSA) organized<br />
according to the classifications of the U.S. Nuclear Regulatory Commission.<br />
The paper presents results of the review of the PSA section of the Final Safety Analysis<br />
Report of the corresponding designs. The obtained results include identification<br />
<strong>and</strong> description of the usage of PSA in design phase for the decrease of the risk<br />
measures <strong>and</strong> elimination of the significant risk contributors. The obtained results for<br />
the risk indices, namely the core damage frequency <strong>and</strong> large release frequency are<br />
identified <strong>and</strong> compared against each other <strong>and</strong> against requirements of the regulator.<br />
The comparison with the currently operating nuclear power plants is done <strong>and</strong> the<br />
major contributors to the decrease of the risk indices are identified.<br />
15
16<br />
Session Chair: Michael Golay<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Monday March 14, 2011 - 10:00 AM - Magnolia<br />
10:00 AM<br />
Reducing the Risk of Turbine Missiles in a Nuclear Power<br />
Plant<br />
Alex<strong>and</strong>er Knoll<br />
Consultant, Wyomissing, PA, USA<br />
The presentation will identify the risk contributors to turbine missiles <strong>and</strong> other turbine<br />
blade failures. It will provide tangible recommendations to reduce the risk of turbine<br />
missiles <strong>and</strong> other turbine blade failures.<br />
Turbine missiles are very expensive to repair <strong>and</strong> might have impact on safety risks,<br />
because: They are almost always accompanied by fire (Both Combustibles & Ignition<br />
sources are in the impact area), Vital electrical supplies are close in the turbine<br />
building area (offsite lines, 4KV vital buses), The Control Rooms might be close to the<br />
impacted area (plant specific location <strong>and</strong> orientation of the turbine-generator).<br />
Turbine missiles have impact on financial risks: Hundreds of Millions in Repairs (<strong>and</strong><br />
no on-the-shelf components), Hundreds of Millions in Generation Losses (up to two<br />
years of forced outage).<br />
A generic Turbine Generator layout in a power plant will be presented, including the<br />
Control Room between twin units. The layout will show the High pressure turbine,<br />
three stages of Low Pressure turbines <strong>and</strong> the generator, which are all on the same<br />
shaft. The Failure Modes <strong>and</strong> Effects that could lead to turbine damage or missiles will<br />
be clarified, including: What turbine components may fail, Blade failures that required<br />
removal of damaged blades <strong>and</strong> rebalancing turbine for short term runs, What Human<br />
errors may induce failures, during operation (operator errors), or - during (engineering<br />
design), or - during oversight (QA <strong>and</strong> administration), What is the contribution of the<br />
Protective System (automatic or manual).<br />
The turbine missile events at Salem-2 (November 1991) <strong>and</strong> DC Cook-1 -(Sept. 2008)<br />
will be described. Temporary modifications of degraded blades in aging turbines will<br />
be provided. Based on the Risk Assessment, recommendations will be provided how<br />
to reduce the risk of turbine missiles. (Presentation only)<br />
10:25 AM<br />
Treatment of the Loss of Heat Sink initiating events in the<br />
IRSN PSA<br />
F. Corenwinder<br />
Institute for Radiological Protection <strong>and</strong> Nuclear Safety, Fontenay-aux-Roses, France<br />
Loss of ultimate heat sink is an initiating event which, even it is mainly of external<br />
origin, is considered in the frame of internal events Level 1 PSA by IRSN. Moreover,<br />
according to the French PSA fundamental safety rule this kind of initiators should be<br />
considered by the plant operator in the frame of the “Reference PSA”. Nevertheless,<br />
the modelling of this initiating event is not always easy <strong>and</strong> the associated uncertainties<br />
are still quite important. The occurrence frequency, the restoration time, the<br />
impact on more than one plant, the impact on the emergency organisation, etc. are<br />
some of the aspects, for which, today there is not a full consensus between different<br />
PSA teams (IRSN, EDF). Recently, two events of loss of heat sink occurred in France<br />
(Cruas <strong>and</strong> Fessenheim). This recent operating experience should be fully used in<br />
order to ameliorate the modelling of the loss of heat sink initiating event in the PSA.<br />
The paper presents the methods used today by IRSN to model the loss of heat sink<br />
initiating event <strong>and</strong> the historical perspective. The two events will be shortly presents<br />
as well as the foreseen evolution of the PSA methods <strong>and</strong> models to best incorporate<br />
the operating experience.<br />
Other External Events<br />
10:50 AM<br />
An Assessment of Large Dam Failure Frequencies Based on<br />
US Historical Data<br />
F. Ferrante, S. Sancaktar, J. Mitman, <strong>and</strong> J. Wood<br />
US Nuclear Regulatory Commission, Rockville, MD<br />
Flooding events are part of the hazard categories commonly considered in assessing<br />
the design of industrial facilities. The failure of large upstream dams is one category of<br />
flooding event that can challenge the safety of these facilities. Additionally, the failure<br />
of dams downstream of facilities that depend on external water sources for their operations<br />
could also represent a concern from a safety st<strong>and</strong>point. Generic dam failure<br />
estimates based on historical data are commonly relied on as screening values for use<br />
in design <strong>and</strong> risk assessment. This paper presents an in-depth analysis of currently<br />
available databases with information on US historical dam failure events <strong>and</strong> the dam<br />
population in order to estimate generic large dam failure rates while also addressing<br />
the challenges in deriving values supportable by historical data. Items such as completeness<br />
of data, applicability of generic values versus site-specific considerations,<br />
<strong>and</strong> screening criteria including dam types, construction vintage, <strong>and</strong> failure modes,<br />
are addressed via independent failure frequency point estimates. The work highlights<br />
the limitations of the derivation of a defensible screening value for dam failure frequency<br />
estimates.<br />
11:15 AM<br />
Application of FRANX Software to External Events<br />
Jeff Riley<br />
Electric Power Research Institute, Palo Alto, CA<br />
The EPRI FRANX software has been used for several years as a tool to assist the<br />
PRA analyst in incorporating fire related impacts <strong>and</strong> modeling attributes into existing<br />
PRA models. This simplifies the process of performing a Fire PRA <strong>and</strong> the ultimate<br />
incorporation of the fire model into a configuration risk model.<br />
Recent developments in FRANX have increased the capabilities to model numerous<br />
other spatially-dependent <strong>and</strong> scenario-dependent situations. More recent applications<br />
of the tool have included the modeling of flooding scenarios, thereby including<br />
these scenarios into the PRA in model in a structured <strong>and</strong> automated manner, avoiding<br />
laborious h<strong>and</strong> development of models.<br />
Of particular note are improvements in the tool to support seismic analysis in a highly<br />
structured manner. These seismic add-ons allow for the simple development of seismic<br />
scenarios from the hazard curve, automatic implementation of the appropriate<br />
fragility information, <strong>and</strong> integration with the full Level 1 PRA model.<br />
This paper discusses the exp<strong>and</strong>ed capabilities of the FRANX software tool, with particular<br />
emphasis on external event coverage such as flooding <strong>and</strong> seismic capabilities.
Session Chair: Eric J Jorgenson<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Monday March 14, 2011 - 10:00 AM - Salon A<br />
10:00 AM<br />
Estimating Fire-Induced DC Circuit Hot Short Duration<br />
Dennis Henneke, James Young, Jonathan Li<br />
GE Hitachi, Wilmington, NC<br />
The purpose of this paper is to interpret the results of draft test results reported in “Direct<br />
Current Electrical Shorting in Response to Exposure Fire (DESIREE-FIRE): Test<br />
Results” [1], in order to determine the factors <strong>and</strong> probabilities on Fire-Induced DC<br />
Circuit Hot Short duration with respect to time. The impact of Cable Type, Circuit Type<br />
<strong>and</strong> Fire-Damage Conditions is reviewed for potential impact on the hot short duration.<br />
The analysis presented does not include an analysis of the hot short probabilities for<br />
tested cable types, circuit types or fire-damage conditions. The analysis of the results<br />
shows that for the most part, DC Hot Shorts have a short duration, of less than 2<br />
minutes. The one exception appears to be a hot short involving thermal-plastic cable<br />
where the source temperature is near the cable damage temperature, <strong>and</strong> direct flame<br />
impact does not occur. The hot short for these damage scenarios can be much longer,<br />
averaging over 15 minutes. The analysis in this paper is considered preliminary, awaiting<br />
both the final issuance of the DESIREE-FIRE report, as well as completion of the<br />
industry review of the results through an NRC <strong>and</strong> Industry Phenomena Identification<br />
<strong>and</strong> Ranking (PIRT) expert panel, scheduled for completion in mid-2011.<br />
10:25 AM<br />
Lessons Learned From Electrical Circuit Analysis in Support<br />
of a Fire Probabilistic Risk Assessment<br />
Cyrus N. Vadoli<br />
Southern California Edison – San Onofre Nuclear Generating Station, San Clemente, CA<br />
Following the methodology presented in NUREG/CR-6850 “Fire PRA Methodology<br />
for Nuclear Power Facilities”, this paper focuses on the electrical-specific tasks completed<br />
to support the upgraded Fire Probabilistic Risk Assessment for the San Onofre<br />
Nuclear Generating Station (SONGS) Units 2 <strong>and</strong> 3. The SONGS Electrical Design<br />
Engineering team supporting the Fire PRA utilized a three-phase approach to complete<br />
these tasks. Each phase of the electrical circuit analysis is presented in this paper<br />
with a general over-view of the task <strong>and</strong> how the task was completed. In addition,<br />
a discussion of key lessons learned <strong>and</strong> strategies utilized to maximize efficiency <strong>and</strong><br />
minimize time delays is presented.<br />
Fire PSA Methods - 1<br />
10:50 AM<br />
Concurrence Probability <strong>and</strong> Duration for Fire-Induced Cable<br />
“Hot Shorts:” Alternating (AC) Vs. Direct Current (DC)<br />
Raymond H.V. Gallucci<br />
U.S. Nuclear Regulatory Commission (NRC), Washington, D.C.<br />
In 2008, the author presented the results of a probabilistic/statistical examination of<br />
cable “hot shorts” due to nuclear plant fires for alternating current (AC) circuits based<br />
on two sets of cable fire tests: (1) the Nuclear Energy Institute (NEI) <strong>and</strong> Electric<br />
Power Research Institute (EPRI) series of 18 cable fire tests in 2001; <strong>and</strong> (2) the<br />
U.S. Nuclear Regulatory Commission (NRC) complementary series of electrical performance<br />
<strong>and</strong> fire-induced failure cable tests, consisting of 78 small-scale tests <strong>and</strong> 18<br />
intermediate-scale open burn tests in 2006 (the CAble Response tO Live FIRE [CAR-<br />
OLFIRE] Program). In 2010, the NRC, in collaboration with the EPRI, as representative<br />
of the nuclear industry, completed a follow-up to CAROLFIRE by performing a<br />
“series of fire tests ... to assess cable failure modes <strong>and</strong> effects behavior for DC [direct<br />
current]-powered control circuits ... known as the Direct Current Electrical Shorting in<br />
Response to Exposure Fire (DESIREE-FIRE) test program.” As with the previous NEI/<br />
EPRI <strong>and</strong> CAROLFIRE tests, the DESIREE-FIRE tests similarly produced data on the<br />
occurrence <strong>and</strong> duration of electrical “hot shorts,” this time for DC circuits, in terms of<br />
the type of cable (thermoplastic [TP] <strong>and</strong> thermoset [TS]) <strong>and</strong> equipment supported<br />
by the circuits (both motor- <strong>and</strong> solenoid-operated valves [MOVs <strong>and</strong> SOVs]). As a<br />
follow-up to the 2008 analysis, the author presents a parallel analysis of the probability<br />
<strong>and</strong> duration for concurrence of two <strong>and</strong> three “hot shorts” for DC circuits, based on<br />
the DESIREE-FIRE results, <strong>and</strong> compares this to the previous analysis for AC “hot<br />
shorts.”<br />
11:15 AM<br />
Fire Induced Multiple Spurious Operation Review Methodology<br />
Developed for Application to Fire PRAs<br />
Gregory P. Rozga (a), <strong>and</strong> Paul D. Knoespel <strong>and</strong> John R. Olvera (b)<br />
a) MARACOR Software <strong>and</strong> Engineering, Inc., Middletown, MD, b) EPM, Inc., Risk Solutions Division,<br />
Hudson, WI<br />
Multiple spurious operations (MSOs) of equipment due to fire induced electrical shorts<br />
must be evaluated as part of the development of Fire PRA models. This paper will<br />
describe a methodology to identify <strong>and</strong> document valid MSO combinations for future<br />
inclusion into a Fire PRA by performing a systematic system-by-system review. This<br />
process has been used during development of Fire PRAs at three plants to date. The<br />
methodology employs a set of rules at the system level to determine which systems<br />
can potentially impact the plant CDF given spurious operations within the system.<br />
Once the systems are identified, piping & instrumentation drawing reviews identify<br />
single components which are susceptible to spurious operation. Identified components<br />
are evaluated to determine the impact their spurious operation has on the modeled<br />
functions of the screened-in systems. If it can be determined that the component<br />
cannot impact the modeled function under any circumstance, that component can be<br />
screened. Unscreened components are then evaluated with respect to multiple spurious<br />
operations using a component matrix to identify couplets, triplets, <strong>and</strong> further<br />
combinations if necessary. The result is the identification of non-minimal potential<br />
MSO groups. For component groups where cable location information is already available,<br />
screening can be performed to eliminate groups where cables for all components<br />
are never within the same fire area. Remaining MSO groups now undergo detailed<br />
circuit analysis, <strong>and</strong> the final MSO groups are modeled in the PRA. This systematic<br />
MSO identification process can also provide useful input to plant expert panel reviews<br />
of MSOs.<br />
17
18<br />
Session Chair: Nathan Siu<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Monday March 14, 2011 - 10:00 AM - Salon B<br />
10:00 AM<br />
Establishing a Community of Practice to Address PSA Knowledge<br />
Management Issues<br />
Donald P. Remlinger, Stacy A. Zarewczynski, <strong>and</strong> Camille T. Zozula<br />
Westinghouse Electric Company LLC, Cranberry Twp., USA<br />
The resurgence of the nuclear industry <strong>and</strong> the increased use of Probabilistic Safety<br />
Assessment (PSA) in existing plant regulatory affairs, utility operations, <strong>and</strong> new plant<br />
licensing have created opportunities to improve the reliability, cost, <strong>and</strong> safety of nuclear<br />
power plants. However, many organizations in the nuclear industry are faced<br />
with an aging workforce, resource shortages, <strong>and</strong> gaps in technical skills, specifically<br />
in PSA methodologies. Improving communication <strong>and</strong> information management combined<br />
with utilizing a global workforce are challenges to successfully addressing these<br />
issues. A knowledge-based initiative that provides these solutions is the organization<br />
of a community of PSA professionals; a PSA centered community of practice. A Community<br />
of Practice (CoP) is an effective aid for storing critical task-related knowledge,<br />
for allowing open discussions <strong>and</strong> knowledge exchanges, <strong>and</strong> for finding explanations<br />
of commonly used methods <strong>and</strong> practices. The PSA CoP within Westinghouse Electric<br />
Company, LLC consists of a network of members from different geographical locations<br />
with diverse experiences, skills, <strong>and</strong> backgrounds who work in PSA-related areas. The<br />
PSA CoP’s objectives are to share information, solve common problems, mentor, <strong>and</strong><br />
develop an awareness of methods <strong>and</strong> tools. Within Westinghouse, the PSA CoP exists<br />
outside of the boundaries of specific organizational structure <strong>and</strong> project teams.<br />
10:25 AM<br />
Experience in PRA Training<br />
Ross C. Anderson (a), <strong>and</strong> Robert W. Fosdick (b)<br />
a) Virginia Commonwealth University, Richmond, VA, b) R&B Nuclear LLC, Maidens, Virginia<br />
PSA Knowledge Management - 1<br />
As with all disciplines within the nuclear industry, the PRA workforce is aging <strong>and</strong> will<br />
continue to suffer significant losses to retirement over the next 5-10 years. Unfortunately,<br />
these losses will occur at a time when the dem<strong>and</strong>s upon the PRA staff are<br />
not holding steady but are actually increasing. The NRC evaluates the quantitative<br />
risk of licensing actions such as Technical Specifications changes <strong>and</strong> licensee activities<br />
(via the Significance Determination Process, for example). Program <strong>and</strong> system<br />
inspections are often risk-informed or risk-based. In addition, new plants are likely<br />
to be added to the existing U.S. fleet over the next 5-10 years. The combination of<br />
experienced workforce losses <strong>and</strong> increasing dem<strong>and</strong> poses substantial challenges to<br />
existing PRA groups <strong>and</strong> their management.<br />
Virginia Commonwealth University has addressed some of these concerns on a local<br />
level by developing both a graduate course <strong>and</strong> a professional workshop in PRA applications.<br />
The graduate course proved to be surprisingly popular, as students developed<br />
a subset of a North Anna PRA model with WinNUPRA software donated by Scientech.<br />
Students, mostly without prior PRA experience, built their own models from<br />
the ground up; solved them, learned to use the descriptive statistics, <strong>and</strong> performed<br />
representative calculations such as (a)(4) compliance <strong>and</strong> potential Significance Determination<br />
Process applications. Those course notes are currently being compiled<br />
for a textbook.<br />
The workshop followed a similar strategy but has not yet been widely marketed.<br />
In summary, the need for PRA training for users at all levels remains substantial.<br />
Training for both existing <strong>and</strong> future PRA engineers should emphasize practical applications<br />
<strong>and</strong> the incorporation of plant knowledge.<br />
10:50 AM<br />
PSA Knowledge Transfer - Approaches in OECD/NEA WGRisk<br />
Member States<br />
Marina Röwekamp (a) <strong>and</strong> Kevin Coyne (b)<br />
a) Gesellschaft für Anlagen- und Reaktorsicherheit (GRS) mbH, Köln, Germany, b) U.S. Nuclear Regulatory<br />
Commission (NRC), Washington, DC, USA<br />
The OECD/NEA Working Group Risk (WGRisk) has initiated in 2010 a task on PSA<br />
(probabilistic safety assessment) knowledge transfer in member states. The objective<br />
of this task is to develop a common underst<strong>and</strong>ing of the current needs <strong>and</strong> ongoing<br />
activities in organizations in the member states on PSA knowledge transfer, including<br />
other ongoing international activities in this technical area.<br />
In this context a survey has been developed focusing on knowledge transfer activities<br />
such as training courses, on-the-job training, seminars, mentoring. This survey<br />
places less emphasis on other aspects of knowledge management (e.g., knowledge<br />
representation, capture, storage, retrieval). Furthermore, it is limited to knowledge regarding<br />
the performance, review, <strong>and</strong> use of nuclear power plant (NPP) PSA studies<br />
in risk-informed decision making.<br />
The survey results are being documented in a NEA report discussing lessons learned<br />
<strong>and</strong> best practices. Furthermore the survey shall be used to identifying potential followon<br />
activities (e.g., knowledge transfer seminars on specified topics) that could be performed<br />
to efficiently <strong>and</strong> effectively preserve the current PSA know-how.<br />
11:15 AM<br />
Current PRA Knowledge Management Activities at the NRC<br />
M. Tobin, K. Coyne, <strong>and</strong> N. Siu<br />
U.S. Nuclear Regulatory Commission, Washington, DC<br />
Probabilistic Risk Assessment knowledge management programs at the Nuclear Regulatory<br />
Commission are becoming increasingly important as experienced members of<br />
the field prepare for retirement. The US Nuclear Regulatory Commission, which views<br />
knowledge management as the broad set of activities capturing critical information<br />
<strong>and</strong> making the right information available to the right people at the right time, has<br />
developed or is in the process of developing a number of knowledge management<br />
mechanisms <strong>and</strong> tools including: databases <strong>and</strong> electronic reading rooms, formal <strong>and</strong><br />
informal training, interviews, procedures, desk references, communities of practice,<br />
websites, <strong>and</strong> portals. This paper, which is based largely on NRC’s response to an<br />
OECD Working Group on Risk Assessment (WGRISK) survey described in a separate<br />
paper at this conference, describes the NRC’s PRA-related applications of both formal<br />
<strong>and</strong> informal knowledge management activities, as well as lessons learned to date<br />
from these activities.
Session Chair: Dave Gertman<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Monday March 14, 2011 - 10:00 AM - Carolina<br />
10:00 AM<br />
Practical Refinements to Human Action Dependency Analysis<br />
for Probabilistic Safety Assessment<br />
James K. Liming, Thomas J. Mikschl (a), <strong>and</strong> Shawn S. Rodgers (b)<br />
a) ABSG Consulting Inc. (ABS Consulting), Irvine, CA, b) STP Nuclear Operating Company, Wadsworth,<br />
TX<br />
This paper summarizes the results of an evaluation of human action dependency for<br />
the STP Nuclear Operating Company (STPNOC) South Texas Project Electric Generating<br />
Station (STPEGS) Units 1 <strong>and</strong> 2 low power <strong>and</strong> shutdown (LPSD) probabilistic<br />
risk assessment (PRA). Specifically, this paper focuses on the potential impact of<br />
refinements to current industry PRA human reliability analysis (HRA) methods (e.g.,<br />
the EPRI HRA Calculator® methods) for human action dependency evaluation. These<br />
potential refinements were conceptualized during the performance of the STPNOC<br />
LPSD PRA HRA. The scope of this evaluation included a thorough post-processing<br />
evaluation of over 37,000 PRA event sequences (or cut sets) for combinations of<br />
human failure events (HFEs) that could result in potential HEP interdependence,<br />
<strong>and</strong> thus, could significantly impact the results of the PRA <strong>and</strong> any associated riskinformed<br />
applications. The paper presents a discussion of the importance of human<br />
action dependency analysis (HADA) in PRA or probabilistic safety assessment (PSA),<br />
<strong>and</strong> presents an overview of current methods typically applied. The paper also presents<br />
general results from the STPNOC LPSD PRA HRA HADA, <strong>and</strong> it provides selected<br />
examples of how potential HADA refinements could impact the rigor <strong>and</strong> accuracy<br />
of HADA results, <strong>and</strong> thus, overall PRA or PSA results.<br />
10:25 AM<br />
Guidance on Use of Limiting Values for Human Error Probabilities<br />
in PRAs<br />
Gareth Parry (a), <strong>and</strong> Stuart Lewis (b)<br />
a) ERIN Engineering <strong>and</strong> Research, Inc., Walnut Creek, CA, b) Electric Power Research Institute, Knoxville<br />
TN<br />
Human reliability analysis, as it is conducted in probabilistic risk assessments, relies<br />
on the use of various models of human performance, informed by relatively sparse<br />
data from actual experience. Such an approach can give rise to a degree of skepticism,<br />
especially when the methods produce very low probabilities of failure. At some<br />
level, there is a perception that there is a limit to the reliability of operating crews, <strong>and</strong><br />
that available methods do not necessarily capture all the important causes of failure.<br />
As a result, a variety of approaches has been taken to defining limiting or minimum<br />
values that should be used in lieu of low calculated human error probabilities (HEPs).<br />
Up to this point, there has been no consensus practice in setting or using such minimum<br />
values. This paper summarizes the issues associated with the development <strong>and</strong><br />
use of limiting values for HEPs. The proposed limiting values are presented in EPRI<br />
1021081, Establishing Minimum Acceptable Values for Probabilities of Human Failure<br />
Events Practical Guidance for Probabilistic Risk Assessment. It is expected that<br />
the guidance provided in that report may be applied in probabilistic risk assessments<br />
performed by the nuclear industry, <strong>and</strong> that it may be revised or refined as a result of<br />
insight gained from that experience.<br />
Human Reliability Analysis - 1<br />
10:50 AM<br />
A Context Based Approach to Human Reliability Analysis for<br />
Seismic PSA<br />
Paul Amico (a), Andreas Strohm <strong>and</strong> Jörg Rattke (b)<br />
a) Energy Research, Inc., Rockville, MD, USA, b) EnBW Kernkraft GmbH, Neckarwestheim, Germany<br />
This paper suggests an approach to seismic HRA that addresses some of the deficiencies<br />
of the “shock model” approach commonly used for seismic HRA. The problem<br />
with the shock model approach is that it places too much emphasis on the acceleration<br />
associated with the seismic event <strong>and</strong> not enough on the extent of damage caused<br />
by the event. Logic suggests that the effects of the acceleration are short-lived as<br />
regards human performance (i.e., due to disorientation) <strong>and</strong> that after a short initial<br />
period performance would return essentially to normal other than for the need to deal<br />
with the impact of the actual seismic failures. Because of this, the shock model does<br />
not adequately allow credit for increased seismic design capacity or long coping times<br />
before operator action is required. In this paper, the authors suggest the use of a<br />
more context based approach that does account for these influences. The emphasis<br />
of this approach is on the overall context under which an action is performed, of which<br />
the acceleration is only one part. This allows for better consideration of the broader<br />
range of performance influencing factors that result from the actual seismic damage<br />
to the plant. The paper presents the methodology <strong>and</strong> the process for application, <strong>and</strong><br />
also presents a specific application from the SPSA of the German NPP Kernkraftwerk<br />
Neckarwestheim Unit 2 (GKN II). It is concluded that the approach was successful in<br />
that application to provide a more realistic treatment of human reliability <strong>and</strong> so a more<br />
accurate risk profile. As such, the approach clearly has promise, but further development<br />
is required beyond this first application.<br />
11:15 AM<br />
Qualitative Human Reliability Analysis of Dry Cask Storage<br />
Operations<br />
Jeffrey D. Brewer, Stacey M. L. Hendrickson (a), <strong>and</strong> Susan E. Cooper (b)<br />
a) S<strong>and</strong>ia National Laboratories, Albuquerque, NM, USA, b) United States Nuclear Regulatory Commission,<br />
Rockville, MD, USA<br />
Human reliability analysis (HRA) methods have been developed primarily to provide<br />
information for use in probabilistic risk assessments of nuclear power plant control<br />
room operations. The HRA method of A Technique for Human Event Analysis (ATHEA-<br />
NA) has been proposed for use in diverse applications outside the control room due to<br />
its particular approach for systematically examining the dynamic, contextual conditions<br />
influencing human performance. This paper describes aspects of a recently completed<br />
project in which the qualitative analysis within ATHEANA was successfully used to<br />
prospectively examine how unsafe actions may contribute to a cask drop <strong>and</strong> generate<br />
ideas for avoiding cask drops. Through the investigation of previous analyses as<br />
well as discussion with subject matter experts, cask drop scenarios were generated<br />
that might occur within dry cask storage operations. The development of these scenarios<br />
led to the development of human performance vulnerabilities meant to describe<br />
performance shaping factors as well as plant conditions that generate a context that<br />
may ultimately contribute to human failure events (HFEs). After analyzing the human<br />
performance vulnerabilities, illustrative guidance was developed for avoiding or mitigating<br />
them so that HFEs involving cask drops may be avoided or mitigated. This<br />
paper provides a description of the qualitative HRA process followed, a listing of HFE<br />
scenario groupings, discussion of selected human performance vulnerabilities, <strong>and</strong><br />
illustrative approaches for avoiding or mitigating human performance vulnerabilities<br />
that may contribute to dropping a spent fuel cask.<br />
19
20<br />
Session Chair: Sergio Guarro<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Monday March 14, 2011 - 1:30 PM - Azaleca<br />
1:30 PM<br />
Overview <strong>and</strong> Impact of RG 1.97 Rev 4, Accident Monitoring<br />
Instrumentation, on New Reactor Reviews<br />
Deirdre W. Spaulding-Yeoman<br />
USNRC, Washington, DC<br />
Some new reactor applicants have committed to Regulatory Guide 1.97 Revision 4<br />
which endorses IEEE st<strong>and</strong>ard 497-2002, IEEE St<strong>and</strong>ard Criteria for Accident Monitoring<br />
Instrumentation for Nuclear Power Generating Stations. 10 CFR 52.79(a)(30)<br />
indicates that the submitted final safety analysis report include proposed technical<br />
specifications. In keeping with RG 1.97 Revision 4, <strong>and</strong> IEEE 497, accident monitoring<br />
variable selection must be consistent with the plant specific emergency operating<br />
procedures <strong>and</strong> the abnormal operating procedures. Meeting RG 1.97 Revision<br />
4 has presented challenges to new reactor applicants such that the USNRC allows<br />
applicants to pursue one of three options in regard to their tech specs pertaining to<br />
accident monitoring instrumentation; provide a plant specific instrumentation value,<br />
provide a value that bounds the plant specific value, or, establish an administrative<br />
controls program or report. This presentation provides an overview of Reg Guide 1.97<br />
Revision 4 <strong>and</strong> discusses the approaches that have been submitted to the Office of<br />
New Reactors for staff review. Specific discussion will be provided in regard to the<br />
implications of Reg Guide 1.97 Revision 4, using the staff guidance, St<strong>and</strong>ard Review<br />
Plan Section 7.1, Instrumentation <strong>and</strong> Controls, Overview of Review Process, <strong>and</strong><br />
Section 7.5, Information Systems Important to Safety, for new reactor staff reviews.<br />
(Presentation Only)<br />
1:55 PM<br />
Error Modeling <strong>and</strong> Analysis of DIgital I&C System Failure<br />
Modes<br />
Carl Elks, Nishant George,<strong>and</strong> Barry Johnson<br />
University of Virginia<br />
Over the last ten years rigorous approaches to safety analysis <strong>and</strong> assessment have<br />
been of particular interest to safety community, motivated mainly by the increasing<br />
complexity of safety critical systems across a wide range of applications. Although<br />
there are commercial software <strong>and</strong> tools available that assists engineers in performing<br />
clerical tasks, such as forming tables <strong>and</strong> filling in data, the essential <strong>and</strong> critical part<br />
of an FMEA process remains a difficult <strong>and</strong> elusive challenge – that is, a systematic<br />
<strong>and</strong> comprehensive means to characterize failure modes of the system <strong>and</strong> identify<br />
significant failure paths associated with these potential failure modes. Current approaches<br />
using operating plant, commercial, <strong>and</strong> vendor databases certainly aid in the<br />
identification <strong>and</strong> classification of what component failures have happened, but they<br />
are limited in their utility in determining what could happen. As newer I&C systems<br />
<strong>and</strong> micro-technology is introduced, failure data is sparsely available on these new<br />
technologies. These problems naturally become more acute as I&C systems grow in<br />
scale <strong>and</strong> complexity <strong>and</strong> criticality, which is the trend that is now emerging.<br />
This paper presents a unique modeling <strong>and</strong> analysis method based on the concepts of<br />
error modeling <strong>and</strong> error propagation analysis. The concept we present is based on an<br />
information theory approach, where the functional representation of the digital system<br />
is viewed as a composition of information channels. More precisely, information flow<br />
in a computer is characterized by symbols, <strong>and</strong> the interpretation <strong>and</strong> manipulation<br />
of those symbols. Errors can corrupt symbols, rendering them into different symbols,<br />
non-symbols or reconstitute the interpretation of symbols. Errors in the information<br />
universe are usually manifested as bit flips in the data <strong>and</strong>/or instruction symbols. Our<br />
approach defines an error behavior function which allows information flow in digital<br />
I&C system to be corrupted according to a context fault model. A context fault model<br />
is based on what vulnerabilities are perceived to be relevant in the environment of the<br />
digital I&C systems. These include, common mode faults <strong>and</strong> errors, bit flips, software<br />
flaws, intentional security faults, <strong>and</strong> byzantine faults. (Presentation Only)<br />
Digital I&C in PSA - 2<br />
2:20 PM<br />
Advanced Risk Modeling <strong>and</strong> Risk-informed Testing of Digital<br />
Instrumentation <strong>and</strong> Control Systems<br />
Sergio B. Guarro, Michael Yau <strong>and</strong> Scott Dixon<br />
ASCA, Inc., Redondo Beach, CA<br />
Assuring the reliability <strong>and</strong> safety of Digital Instrumentation & Control (DI&C) systems<br />
presents special challenges. Their potential complexity, associated with the multi-faceted<br />
functionality of the software, makes testing the various combinations of logic execution<br />
paths “exhaustively” very difficult. A rigorous process of analytical partitioning<br />
of the test space is generally necessary to guide a meaningful process of risk-informed<br />
test <strong>and</strong> assessment for these systems.<br />
The Context-based Software Risk Model, applied in combination with the Dynamic<br />
Flowgraph Methodology (CSRM/DFM) is an extension of the traditional Probabilistic<br />
Risk Assessment (PRA) approach. It provides a modeling <strong>and</strong> analysis platform that<br />
can be applied to risk-inform the testing <strong>and</strong> verification of DI&C, <strong>and</strong> more in general<br />
software driven <strong>and</strong>/or controlled systems. The basic principle of the approach is that<br />
DI&C systems <strong>and</strong> software driven systems can be analyzed <strong>and</strong> tested in effective<br />
<strong>and</strong> convincing fashion, only if the software is analyzed <strong>and</strong> tested with the actual “balance<br />
of system” in the loop, <strong>and</strong> the test <strong>and</strong> analysis process includes a risk-informed<br />
set of off-nominal scenarios.<br />
This paper summarizes <strong>and</strong> discusses a few recent applications of the CSRM/DFM approach<br />
to both space <strong>and</strong> nuclear power plant DI&C systems. The projects discussed<br />
demonstrate several modes of use of the risk-informed analytical <strong>and</strong> test procedures<br />
enabled by the CSRM/DFM process, <strong>and</strong> more specifically how the methodology can<br />
serve both as a st<strong>and</strong>-alone DI&C test driving resource <strong>and</strong> as an advanced riskmodeling<br />
<strong>and</strong> quantification extension of traditional PRA models <strong>and</strong> procedures.<br />
2:45 PM<br />
Application of Fault Tree Methodology to Modeling of The<br />
Ap1000® Plant Digital Reactor Protection System<br />
David S. Teolis, Stacy A. Zarewczynski, Heather L. Detar<br />
Westinghouse Electric Company LLC, Cranberry Twp., USA<br />
The reactor trip system (RTS) <strong>and</strong> engineered safety features actuation system (ES-<br />
FAS) in nuclear power plants utilizes instrumentation <strong>and</strong> control (I&C) to provide automatic<br />
protection against unsafe <strong>and</strong> improper reactor operation during steady-state<br />
<strong>and</strong> transient power operations. During normal operating conditions, various plant<br />
parameters are continuously monitored to assure that the plant is operating in a safe<br />
state. In response to deviations of these parameters from pre-determined set points,<br />
the protection system will initiate actions required to maintain the reactor in a safe<br />
state. These actions may include shutting down the reactor by opening the reactor<br />
trip breakers <strong>and</strong> actuation of safety equipment based on the situation. The RTS <strong>and</strong><br />
ESFAS are represented in probabilistic risk assessments (PRAs) to reflect the impact<br />
of their contribution to core damage frequency (CDF). The reactor protection systems<br />
(RPS) in existing nuclear power plants are generally analog based <strong>and</strong> there is general<br />
consensus within the PRA community on fault tree modeling of these systems. In<br />
new plants, such as AP1000® plant, the RPS is based on digital technology. Digital<br />
systems are more complex combinations of hardware components <strong>and</strong> software. This<br />
combination of complex hardware <strong>and</strong> software can result in the presence of faults <strong>and</strong><br />
failure modes unique to a digital RPS. The United States Nuclear Regulatory Commission<br />
(NRC) is currently performing research on the development of probabilistic<br />
models for digital systems for inclusion in PRAs; however, no consensus methodology<br />
exists at this time. Westinghouse is currently updating the AP1000® plant PRA to support<br />
initial operation of plants currently under construction in the United States. The<br />
digital RPS is modeled using fault tree methodology similar to that used for analog<br />
based systems. This paper presents high level descriptions of a typical analog based<br />
RPS <strong>and</strong> of the AP1000® plant digital RPS. Application of current fault tree modeling<br />
techniques to the digital system is reviewed, <strong>and</strong> unique issues related to accounting<br />
for common cause failures <strong>and</strong> software failures are discussed.
Session Chair: Karl Fleming<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Monday March 14, 2011 - 1:30 PM - Camelia/Dogwood<br />
Next Generation Reactor PSA - 2<br />
1:30 PM<br />
Investigation of Risk-Informed Methodologies to Improve Sodium-Cooled<br />
Fast Reactor Economics With Safety, <strong>and</strong> Non-<br />
Proliferation Constraints<br />
George Apostolakis, Michael Driscoll, Michael Golay, Andrew Kadak, Neil<br />
Todreas (a), Tunc Aldemir, Richard Denning (b), <strong>and</strong> Michael Lineberry<br />
a) Massachusetts Institute of Technology, Cambridge, MA, b) The Ohio State University, Columbus, OH,<br />
c) Idaho State University, Idaho Falls, ID<br />
A substantial barrier to the implementation of Sodium-cooled Fast Reactor (SFR)<br />
technology is that they would not be economically competitive relative to advanced<br />
light water reactors. With increased acceptance of risk-informed regulation, the opportunity<br />
exists to reduce the costs of a nuclear power plant at the design stage without<br />
applying excessive conservatism that is not needed in treating low risk events.<br />
In NUREG-1860, the U.S. Nuclear Regulatory Commission describes developmental<br />
activities associated with a risk-informed, technology neutral framework (TNF) for<br />
regulation that provides quantitative yardsticks against which the adequacy of safety<br />
<strong>and</strong> proliferation resistance can be judged. The objective of this project is to develop<br />
a design process for minimizing the cost of electricity generation within constraints of<br />
adequate safety <strong>and</strong> proliferation resistance. This paper describes the proposed design<br />
optimization process within the context of reducing the capital cost <strong>and</strong> levelized<br />
cost of electricity production for a small (possibly modular) SFR. The project provides<br />
not only an evaluation of the feasibility of a risk-informed design process but also a<br />
practical test of the applicability of the TNF to an actual advanced, non-LWR design.<br />
The report provides results of two safety related case studies of design alternatives, as<br />
well as an assessment of measures to improve proliferation resistance.<br />
1:55 PM<br />
The Evolution from a Design Certification Pra to an As-Built<br />
As-Operated PRA<br />
Yunlong Li, Dennis Henneke, Glen Seeman <strong>and</strong> Gary Miller<br />
GE Hitachi Nuclear Energy, Wilmington, NC<br />
A number of uncertainties exist in the development <strong>and</strong> updating of PRAs for new<br />
reactors, such as the amount of information available, applicability of the failure data<br />
to the components, <strong>and</strong> the availability of details of the design <strong>and</strong> operation. As it gets<br />
closer to operation, some of these uncertainties are removed. This paper addresses<br />
the evolution of the PRA during the reactor design process <strong>and</strong> in the various stages<br />
of design certification, licensing, <strong>and</strong> plant operation. While only one peer review is<br />
required for the new reactors to be licensed for operation, the evolution path that each<br />
vendor <strong>and</strong> licensee adopts could significantly affect the time <strong>and</strong> efforts involved in<br />
the PRA model development <strong>and</strong> updates, the quality of the PRA, <strong>and</strong> the safety, reliability<br />
<strong>and</strong> availability of the new reactor’s design <strong>and</strong> operation. This paper discusses<br />
the logical division of the stages for the development of PRA models, the purposes<br />
of the PRA at each stage, <strong>and</strong> major deliverables. The pros <strong>and</strong> cons of the different<br />
evolutions are also included. Based on GEH’s extensive experience in developing <strong>and</strong><br />
updating PRA models for advanced BWRs that span across all stages, reasonable<br />
evolution paths are recommended.<br />
2:20 PM<br />
PRA Analysis for a New Reactor Design: The B&W MPOWER<br />
Small Modular Reactor<br />
Thomas A. Morgan (a) <strong>and</strong> Kenneth W. Baity (b)<br />
a) Maracor Software & Engineering, Inc., Middletown, MD, b) Babcock & Wilcox Nuclear Energy, Inc.,<br />
Lynchburg, VA<br />
The B&W mPower reactor is a small modular PWR with numerous evolutionary<br />
design concepts, including passive safety systems, an integrated reactor pressure<br />
vessel, <strong>and</strong> a below-grade containment building. To support Design Certification, a<br />
complete probabilistic risk assessment (PRA) must be performed that meets industry<br />
st<strong>and</strong>ards <strong>and</strong> regulatory requirements.<br />
Sufficient design <strong>and</strong> operational details must be available to develop PRA models<br />
<strong>and</strong> data. However, it is also desirable to obtain risk estimates for the plant early in the<br />
design process <strong>and</strong> to feed back risk insights into design decisions. If such insights are<br />
not developed until after the PRA is completed (<strong>and</strong> the design is largely finalized), it<br />
can be costly to backfit beneficial changes. Therefore, PRA tasks are being performed<br />
concurrently with design activities, using an iterative approach that incorporates design<br />
changes as they occur.<br />
For example, alternative concepts have been proposed for the emergency core cooling<br />
systems as the plant’s design has evolved. PRA personnel participated in design<br />
discussions to evaluate the alternatives <strong>and</strong> offered reliability insights that improved<br />
these designs. A “risk insights” training course was also developed for the designers<br />
so that the ongoing development tasks could incorporate beneficial features that would<br />
improve safety <strong>and</strong> reliability.<br />
The internal events PRA is underway, <strong>and</strong> work on the external events <strong>and</strong> low power/<br />
shutdown modes PRAs will begin in early 2012. Because of the plant’s innovative<br />
features, it is expected that the B&W mPower reactor will have a low core damage<br />
frequency <strong>and</strong> should pose minimal risk to the public.<br />
2:45 PM<br />
Risk-Informed Design <strong>and</strong> Safety Review of HTR-PM<br />
Jiejuan TONG, Tao LIU, <strong>and</strong> Jun ZHAO<br />
Institute of Nuclear <strong>and</strong> New Energy Technology, Tsinghua University, P.R China<br />
HTR-PM is the abbreviation of the demonstration plant project which will be built in<br />
China with a pebble bed high temperature gas cooled reactor design. Due to the<br />
unique features of the reactor, the Chinese safety authority recognizes the big challenge<br />
it will bring to the current regulation <strong>and</strong> decides to launch the pilot use of PSA<br />
in the design <strong>and</strong> in the safety review in an extensive way, based on the consensus<br />
that PSA should be the necessary <strong>and</strong> efficient key to solve the puzzles. This paper<br />
will present <strong>and</strong> discuss the aspects which PSA has been successfully used during<br />
the design <strong>and</strong> safety review of HTR-PM project, including safety goal, plant operating<br />
modes definition, beyond design accidents, emergency planning <strong>and</strong> so on. Every<br />
aspect may require some philosophically innovative efforts, however moving to the<br />
risk-informed decision making <strong>and</strong> regulation will be adhered as the common opinion<br />
arrived by the authority <strong>and</strong> the designer. Working processes <strong>and</strong> results for some of<br />
the aspects will also be explained. The paper will also address the methodological issues<br />
for performing design PSA. Although most of the traditional PSA techniques are<br />
still valid for HTR-PM, a few new techniques are introduced.<br />
21
22<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Monday March 14, 2011 - 1:30 PM - Magnolia<br />
Configuration Risk Management - 1<br />
Session Chair: Gerry Kindred<br />
1:30 PM<br />
Development of Risk Communication Sheet for Daily Operational<br />
Focus <strong>Meetings</strong> at STP<br />
George C. R. Grantom P.E., Fatma Yilmaz, <strong>and</strong> Ernie Kee<br />
South Texas Project Electric Generating Station, Wadsworth, TX<br />
South Texas Project (STP) uses a work week planning concept that is based on a<br />
cycle of train weeks. The work week risk is planned well in advance of the actual work<br />
week by the Work Control organization <strong>and</strong> is updated as needed during the week<br />
by the on-shift Control Room operators. The actual maintenance configurations are<br />
entered in the station’s risk monitoring tool, the Risk Assessment Calculator (RAsCal)<br />
application, [1] by the Control Room Operators. The planned work week ICDP (Incremental<br />
Core Damage Probability) <strong>and</strong> ITP (Incremental Trip Probability) values along<br />
with the actual ICDP <strong>and</strong> ITP values from RAsCal are communicated every morning<br />
at Daily Operational Focus (DOF) <strong>Meetings</strong> at STP in the form of numeric values. STP<br />
has developed a tool to better communicate online maintenance risk by assigning<br />
colors to maintenance configurations based on numeric thresholds to the ICDP <strong>and</strong><br />
ITP. Associating colors to each maintenance state in terms of the quantitative values<br />
of ICDP <strong>and</strong> ITP on a bar graph provides a clear indication of when, how long, <strong>and</strong><br />
what maintenance activities increased station risk occur [2]. This paper describes the<br />
development, usage <strong>and</strong> further applications of this new risk communication report<br />
providing examples.<br />
1:55 PM<br />
Nuclear Power Plant Configuration Risk Management: Recent<br />
EPRI CRMF Research<br />
Thomas A. Morgan, Diane M. Jones (a), <strong>and</strong> Doug Hance (b)<br />
Maracor Software & Engineering, Inc., Middletown, MD, b) Electric Power Research Institute, Risk <strong>and</strong><br />
Safety Management, Charlotte, NC<br />
The Configuration Risk Management Forum was established in 2003 by EPRI to serve<br />
as a venue to discuss Configuration Risk Management issues applicable to commercial<br />
nuclear power plants. The Forum’s activities include identification <strong>and</strong> sponsorship<br />
of research on current <strong>and</strong> emerging CRM issues. The CRMF has recently focused<br />
on the development of two guideline documents to assist plants in addressing<br />
evolving expectations concerning activities that should be considered under Section<br />
(a)(4) of the maintenance rule, 10CFR50.65. In 2008, a CRMF working group developed<br />
guidance for the evaluation of heavy load lifts. A screening approach categorizes<br />
each planned lift into one of four classes of scenarios. A series of flow charts indicate<br />
how the screening would proceed, <strong>and</strong> suggestions are provided for possible Risk<br />
Management Actions that could be considered for implementation during lifts/movements<br />
that might incur some additional risk to the plant. Most recently, the CRMF has<br />
provided support to the Nuclear Energy Institute (NEI) in the development of updated<br />
Maintenance Rule guidance concerning the evaluation of fire risk impacts during plant<br />
configuration changes. NEI has drafted proposed guidance <strong>and</strong> this guidance is now<br />
being tested by several pilot plants. CRMF, in collaboration with the PWR Owners<br />
Group, is assisting in the development of supporting implementation guidance, incorporating<br />
insights gained from the pilot plants. The supporting guidance highlights<br />
possible approaches that could be used to implement each of the specific objectives<br />
noted in the draft NEI guidance.<br />
2:20 PM<br />
A Study for the Reliability Evaluation Method for The Maintenance<br />
Plan Using the Risk Information<br />
Naoki CHIGUSA (a), Yoshiyuki NARUMIYA (b), Takahiro KURAMOTO (c)<br />
a) The Kansai Electric Power Company, Fukui, Japan, b) The Kansai Electric Power Company, Osaka,<br />
Japan, c) Nuclear Engineering, Ltd., Osaka, Japan<br />
This paper discusses the development of the quantitative method to evaluate the reliability<br />
for the maintenance plan with respect to the risk impact both for Core Damage<br />
Frequency <strong>and</strong> Plant Trip Frequency. The quantitative approach includes the considerations<br />
for the effect of the Condition Based Maintenance (CBM) changing in addition<br />
to the Time Based Maintenance (TBM), <strong>and</strong> the reliability for the maintenance plan<br />
is evaluated using the actual plant-specific maintenance information collected in the<br />
plant. In this study, overhaul <strong>and</strong> surveillance test for the components are considered<br />
as TBM. The objective components should include “Prevention System (PS)” in addition<br />
to “Mitigation System (MS)”. Therefore, in this quantitative reliability evaluation, it is<br />
necessary to cover both PS <strong>and</strong> MS, <strong>and</strong> the Plant Trip Frequency in addition to Core<br />
Damage Frequency should be introduced as the risk index. The conventional PSA<br />
method is enough to confirm the plant overall risk level <strong>and</strong> the risk profile, however,<br />
this quantitative approach should have the extended method such as extension of the<br />
objective component sphere <strong>and</strong> detailed analysis for the component failure data. In<br />
this paper, the developed method to evaluate the reliability for the maintenance plan<br />
using the risk information is described. And, the tested evaluation to confirm the effectiveness<br />
of this quantitative method is also described. And furthermore, the requirements<br />
for the plant-specific maintenance information to be used in this quantitative<br />
method are described.<br />
2:45 PM<br />
Licensee Experience With the ATWS Vulnerability<br />
Robert W. Fosdick (a), Ross C. Anderson (b)<br />
a) R&B Nuclear LLC, Maidens, Virginia, b) Virginia Commonwealth University, Richmond, VA<br />
The process <strong>and</strong> circumstances leading to the calculation of the ATWS UET contribution<br />
to core for the Surry plant were reviewed to determine key lessons learned. Key<br />
points included the effects of the ongoing work environment, focus on regulatory compliance,<br />
<strong>and</strong> effort required to perform the calculation vs. the worth of the results. The<br />
conclusions are presented in a generalized form as lessons learned for the benefit of<br />
the entire U.S. industry. The numeric results of the ATWS UET theoretical calculation<br />
were previously presented at the ANS 2009 Winter meeting; this paper focuses upon<br />
the field experience with its results.
Session Chair: Andrea Maioli<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Monday March 14, 2011 - 1:30 PM - Salon A<br />
1:30 PM<br />
TEPCO’s Effort for Pursuing Further Safety Against Niigataken-Chuetsu-Oki<br />
Earthquake at Kashiwazaki-Kariwa NPS<br />
Masayuki Yamamoto<br />
Tokyo Electric Power Co., Japan<br />
On July 16,2007, Tokyo Electric Power’s Kashiwazaki-Kariwa nuclear power station<br />
(KKNPS), the world’s largest generation capacity of 8,212MWe, was near the center<br />
of a 6.8 Richter scale earthquake. The earthquake is known as the Niigataken-<br />
Chuetsu Oki Earthquake (NCOE). All the essential nuclear safety functions, automatic<br />
shutdown, cooling <strong>and</strong> containment, worked as designed, <strong>and</strong> all the nuclear reactors<br />
shut down safely. While all seven units at the site have remained safely shut down,<br />
TEPCO continues inspections <strong>and</strong> safety evaluations of these plant facilities, including<br />
a thorough geological survey to establish a new design basis ground motion. As of<br />
September 2010, TEPCO has completed <strong>and</strong> resumed commercial operation for unit<br />
6, 7 <strong>and</strong> 1. Unit 5 is expected to follow soon as of September 2010.<br />
Although the observed acceleration of the NCOE exceeded the design value for dynamic<br />
seismic force, the quake generated forces applied to safety significant SSCs<br />
were of about the same strength as the design basis, taking into account the static<br />
seismic force which is required to be set at three times the strength of general facilities.<br />
Other conservatisms were already embedded in the design process, <strong>and</strong> the<br />
safety significant SSCs possessed sufficient design margin that kept the facilities <strong>and</strong><br />
their safety functions intact.<br />
TEPCO is determined to strengthen its nuclear power stations with added seismic<br />
safety <strong>and</strong> emergency preparedness <strong>and</strong> committed to sharing the lessons learned<br />
with the nuclear community worldwide. (Presentation Only)<br />
1:55 PM<br />
Development of Seismic Risk Evaluation Model for New Nuclear<br />
Power Plant<br />
Kohei HISAMOCHI, Daisuke TANIGUCHI, <strong>and</strong> Shingo ODA<br />
Hitachi-GE Nuclear Energy, Ltd., Ibaraki-ken, Japan<br />
Seismic isolators have been studied <strong>and</strong> applied to the basic design of a nuclear power<br />
plant to improve the seismic capacity <strong>and</strong> design st<strong>and</strong>ardization. As an alternative<br />
approach, diversified mitigation systems have been also considered to withst<strong>and</strong> the<br />
common load from earthquakes. While these two options are considered, a seismic<br />
risk evaluation model has been developed <strong>and</strong> the seismic margin has been evaluated<br />
to assess the effectiveness of seismic isolators <strong>and</strong>/or diversified mitigation system.<br />
In this study, plant level HCLPF (High Confidence - Low Probability of Failure) accelerations<br />
have been calculated by using seismic margin analysis methodology. Firstly,<br />
the simplified seismic risk evaluation model has been developed for ABWR (Advanced<br />
Boling Water Reactor) as the base configuration. The ABWR has three divisional safety<br />
systems for core cooling <strong>and</strong> decay heat removal. Each division has a high pressure<br />
injection system, a residual heat removal system, <strong>and</strong> support systems including<br />
diesel generator system. Then, the risk evaluation model has been exp<strong>and</strong>ed to<br />
model the configuration of IC (Isolation Condenser) <strong>and</strong> passive containment cooling<br />
systems, which have relatively large pools on the upper part of the building, as the<br />
diversified mitigation systems.<br />
Using this model <strong>and</strong> generic fragility parameter values, the plant level HCLPF accelerations<br />
have been quantified to compare the seismic isolator case, diversified mitigation<br />
systems case, <strong>and</strong> the combination case. As a result of margin analysis, these<br />
cases have larger margin than base case. According to the sensitivity analyses, it is<br />
indicated that the scope of the capacity increase in case of the seismic isolator <strong>and</strong> the<br />
capacity of the additional systems are important to increase the seismic margin.<br />
Throughout this model development <strong>and</strong> demonstration of margin calculation, we<br />
have discussed the applicability of this seismic risk evaluation model to choose a<br />
seismic isolator option in the view point of the seismic risk.<br />
Seismic PSA - 1<br />
2:20 PM<br />
Addressing Accident Sequence Over-Counting in the Kernkraftwerk<br />
Mühleberg Seismic PSA<br />
R.F. Kirchner (a), E.T. Burns, V.M. Andersen (b), O. Zuchuat <strong>and</strong> Y. Bayraktarli<br />
(c)<br />
a) RFK Dynamics, Inc., Niskayuna NY, b) ERIN Engineering <strong>and</strong> Research, Inc., Campbell, CA, c) BKW<br />
FMB Energie AG, Kernkraftwerk Mühleberg, Mühleberg, Switzerl<strong>and</strong><br />
Due to the high conditional failure probabilities that can occur given seismic initiating<br />
events, the quantification approximations typically employed in Seismic Probabilistic<br />
Safety Assessment (SPSA) models result in significant over-counting of accident<br />
sequence frequencies. Over-counting of sequence frequency by a factor of ten or<br />
more has been observed during the quantification of seismic models using algorithms<br />
which employ the rare event or minimum cutset upper bound (MCUB) approximations.<br />
This can occur when the constituent basic events of a system or functional gate in<br />
the model sum to greater than one due to high basic event failure probabilities. This<br />
paper describes the methods developed to reduce seismic sequence overcounting via<br />
use of “AND-NOT” modeling as well as the Advanced Cutset Upper Bound Estimator<br />
(ACUBE) computer code.<br />
2:45 PM<br />
Use of Seismic PRA for Risk-Informed Decision Making by<br />
Utilities <strong>and</strong> Regulatory Agencies<br />
Robert J. Budnitz (a), Nilesh C. Chokshi (b), <strong>and</strong> M.K. Ravindra (c)<br />
a) Lawrence Berkeley National Laboratory, University of California, Berkeley CA, b) US Nuclear Regulatory<br />
Commission, Rockville MD, c) MK Ravindra Consulting, Irvine CA<br />
The methodology for seismic PRA (SPRA) has existed for over three decades, over<br />
which time it has evolved <strong>and</strong> matured, like the rest of PRA. It has been applied at<br />
several dozen nuclear power plants worldwide. SPRA has been used to support riskinformed<br />
decision-making to upgrade the safety of existing plants, to help prioritize<br />
which proposed backfits are most urgent , to help regulatory agencies like he USNRC<br />
<strong>and</strong> international agencies like the IAEA to develop regulations <strong>and</strong> regulatory guidance<br />
related to seismic risk, to support the prioritization of safety research projects,<br />
<strong>and</strong> to develop insights into the overall seismic risk from an individual plant <strong>and</strong> from<br />
an entire fleet of plants. In this latter role, it has been the principal vehicle for informing<br />
decision-makers <strong>and</strong> the general public about the risk from earthquakes at a typical<br />
nuclear plant. What emerges from the ensemble of SPRAs is that typically the seismic<br />
part of the overall reactor risk is a major contributor, sometimes dominant, almost<br />
always important, although sometimes negligible. However, seismic PRA is subject to<br />
a major misconception on the part of some PRA analysts who can be heard continuing<br />
to profess the view that SPRA is not mature enough for routine use for risk-informed<br />
applications. This view is inconsistent with the current status of the SPRA methodology<br />
<strong>and</strong> its uses in regulatory <strong>and</strong> plant-specific applications. This paper describes the<br />
evolution of the SPRA methodology <strong>and</strong> its components, <strong>and</strong> provides examples of<br />
some specific applications.<br />
23
24<br />
Session Chair: David Johnson<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Monday March 14, 2011 - 1:30 PM - Salon B<br />
1:30 PM<br />
On Considering Safety Culture <strong>and</strong> Probabilistic Risk Assessment<br />
Charles T Ramsey (a), David H Johnson (b), <strong>and</strong> C. Richard Grantom (c)<br />
a) Oak Ridge National Laboratory, Oak Ridge, TN, b) ABS Consulting, Irvine, CA, c) STP Nuclear Operating<br />
Company, Wadsworth, TX<br />
The current generation of nuclear power plants operating in the United States has<br />
an impressive safety record. This record is a result of successful design, effective<br />
regulation <strong>and</strong>, perhaps most importantly, skilled operating staff. When compared to<br />
their original design <strong>and</strong> operation, today’s plants have undergone hardware modifications,<br />
procedure improvement <strong>and</strong> changes in operation to help achieve this success.<br />
Application of modern probabilistic risk assessment methods <strong>and</strong> the integration of<br />
risk analysis in the form of risk-informed regulation <strong>and</strong> into operations have been<br />
central to improving safety. Probabilistic assessment provides the bases for estimating<br />
the risk at commercial nuclear power plants; direct actuarial data is not sufficient.<br />
A number of assumptions – both explicit <strong>and</strong> implicit – underpin PRA. These include<br />
assuming, for example, the plant design meets the general design criteria, various<br />
industry st<strong>and</strong>ards, the safety limits <strong>and</strong> the limiting system safety settings. It is also<br />
assumed that plant is managed <strong>and</strong> operated in a safety-focused environment. This<br />
last aspect can be thought of as ‘safety culture.’ These assumptions together describe<br />
an envelope outside of which the results of the PRA, <strong>and</strong> therefore risk management<br />
programs based on the PRA, may no longer be valid. In recent years, much progress<br />
has been made in investigating the nature of an effective safety culture, including attempts<br />
to measure changes in this environment. This paper explores the relationship<br />
of safety culture to PRA focusing on how plant-specific safety culture analyses relate<br />
to effective risk-management programs. (Presentation Only)<br />
1:55 PM<br />
Development of Safety Culture Assessment Model Using<br />
Safety Culture Maturity Model <strong>and</strong> 4P-4C MATRIX<br />
Cheol SHEEN <strong>and</strong> Dae-Wook CHUNG<br />
Korea Institute of Nuclear Safety, Daejeon, Republic of Korea<br />
It has been assumed that safety culture is one of the fundamental elements to maintain<br />
safety of nuclear facilities <strong>and</strong> to achieve safety goals in the nuclear industries. Safety<br />
culture assessment is indispensible factor to diagnose safety culture deficiencies of<br />
organization <strong>and</strong> to advance level of safety culture. However, the intrinsic attributes<br />
of culture have been an obstacle to measure level of safety culture quantitatively <strong>and</strong><br />
objectively. Therefore, we tried to make a nuclear safety culture assessment model<br />
applying the safety culture maturity model <strong>and</strong> 4P-4C matrix to evaluate the inherent<br />
characteristic of safety culture quantitatively with maintaining objectivity. The safety<br />
culture maturity model is proposed by Professor Patrick Hudson who improved Ron<br />
Westrum’s model. Hudson applied the model for the organizations of oil <strong>and</strong> gas industries.<br />
The 4P-4C model is originally developed by aerospace psychology research<br />
group in Trinity College, University of Dublin to evaluate human <strong>and</strong> organizational<br />
factors. As the assessment models are originated from other industries, we performed<br />
comparison study to IAEA SCART’s model to examine the nuclear applicability. The<br />
differences between assessment models were derived <strong>and</strong> analyzed. The analysis<br />
study demonstrates the limitation of IAEA’s models to assess safety culture. And we<br />
developed a 4P-4C matrix as a safety culture evaluation tool using NRC safety culture<br />
attributes.<br />
Safety Culture<br />
2:20 PM<br />
Nuclear Power: Too Risky for Risk Management? Facing the<br />
Limits of Doublet Risk Modeling<br />
William P. Mullins<br />
Better Choices Consulting, Mission Hills, KS<br />
The paper explores, from a systems perspective, inherent limitations in the current<br />
US nuclear energy regulatory framework (i.e. NRC) owing to predication of “risk” as a<br />
two element trade space (i.e. likelihood, consequence). For purposes of analysis the<br />
following hypothesis is given: With the emergence of a US national energy security<br />
risk integration space, effective portfolio risk management cannot be achieved absent<br />
consideration of variation in scenarios upstream of all but the most general principles<br />
of eventual technology regulation. NRC’s one-sizefits- all, <strong>and</strong> tradition-bound reliance<br />
upon doublet risk leads predictably to unwieldy metaphysical compensating mechanisms<br />
such as “positive nuclear safety culture” which become constraints on portfolio<br />
risk performance improvement with no offsetting value for the exclusive investments<br />
they require. Assumptions in the NRC’s current predication of “risk” far predate current<br />
best practice for risk-balanced portfolio decision-making <strong>and</strong> have not been adapted to<br />
the evolution of such practice. The author demonstrates that the management of goal<br />
conflicts at national energy security enterprise level is necessarily more complex (i.e.<br />
multivariate) than, <strong>and</strong> seriously at odds with, the inherently “reliability-assessment”<br />
character of NRC’s institutional sense of “risk.” In the paper, analysis includes a comparison<br />
with evolving concepts principles, <strong>and</strong> practices for “riskinformed decisionmaking<br />
as practiced by NASA.<br />
2:45 PM<br />
Impact of Viable System Model (VSM) Type of Organizational<br />
Concept on Safety Regulation of the Nuclear Industry<br />
Anthony J Spurgin (a), <strong>and</strong> David Stupples (b)<br />
a) City University of London, San Diego, CA, b) School of Engineering & Mathematical Sciences, City<br />
University of London, London, UK<br />
VSM is based upon a holistic concept of a cybernetic biological model for organisms.<br />
Beer [1.] used this concept to construct a model for businesses. The VSM approach<br />
has been used to model the interactions between the NPP utilities, INPO <strong>and</strong> the<br />
NRC in this paper. In reality, one has to consider the competitive aspects between<br />
economics <strong>and</strong> safety, as far as NPP managements are concerned, but the paper<br />
focuses on safety issues in considering the equivalence between VSM <strong>and</strong> the current<br />
state of the nuclear industry. In the context of VSM, the role of management<br />
<strong>and</strong> outside organizations on improvements in safety culture of NPPs are considered.<br />
Various operations within a power plant organization can be modeled in a manner<br />
like similar autonomic functions in living animals. Such an autonomic function might<br />
be plant maintenance, however because of safety considerations, the role of safety<br />
culture must be considered in how they are modeled in VSM. This paper examines the<br />
enhancement of nuclear power plant (NPP) safety based upon three aspects, namely<br />
Regulation by US NRC, NPP self regulation <strong>and</strong> by INPO <strong>and</strong> their effectiveness. It<br />
appears that the organization of the US nuclear power has responded to accidents by<br />
making changes in its organizational structures. The current safety related structure,<br />
of the inter-relationships between the NPP utilities, NRC <strong>and</strong> INPO, is compared to a<br />
modified VSM [1.] approach. The industry’s organization seems to developed towards<br />
a VSM approach. The paper is based upon a more detailed study made by the authors<br />
on the impact of regulation <strong>and</strong> control on safety using a VSM approach. Under Safety<br />
Regulations, limited safety variations are permitted under NRC rules. It is virtually<br />
impossible to produce power without equipment or human failures. The objective is to<br />
limit the accident consequences to values acceptable to the public. The design <strong>and</strong><br />
operation of the NPPs should be such as to limit radioactive releases to as low as<br />
possible commensurate with public acceptability <strong>and</strong> this should achievable within the<br />
rules of the NRC <strong>and</strong> the guidance <strong>and</strong> help given by INPO. How the management<br />
structure of the industry is examined here. In order to give some context to underst<strong>and</strong><br />
the current state of the US nuclear Industry, the paper provides a brief commentary on<br />
the developments in safety awareness <strong>and</strong> implementation over the period from circa<br />
1960 to present, including reference to Three Mile #2 accident <strong>and</strong> other incidents <strong>and</strong><br />
how these accidents <strong>and</strong> incidents have influenced the industry.
Session Chair: Ray Dremel<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Monday March 14, 2011 - 1:30 PM - Carolina<br />
1:30 PM<br />
Upgrade to Seabrook Station Flood Risk Assessment Summary<br />
<strong>and</strong> Insights<br />
Richard Turcotte <strong>and</strong> Kenneth Kiper<br />
Seabrook Station, NextEra Energy Seabrook, LLC,, Seabrook, NH<br />
Although the total plant risk is extremely low, the relative contribution of internal flooding<br />
risk at Seabrook has increased based on a recent PRA update. This paper examines<br />
the reasons for the relative change in flood risk compared to previous assessments.<br />
The change in risk was identified through a recent revision to the internal flood<br />
PRA, using comprehensive <strong>and</strong> systematic methods. It concludes that low frequency /<br />
high consequence scenarios may be missed in a risk assessment that does not have<br />
a developed methodology. The SBK 2010 internal flood PRA study was performed to<br />
meet the latest ASME PRA St<strong>and</strong>ard (specifically Part 3 regarding internal flood) <strong>and</strong><br />
also to take advantage of the latest available EPRI data <strong>and</strong> guidance for performing<br />
internal flood risk assessments. The latest generic internal flood analysis guidance is<br />
significantly more comprehensive than guidance used in the previous flood analyses.<br />
As a result, the upgraded internal flood risk assessment evaluated over 200 flood<br />
initiating events. Of these, all but 32 events were screened from detailed quantitative<br />
assessment. The 32 unscreened events are included in the SBK PRA model <strong>and</strong><br />
quantitatively evaluated for impact on plant risk. This compares to just 3 internal flood<br />
events evaluated in the previous model. This paper presents a summary of the upgraded<br />
SBK 2010 internal flood risk assessment key scope <strong>and</strong> method areas. The<br />
noteworthy differences between the previous flood study for IPE <strong>and</strong> the updated<br />
study are summarized. The quantitative results <strong>and</strong> risk insights of the update study<br />
are presented.<br />
1:55 PM<br />
Electrical Switchgear Flood Area Impact Assessment<br />
Alex<strong>and</strong>er Rubbicco <strong>and</strong> Rupert Weston<br />
Westinghouse Electric Company, LLC, Windsor, CT<br />
This paper examines specific topics that relate to propagation modeling <strong>and</strong> credit<br />
for drains in assessing flood-induced failure of electrical switchgear equipment. The<br />
design philosophy of most nuclear power plants (NPPs) is to eliminate or minimize<br />
flood sources inside electrical switchgear areas, but total elimination of flood sources<br />
in the Class 1E electrical switchgear areas is not always practical. Certain electrical<br />
equipment associated with switchgears, load centers <strong>and</strong> motor control centers are<br />
generally located within close proximity of the floor. Flood events in electrical switchgear<br />
areas can cause complete or partial flood-induced failures of mitigating systems<br />
causing certain flood scenarios to dominant overall plant risk. The modeling of water<br />
propagating from an originating flood area to an adjacent flood area containing electrical<br />
switchgear equipment is examined in this paper. A quasi-static method is used to<br />
estimate the flow rate from the originating flood area to the adjacent area. The method<br />
assumes that flooding loads do not cause structural failure of doors or other flood<br />
barriers <strong>and</strong> propagation from the originating flood area to the adjacent flood areas is<br />
achieved through door gap(s). Credit for the drain system in the adjacent flood areas<br />
is taken into consideration in assessing the flood heights <strong>and</strong> the potential for floodinduced<br />
failures of electrical equipment. This method is considered to be a more realistic<br />
approach in determining the components impacted in adjacent flood areas in the<br />
propagation path for a given scenario. Depending on the flow rate, recovery strategies<br />
can be developed for isolating the flood source.<br />
Flooding PSA - 1<br />
2:20 PM<br />
Internal Flood PRA Case Study at Exelon Nuclear’s Limerick<br />
Generating Station for 4 Kv Safeguard Room Corridor<br />
Philip Tarpinian (a), Robert Wolfgang (b)<br />
a) Exelon Nuclear, Pottstown, PA, b) ERIN Engineering <strong>and</strong> Research, Inc., West Chester, PA<br />
A newly-identified internal flooding Probabilistic Risk Assessment (PRA) scenario,<br />
located in a 4kV safeguard corridor, having an impact on core damage frequency<br />
(CDF) was discovered during an update of the flooding PRA model in 2008-2009. The<br />
update of the internal flooding analysis was performed to meet the requirements of<br />
the American Society of Mechanical Engineers (ASME) PRA st<strong>and</strong>ard, ASME RA-S-<br />
2002 (<strong>and</strong> addenda <strong>and</strong> subsequent revisions). Application of recent internal flooding<br />
criteria contained in the ASME PRA st<strong>and</strong>ard <strong>and</strong> an Electric Power Research Institute<br />
(EPRI) internal flooding analysis guideline imposes different pipe rupture probabilities<br />
<strong>and</strong> a more rigorous methodology than previously considered. This issue does not represent<br />
a design-basis issue but rather is associated with potential plant risk insights.<br />
The previously unidentified flooding scenario had the ability to result in the potential<br />
loss of much of the 4 kV switchgear for Unit 1 <strong>and</strong> Unit 2. No event occurred, but the<br />
identified potential flooding configuration had existed for approximately 10 years after<br />
a plant modification was installed to meet licensing requirements. The plant consequences<br />
of the identified scenario, although unlikely, could be significant, i.e., potentially<br />
resulting in a loss of safety-related power for Unit 1 <strong>and</strong> Unit 2. Incorporation<br />
of the new scenario into the PRA yielded a preliminary calculated increase in LGS’<br />
CDF of 160%. However, since the overall CDF was extremely small, the calculated<br />
increase represented a large change <strong>and</strong> therefore helped focus plant attention on the<br />
potential consequences of a pipe break <strong>and</strong> the operator actions <strong>and</strong> plant changes<br />
needed to mitigate this risk contributor. The risk was mitigated by implementation of a<br />
plant modification that reduced the impacts of a potential pipe rupture <strong>and</strong> yielded a<br />
net reduction in CDF.<br />
25
26<br />
Session Chair: Enrico Zio<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Monday March 14, 2011 - 3:45 PM - Azalea<br />
3:45 PM<br />
Reliability Prediction of Passive Systems Based on Multiple<br />
Failure Measures Modeling<br />
Luciano Burgazzi<br />
Reactor Safety <strong>and</strong> Fuel Cycle Methods Technical Unit, ENEA, Italian National Agency for New Technologies,<br />
Energy <strong>and</strong> Sustainable Economic Development, Bologna, Italy<br />
This paper illustrates a modeling <strong>and</strong> analysis approach for reliability prediction based<br />
on degradation modeling, considering multiple degradation measures <strong>and</strong> with respect<br />
to the t-h (thermal-hydraulic) passive systems.<br />
Previous research on the topic has pointed out the susceptibility of the passive system<br />
to several modes of failure. In fact it has been recognized that a system may<br />
have, in addition to component mechanism failures, multiple degradation paths, so it<br />
is necessary to simultaneously consider multiple degradation measures. Also, many<br />
research efforts on degradation analysis were initiated by making assumptions about<br />
the degradation mechanism. In reality often there is very limited underst<strong>and</strong>ing about<br />
the concerned degradation mechanisms together with their interdependencies.<br />
In this paper, an analysis procedure is developed to address this aspect. Simulated<br />
data have been used to illustrate the applicability of this approach. Results on the application<br />
of the methods to a simplified model of the passive residual heat transport<br />
system in water cooled reactors are presented.<br />
It was verified that, when the multiple degradation measures in a system are correlated,<br />
an incorrect independence assumption may overestimate the system reliability.<br />
4:10 PM<br />
Critical Issues Pertaining to the Evaluation of Passive System<br />
Reliability<br />
A.K. Nayak, Vikas Jain, <strong>and</strong> D. Saha<br />
Reactor Engineering Division, Bhabha Atomic Research Centre, Mumbai, India<br />
Passive systems are playing prominent role in the design <strong>and</strong> development of innovative<br />
reactor systems because of generally perceived enhanced safety <strong>and</strong> reliability<br />
on account of reduced human intervention <strong>and</strong> ample grace period for the operator<br />
in case of accidental conditions. These systems are considered to be more reliable<br />
than the active systems, due to their dependence solely on the natural phenomena<br />
based on simple physical laws. However, assessing their reliability in a transparent<br />
manner is an unresolved issue as the natural phenomena based on simple physical<br />
laws too undergo the degradation <strong>and</strong> may not be able to fulfil the desired function for<br />
the mission time in a satisfactory manner. Currently existing methodologies for the assessment<br />
of passive system reliability suffer the lack of universal acceptability due to<br />
unrealistic assumptions to account for uncertainty <strong>and</strong> over-dependence on the expert<br />
elicitation. This paper provides a general perspective on the evolution of state-of-art<br />
methodologies <strong>and</strong> examines the critical issues pertaining to the evaluation of passive<br />
system reliability which need to be considered to resolve the ambiguities surrounding<br />
the issue of passive system reliability assessment.<br />
Passive Reliability - 1<br />
4:35 PM<br />
Using Importance Sampled RELAP5-3D Simulations to Evaluate<br />
Radioactive Material Release Frequencies for the Technology<br />
Neutral Framework<br />
M. Denman, N. Todreas, M. Driscoll<br />
Department of Nuclear Science <strong>and</strong> Engineering, MIT, Cambridge, MA<br />
NUREG-1860, more commonly known as the Technology Neutral Framework (TNF),<br />
is a risk-informed licensing process drafted by the Nuclear Regulatory Commission’s<br />
(NRC) Office of Nuclear Regulatory Research. The TNF determines the acceptability<br />
of accident sequences by examining the 95th percentile estimate of both the frequency<br />
<strong>and</strong> quantity of radioactive material release <strong>and</strong> compares this value to predetermined<br />
limits on the Frequency-Consequence Curve. Estimating the 95th percentile of frequency<br />
<strong>and</strong> consequence of accident sequences can be difficult, as many advanced<br />
reactors are designed to have high reliability when confronted with licensing basis<br />
transients. While statistical techniques such as importance sampling exist to estimate<br />
the mean <strong>and</strong> variance of an estimate, frequentist statistics does not provide insight<br />
into the shape, <strong>and</strong> thus 95th percentile, of the distribution around that estimate. This<br />
paper proposes that the evidence derived from importance sampling of epidemic uncertainties<br />
in RELAP5-3D simulations may be used in Bayesian updating to provide a<br />
posterior distribution with which a 95th percentile value can be estimated. While both<br />
metal <strong>and</strong> oxide fuel types will be shown to meet the TNF requirements, the frequency<br />
of radiation release for metallic fuel will be shown to be orders of magnitude lower than<br />
that for oxide fuel.<br />
5:00 PM<br />
Insights from PSA Applications of the OECD Nuclear Energy<br />
Agency (OECD/NEA) OPDE Database<br />
Bengt Lydell (a), Alej<strong>and</strong>ro Huerta (b), Karen Gott (c)<br />
a) Sc<strong>and</strong>power Inc., Houston, TX, USA, b) OECD Nuclear Energy Agency, Issy-les-Moulineaux, France,<br />
c) Swedish Radiation Safety Authority, Dept. of Nuclear Power Plant Safety, Stockholm, Sweden<br />
The OECD Pipe Failure Data Exchange (OPDE) Project has established an international<br />
database on pipe degradation <strong>and</strong> failure in commercial nuclear power plants.<br />
During its third term of operation (2008-2011) methods & techniques for systematic<br />
evaluation of piping service experience data have been developed <strong>and</strong> explored. Included<br />
in the third term work scope is a conversion to an entirely web-based system<br />
both for entering new records <strong>and</strong> also for the development of an enhanced webbased<br />
database for the collection <strong>and</strong> evaluation of service induced pipe degradation<br />
<strong>and</strong> failure. The lessons learned from database applications performed during the<br />
period 1994- 2010 have been summarized in an Applications H<strong>and</strong>book (OPDE-AH).<br />
Included in this paper is an overview of how the application-specific database queries<br />
are utilized to reflect unique combinations of piping reliability attributes <strong>and</strong> influence<br />
factors that are considered for anticipated applications. Three types of applications are<br />
considered: 1) ‘advanced application’ in support of structural integrity assessments<br />
including fracture mechanics considerations, 2) risk-informed applications that involve<br />
probabilistic safety assessment (PSA) considerations (e.g., internal flooding PSA),<br />
<strong>and</strong> 3) ‘high-level’ database reviews for the purpose of simple trend analyses.
Session Chair: Jim Young<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Monday March 14, 2011 - 3:45 PM - Camelia/Dogwood<br />
3:45 PM<br />
Insights from Quantitative Risk Analysis Applications for Nonreactor<br />
Nuclear Facilities<br />
Kevin R. O’Kula<br />
URS Safety Management Solutions LLC, Aiken, SC<br />
U.S. Department of Energy (DOE) directives provide a deterministic approach for performing<br />
hazards analysis at DOE’s nuclear facilities <strong>and</strong> selecting hazards controls to<br />
provide reasonable assurance of adequate public protection. In particular, DOE St<strong>and</strong>ard<br />
(STD)-3009-94, is a “safe harbor” in terms of methodology for compliance with<br />
Code of Federal Regulations (CFR) Title 10, Part 830, Nuclear Safety Management,<br />
Subpart B. DOE-STD-3009-94 provides direction on the analyses that are required to<br />
support safety basis decisions <strong>and</strong> states that the Department’s approach does not<br />
require or expect the level of detail analysis necessary for a quantitative risk assessment<br />
(QRA). Nonetheless, risk assessment-related polices, st<strong>and</strong>ards, guides, <strong>and</strong><br />
other controls used by other government organizations, as well as by industry, are<br />
being evaluated by DOE <strong>and</strong> its contractors for applicability to its nuclear facilities. Ultimately,<br />
a st<strong>and</strong>ards-based approach is the goal for use of risk tools, as supplements<br />
to deterministic methods, <strong>and</strong> taking full advantage of the available risk assessment<br />
tools, best practices, <strong>and</strong> lessons learned from across the spectrum of experienced<br />
practitioners. In this paper, three specific QRA applications are described as potential<br />
prototypes for supplementing deterministic approaches in DOE safety basis applications,<br />
<strong>and</strong> include: (1) the probabilistic safety assessment (PSA) performed for the<br />
Defense Waste Processing Facility (DWPF) at the Savannah River Site (SRS); (2) a<br />
SEN-35-91 compliance evaluation of replacement tritium facilities at SRS; <strong>and</strong> (3) an<br />
ongoing QRA of hydrogen events in Hanford Site’s Waste Treatment <strong>and</strong> Immobilization<br />
Plant (WTP), as a design guidance application. (Presentation Only)<br />
4:10 PM<br />
Challenges Developing a FECA For a Supporting System During<br />
Conceptual Design<br />
Stanley H. Levinson (a), Michael W. Kelly, Salvatore J. DiGiovanni (b), <strong>and</strong><br />
Timothy W. Dodson (c)<br />
a) AREVA, Lynchburg, VA, b) AREVA, Charlotte, NC, c) AREVA, Marlborough, MA<br />
The United States (US) is participating in an international effort to design <strong>and</strong> build<br />
the International Thermonuclear Experimental Reactor (ITER). The responsibility assigned<br />
to the US is the design <strong>and</strong> construction of the Tokamak Cooling Water System<br />
(TCWS). Part of this effort includes conducting a series of design optimization studies<br />
that will ultimately include Reliability, Availability, Maintainability, <strong>and</strong> Inspectability<br />
(RAMI) analyses, Hazard Analysis, Failure Modes, Effects, <strong>and</strong> Criticality Analysis<br />
(FMECA), <strong>and</strong> Human Engineering. This paper discusses the FMECA approach, <strong>and</strong><br />
three challenges to its implementation. These are: status of the design, analysis of a<br />
supporting system, <strong>and</strong> scope <strong>and</strong> schedule limitations. A conceptual design is not a<br />
complete design <strong>and</strong> requires many assumptions. A FMECA performed for a supporting<br />
system creates uncertainty when developing global <strong>and</strong> safety effects. The scope<br />
<strong>and</strong> schedule required five analysts to divide the TCWS systems, potentially creating<br />
inconsistencies among the FMECA tables. Work-arounds, templates, <strong>and</strong> assumptions<br />
were used to try to ameliorate the impact of these challenges. The final FMECA<br />
can provide high-level insights on design; it can also provide a preliminary basis for<br />
developing operating <strong>and</strong> maintenance procedures. The conceptual design FMECA<br />
will require significant review <strong>and</strong> modification during the transition to the preliminary<br />
design FMECA. Nonetheless, developing the conceptual design FMECA establishes<br />
the process, provides some insights, <strong>and</strong> creates the foundation for future work as the<br />
design matures.<br />
Non-Reactor PSA - 1<br />
4:35 PM<br />
Risk -Informing Safety Reviews for Non-Reactor Nuclear Facilities<br />
V. Mubayi, A. Azarm, M. Yue, W. Mukaddam, G. Good, F. Gonzalez <strong>and</strong><br />
R.A. Bari<br />
Brookhaven National Laboratory, Upton, NY<br />
This paper describes a methodology used to model potential accidents in fuel cycle<br />
facilities that employ chemical processes to separate <strong>and</strong> purify nuclear materials. The<br />
methodology is illustrated with an example that uses event <strong>and</strong> fault trees to estimate<br />
the frequency of a specific energetic reaction that can occur in nuclear material processing<br />
facilities. The methodology used probabilistic risk assessment (PRA)-related<br />
tools as well as information about the chemical reaction characteristics, information on<br />
plant design <strong>and</strong> operational features, <strong>and</strong> generic data about component failure rates<br />
<strong>and</strong> human error rates. The accident frequency estimates for the specific reaction<br />
help to risk-inform the safety review process <strong>and</strong> assess compliance with regulatory<br />
requirements.<br />
5:00 PM<br />
Nuclear PRA <strong>and</strong> Defense-in-Depth Insights into the Deepwater<br />
Horizon Accident<br />
Dennis Henneke, Matt Warner, Paul Nichols<br />
GE Hitachi, Wilmington, NC<br />
Nuclear Defense-in-Depth (DID) is a principle of long st<strong>and</strong>ing for the design, construction<br />
<strong>and</strong> operation of nuclear reactors, <strong>and</strong> may be thought of as requiring a<br />
concentric arrangement of protective barriers or means, all of which must be breached<br />
before a hazardous material or dangerous energy can adversely affect human beings<br />
or the environment. The classic three physical barriers to radiation release in a<br />
reactor— fuel cladding, reactor pressure vessel, <strong>and</strong> primary containment —are an<br />
example of defense-in-depth.<br />
Probabilistic Risk Assessment (PRA) has been performed for all US Nuclear Plants,<br />
<strong>and</strong> most nuclear plants around the world. Insights from the PRAs have been incorporated<br />
into the plant designs. For new nuclear reactors, PRA has been used to dramatically<br />
improve the designs <strong>and</strong> lower the analyzed plant risk prior to construction.<br />
Oil drilling rigs used for drilling for oil in very deep water, such as the Gulf of Mexico,<br />
have been designed using st<strong>and</strong>ard engineering design approaches, with improvements<br />
made to the design over time. However, lessons learned from the Deepwater<br />
Horizon accident have shown that the design <strong>and</strong> operation of deepwater drilling may<br />
not be sufficient to prevent an accident. The purpose of this paper is to review the<br />
Deepwater Horizon Accident, <strong>and</strong> provide insights to possible contributing factors <strong>and</strong><br />
improvements using Nuclear Probabilistic Risk Assessment (PRA) <strong>and</strong> Nuclear Defense-in-Depth<br />
(DID) principals. While there are certainly applicable lessons learned<br />
from this accident for the nuclear industry, this report is focused on insights from Nuclear<br />
PRA <strong>and</strong> DID.<br />
27
28<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Monday March 14, 2011 - 3:45 PM - Magnolia<br />
Configuration Risk Management - 2<br />
Session Chair: Tom Morgan<br />
3:45 PM<br />
Consideration of Fire Risk in Configuration Risk Management<br />
Programs<br />
Victoria K. Anderson (a), Bradley W. Dolan (b), Leo B. Shanley (c), Denis P.<br />
Shumaker (d)<br />
a) Nuclear Energy Institute, b) Tennessee Valley Authority, c) Erin Engineering <strong>and</strong> Research, Inc., d)<br />
PSEG Nuclear LLC.<br />
US nuclear utilities base their configuration risk management processes on guidance<br />
found in NUMARC 93-01. The current revision of NUMARC 93-01 does not require<br />
consideration of risk associated with potential fire initiators. The Nuclear Energy Institute<br />
(NEI) has proposed a set of changes to NUMARC 93-01 which, if implemented,<br />
would describe approaches that utilities could use to incorporate consideration of risk<br />
associated with potential fire initiators into their configuration risk management <strong>and</strong><br />
work scheduling processes. The proposed changes would encourage development<br />
<strong>and</strong> implementation of a focused approach involving identification of key components,<br />
components whose removal from service could have a material impact on core damage<br />
risk. The proposed changes to NUMARC 93-01 would also encourage development<br />
of risk management actions to limit or mitigate the associated risk when key<br />
components are taken out of service. In addition, enhanced communications would<br />
be encouraged between work scheduling groups, risk management personnel, <strong>and</strong><br />
station personnel involved with maintaining <strong>and</strong> operating fire protection programs<br />
<strong>and</strong> systems. This paper discusses potential approaches for identifying key components<br />
with respect to fire risk, including an approach based on using risk information<br />
from a fire PRA <strong>and</strong> an approach using risk information from an internal events model<br />
combined with information from a safe shutdown equipment list. The paper also discusses<br />
approaches for identification of possible risk management actions which could<br />
be considered when key components with respect to fire risk are made unavailable.<br />
In addition this paper discusses ways to ensure adequate communications between<br />
the various affected plant organizations so that fire risk can be adequately managed.<br />
Insights <strong>and</strong> experience gained in performing a “tabletop pilot” of a proposed approach<br />
are also discussed. (Presentation Only)<br />
4:10 PM<br />
Lessons Learned in (A)(4) Compliance<br />
Ross C. Anderson (a), Robert W. Fosdick (b)<br />
a) Virginia Commonwealth University, Richmond, VA, b)R&B Nuclear LLC, Maidens, Virginia<br />
Ten years after 10 CFR 50.65(a)(4) first required utilities to perform configuration<br />
risk analysis in support of risk management, the Dominion compliance program was<br />
reviewed to identify key lessons learned. Key points included the effort required to<br />
sustain an effective program; the number of approaches to the regulatory action<br />
threshold, <strong>and</strong> actual risk performance; expected <strong>and</strong> unexpected contributors to risk<br />
significance; <strong>and</strong> regulatory experience. The conclusions are presented in a generalized<br />
form for the benefit of the entire U.S. industry.<br />
4:35 PM<br />
Use of U.S. On-Line Maintenance Experience with Non-U.S.<br />
Utilities<br />
Ken Huffman <strong>and</strong> Stephen Hess<br />
Electric Power Research Institute (EPRI), Charlotte, NC<br />
U.S. nuclear power plants routinely apply on-line maintenance (OLM) to improve plant<br />
reliability, safety <strong>and</strong> economic performance. In EPRI report 1018422 [1], which is<br />
available to the public, we provide a detailed discussion of the U.S. experience since<br />
the use of OLM became widespread in the mid-1990’s. Recognizing the performance<br />
improvements achieved by U.S. plants facilitated by the use of OLM, a number of<br />
non-U.S. nuclear utilities are exploring the exp<strong>and</strong>ed use of OLM in their plants. The<br />
use of U.S. experience in initiating or exp<strong>and</strong>ing use of OLM by non-U.S. utilities will<br />
be discussed in this paper.<br />
There are several elements of the U.S. experience base that can serve as effective<br />
models, yield valuable lessons-learned <strong>and</strong> / or can be directly adapted outside of the<br />
U.S. These include application of risk assessment methods to plant configuration management<br />
<strong>and</strong> the exp<strong>and</strong>ed use of condition based maintenance strategies to manage<br />
the health <strong>and</strong> performance of plant structures, systems <strong>and</strong> components. However,<br />
there are aspects of the U.S. experience base that may not be optimum for plants that<br />
are just initiating OLM. In the U.S., plant work practices <strong>and</strong> organizations are structured<br />
to support a large amount of maintenance that can be performed on-line. Adoption<br />
of these practices <strong>and</strong> organizational structures may not be optimum in all cases;<br />
particularly if limited OLM activities are to be conducted. To support non-U.S. plants in<br />
initiating or exp<strong>and</strong>ing their use of OLM, EPRI has developed a phased approach that<br />
is effective for different quantities <strong>and</strong> complexity of OLM activity.<br />
5:00 PM<br />
Optimizing Planned Maintenance <strong>and</strong> On-Line Risk<br />
Gerry W. Kindred<br />
Curtiss-Wright/Scientech, Madison, OH<br />
Title 10 of the Code of Federal Regulations (CFR), Part 50.65(a)(4) provides an allowance<br />
for performing plant maintenance during power operations. A key aspect to<br />
this provision is to assess <strong>and</strong> manage risk prior to taking risk-significant equipment<br />
out-of-service. Four principles govern optimization of planned maintenance with respect<br />
to nuclear risk; 1) ensuring nuclear safety (CDF/LERF) by underst<strong>and</strong>ing the<br />
impact of equipment unavailability, including combinations of equipment, 2) managing<br />
risk (CDP/LERP) by limiting the duration equipment is unavailable, 3) maximizing<br />
the efficiency <strong>and</strong> effectiveness of the plant staff <strong>and</strong> other resources by integrating<br />
risk-insights into the work management schedule, <strong>and</strong> 4) by identifying the impact of<br />
work by effectively communicating to the plant staff. Several components to optimizing<br />
planned maintenance include integration of PRA risk-insights into the work management<br />
process, a process to evaluate scenarios (what-ifs), <strong>and</strong> a real-time assessment<br />
tool (e.g., Safety Monitor, EOOS, etc.). To optimize maintenance it is important that<br />
PRA insights begin early in the process, i.e., approximately twelve weeks or more in<br />
advance of the workweek. What-if capability is important to allow the Planner/Scheduler/PRA<br />
Engineer to move work activities around in the schedule early in the process<br />
to best determine how to minimize the overall instantaneous risk (CDF) as well as the<br />
overall cumulative risk (CDP). Another aspect of optimizing maintenance is to provide<br />
the plant operator with real-time capability of assessing risk. Real-time capability allows<br />
for unplanned conditions, such as severe weather to be taken into account with<br />
planned activities, in addition to providing allowance for the dynamics of a complex<br />
schedule involving several risk-significant activities to be performed simultaneously.<br />
Both qualitative <strong>and</strong> quantitative approaches must be considered to manage the risk<br />
associated with on-line maintenance activities. A review of the as-performed workweek<br />
can provide additional risk-insights that may prove beneficial in the future. Integrating<br />
lessons-learned will strengthen the on-line risk program significantly if risk-insights are<br />
included. The performance of the on-line risk assessment need not be performed by a<br />
PRA Engineer; however, prudence dictates inclusion of the PRA Staff commensurate<br />
with the magnitude of risk (CDF/LERF) associated with a given workweek schedule.<br />
Optimization of on-line maintenance cannot be performed effectively without integration<br />
of PRA.
Session Chair: Robert Budnitz<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Monday March 14, 2011 - 3:45 PM - Salon A<br />
3:45 PM<br />
Seismic PRA Modeling <strong>and</strong> Quantification Approaches<br />
Andrea Maioli (a), Martin W. McCann, Jr. (b), David J. Finnicum (c)<br />
a) Westinghouse Electric Company LLC, Cranberry Township, PA, b) Jack R. Benjamin & Associates,<br />
Inc., Menlo Park, CA, c) Westinghouse Electric Company LLC, Windsor, CT<br />
The inter-relationship between component <strong>and</strong> system fragilities <strong>and</strong> hazard curves<br />
is a defining characteristic of a Seismic Probabilistic Risk Assessment (S-PRA) <strong>and</strong><br />
dictates the unique needs for both modeling <strong>and</strong> quantification techniques <strong>and</strong> tools<br />
associated with this specific hazard group. In this paper, S-PRA modeling <strong>and</strong> quantification<br />
techniques are discussed in the framework of the current S-PRA trend of<br />
developing one comprehensive <strong>and</strong> integrated plant system model <strong>and</strong> performing<br />
hazard-fragility integration over all ground motions for the full plant model. Given the<br />
current inability (or at best difficulty) of the majority of the PRA software packages to<br />
fully integrate seismic hazard <strong>and</strong> fragility curves, the preferred S-PRA modeling <strong>and</strong><br />
quantification approach would require a breakdown of the hazard curves into a limited<br />
number of intervals, <strong>and</strong> the offline integration of hazard <strong>and</strong> fragility curves for each<br />
interval. This is the only approach that would allow a “one-top” fault tree linked model<br />
including seismic hazard. The need for an improved seismic modeling <strong>and</strong> quantification<br />
approach as applied to S-PRA is discussed considering the importance of the<br />
seismic hazard to support risk-informed applications. In addition, the seismic risk profile<br />
as a function of the characterization of earthquake ground motions (e.g., PGA or<br />
SA), is binned into the same limited number of intervals into which the seismic hazard<br />
curve is broken down. This approach potentially adds uncertainties <strong>and</strong> unnecessarily<br />
complicates the risk analysis quantification. A more integrated quantification approach<br />
for the integration of the hazard <strong>and</strong> fragilities <strong>and</strong> quantification of seismic risk is herein<br />
discussed that would; not require an apriori breakdown of the hazard <strong>and</strong> fragility,<br />
properly (seamlessly) addresses event successes in the quantification process, <strong>and</strong><br />
provide a set of results of higher intrinsic value not only for the PRA end-user, but for<br />
the system analyst, seismic design <strong>and</strong> qualification engineers, with the possibility of<br />
identifying not only the CDF <strong>and</strong>/or release frequencies as a function of the parameter<br />
used for seismic event characterization but also potentially seismic sequence, system<br />
<strong>and</strong> plant level fragility curves.<br />
4:10 PM<br />
A Comprehensive Database Application to Support Seismic<br />
PSA Modeling<br />
Silvio T. Sperbeck, Michael Türschmann (a), Matias Krauß (b)<br />
a) Gesellschaft für Anlagen- und Reaktorsicherheit (GRS) mbH, Berlin, Germany, b) Bundesamt für<br />
Strahlenschutz Postfach, Salzgitter, Germany<br />
The German PSA Guideline <strong>and</strong> its technical document on PSA methods published<br />
in 2005 require probabilistic safety analyses (PSA) to be carried out in the frame of<br />
periodic safety reviews for nuclear power plants. This also includes a seismic PSA<br />
(SPSA) forsites with design earthquake intensities exceeding the value VII (MSK or<br />
EMS scale). Based on the specifications in the PSA Guideline, a comprehensive<br />
database is conceived, which can be used for performing <strong>and</strong> applying<br />
SPSA. can be also applied as a tool in the frame of SPSA reviews for<br />
all queries regarding the plant specific SPSA to be evaluated. Some enlargements<br />
<strong>and</strong> concretions of the requirements in the PSA Guideline were implemented to ensure<br />
an adequate quality as well as the traceability <strong>and</strong> reproducibility of a SPSA.<br />
Therefore, a two-stage screening process of structures, systems <strong>and</strong> components<br />
(SSC) is developed that may be used to compile <strong>and</strong> complete the seismic equipment<br />
list (SEL). Moreover, the seismic robustness of allSSC of the SEL can be evaluated<br />
with respect to their safety significance. In addition, a general model is developed for<br />
modeling dependencies of seismic failures for different SSC. It is planned to configure<br />
for an automatic parameter transfer (e.g. fragilities of all SSC of the<br />
SEL <strong>and</strong> correlation parameters for the description of seismic dependent SSC failure<br />
behavior) in order to quantify the plant model for arbitrary seismic intensities. The<br />
paper outlines the detailed structure of the database. The application of<br />
during accomplishment of the SSC screening process, for description <strong>and</strong><br />
modeling of dependencies <strong>and</strong>, finally, for quantification of the plant model is elucidated<br />
by means of selected examples.<br />
Seismic PSA - 2<br />
4:35 PM<br />
Methods for Seismic Analysis Using Riskspectrum<br />
Ola Bäckström <strong>and</strong> Johan Sörman<br />
Sc<strong>and</strong>power - Lloyds Register, Sundbyberg, Sweden<br />
Seismic analysis requires that the PSA model must be able to represent some specific<br />
reliability parameters. These are representation of the hazard <strong>and</strong> fragility curve. This<br />
paper will describe one method for performing seismic analysis using RiskSpectrum,<br />
within the existing framework. The focus will be:<br />
• To enable basic underst<strong>and</strong>ing of how seismic PSA model is developed in<br />
RiskSpectrum<br />
• How is it related to the existing PSA model for internal initiating events<br />
• How are seismic hazard <strong>and</strong> fragility data input into RS model<br />
• How seismic risk is (in terms of CDF) quantified with RS<br />
The paper will describe how the extended uncertainty definition in RiskSpectrum can<br />
be used to perform uncertainty analysis. To facilitate the seismic analysis a new module<br />
is also being developed. The module will include representation of all necessary<br />
elements within a seismic analysis. This paper will also describe the ideas <strong>and</strong> methods<br />
for this new seismic module.<br />
5:00 PM<br />
Advanced Quantification Methods Applied to Seismic Risk<br />
Assessment<br />
Ken Canavan, Jeff Riley<br />
Electric Power Research Institute, Palo Alto, CA<br />
Until recently, one of the key limitations in a Seismic Probabilistic Risk Assessment<br />
(PRA) has been quantification of the seismic logic model itself. While the quantification<br />
or calculation of the model is similar to the calculations required for an internal-events<br />
PRA, the seismic assessments add unique challenges to the calculations of very large<br />
models.<br />
Over that last several years, enhancements to quantification tools <strong>and</strong> techniques<br />
to address each of these issues have been made. A significant enhancement has<br />
been the development of an advanced quantification method <strong>and</strong> associated tool (Advanced<br />
Min Cut Upper Bound Estimator (ACUBE)). Previous to the development of<br />
this method, the calculation of the plant risk was subject to conservatisms that could<br />
lead a plant to over-state the risk <strong>and</strong> thus inappropriately determining the significance<br />
of various plant systems, structures <strong>and</strong> components as well as plant configurations<br />
<strong>and</strong> operations.<br />
The advancement in the quantification methods allows for the effective removal of<br />
over- approximation for the dominant cutsets. The dominant cutsets typically contain<br />
the largest magnitude overstatement in the results. In addition, successive model runs<br />
can also establish event importance for the seismic model.<br />
29
30<br />
Session Chair: Mike Lloyd<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Monday March 14, 2011 - 3:45 PM - Salon B<br />
3:45 PM<br />
Risk Communication: A PRA in Your Pocket?<br />
Greg Krueger (a), Duane Wilson (b)<br />
a) Exelon, b) ERIN Engineering & Research, Inc., Walnut Creek, CA<br />
Today, PRA results are used in a wide variety of utility decision-making settings. One<br />
of the key challenges for the PRA community today is the communication <strong>and</strong> adoption<br />
of risk management principles within a utility organization. Unfortunately, in many<br />
cases, the underst<strong>and</strong>ing of PRA <strong>and</strong> PRA results is limited to the PRA organization.<br />
As the PRA has become a key input to utility <strong>and</strong> regulatory decision-making, there is<br />
an increasing need to exp<strong>and</strong> the level of underst<strong>and</strong>ing outside of the cubicles of the<br />
PRA engineers <strong>and</strong> into the broader utility organization. In order to help communicate<br />
risk results within the organization many utilities have adopted a four quadrant poster.<br />
Typically, these posters include information on initiating events, systems, <strong>and</strong> operator<br />
actions. While beneficial, these posters are static <strong>and</strong> leave much to the interpretation<br />
of the reader. Furthermore, while they do serve to raise the visibility of risk within<br />
the organization, they are often out-of-sight-out-of-mind <strong>and</strong> not available to support<br />
all levels of decision-making. Two utilities have embarked on an effort to deploy this<br />
information electronically, in order to facilitate more timely <strong>and</strong> complete communication<br />
of risk information across the utility organization. The vehicle for this is a mobile<br />
‘app’, Risk VisualizerTM. Risk VisualizerTM provides access to the PRA results poster,<br />
<strong>and</strong> more, on a real-time basis, in the palm of your h<strong>and</strong> via a Smart Phone or other<br />
mobile device. To date, it has been successfully deployed on Blackberry, iPhone, <strong>and</strong><br />
iPad devices to support use across the entire utility organization. This will allow all<br />
organizations to have access to the information on dem<strong>and</strong>, as well as more detailed<br />
data <strong>and</strong> explanations of the data. (Presentation Only)<br />
4:10 PM<br />
PSA Insights of the New Nuclear Power Plants<br />
Andrija Volkanovski<br />
Ljubljana, Slovenia<br />
PSA Knowledge Management - 2<br />
Four designs of generation III+ pressurized water reactors were analyzed in the framework<br />
of the project entitled “Safety characteristics of potential reactors for JEK 2”. The<br />
project was done at the Reactor Engineering Division of the Jožef Stefan Institute for<br />
the Slovenian utility. The analyzed designs selected as potential designs for construction<br />
of the second unit at the Krško Nuclear Power Plant are: Westinghouse AP1000,<br />
AREVA EPR, Mitsubishi APWR <strong>and</strong> ATMEA1 from AREVA <strong>and</strong> Mitsubishi.<br />
The goal of the project was identification <strong>and</strong> description of the safety characteristics<br />
of analyzed reactor designs. The identification of safety characteristics was based on<br />
description of the structures, systems, components <strong>and</strong> their integral performance<br />
given in the design documentation of the vendors. The identification was supported<br />
by the review of the safety analyses including the Probabilistic Safety Assessment<br />
(PSA) organized according to the classifications of the U.S. Nuclear Regulatory Commission.<br />
The paper presents results of the review of the PSA section of the Final Safety Analysis<br />
Report of the corresponding designs. The obtained results include identification<br />
<strong>and</strong> description of the usage of PSA in design phase for the decrease of the risk<br />
measures <strong>and</strong> elimination of the significant risk contributors. The obtained results for<br />
the risk indices, namely the core damage frequency <strong>and</strong> large release frequency are<br />
identified <strong>and</strong> compared against each other <strong>and</strong> against requirements of the regulator.<br />
The comparison with the currently operating nuclear power plants is done <strong>and</strong> the<br />
major contributors to the decrease of the risk indices are identified.<br />
4:35 PM<br />
Development of Entergy Fleet PSA Guidance Documents for<br />
Model Development<br />
Loys Bedell <strong>and</strong> John Bretti<br />
Entergy Services Inc., Jackson, MS<br />
Entergy Nuclear is a large diverse nuclear fleet that consists of nine nuclear sites <strong>and</strong><br />
two regional headquarters offices. The PSA models for these plants were generally developed<br />
<strong>and</strong> maintained separately until the early 2000’s. Therefore, much of the organizational<br />
learning <strong>and</strong> best practices from one site were not implemented at another<br />
site due to time constraints, plant dem<strong>and</strong>s, lack of communication, or lack of expertise.<br />
In 2007, Entergy Nuclear management requested that guidelines be developed to<br />
st<strong>and</strong>ardize PSA processes <strong>and</strong> to better address the requirements of the ASME PSA<br />
St<strong>and</strong>ard. Twelve guidelines were scheduled to be developed. These guides were<br />
based on the nine major Full Power Internal Events (FPIE) ASME St<strong>and</strong>ard elements<br />
with additional guidelines for Loss of Offsite Power analyses, Risk Monitor development,<br />
<strong>and</strong> Uncertainty Analysis. The majority of these guidelines were scheduled to<br />
be completed by the end of 2008. These guidelines had to be developed while still<br />
meeting the model update schedules, IPEC License Renewal, <strong>and</strong> various plant PSA<br />
applications. In addition to the compressed schedule for developing these guidelines,<br />
the completion of these reports were complicated by other factors. The amount of<br />
detail necessary for the guidelines was a significant challenge. More detail would likely<br />
force some plants to make major changes to the models or the documentation with<br />
unacceptable impacts on model update schedules. However, some amount of detail<br />
is necessary to help new PSA engineers in performing these tasks. The PSA software<br />
tools were generally consistent across the sites (all sites use CAFTA for fault tree<br />
modeling). However, other methodologies <strong>and</strong> tools varied throughout the fleet. These<br />
variations are acceptable within the ASME St<strong>and</strong>ard <strong>and</strong> had to be accounted for in the<br />
guidelines. Despite the compressed schedule <strong>and</strong> the significant challenges <strong>and</strong> compromises<br />
necessary, the PSA guidelines were able to be completed <strong>and</strong> have been<br />
useful to both the experienced <strong>and</strong> new PSA engineers across the Entergy Nuclear<br />
fleet. The guideline development has also fostered more cooperation between the two<br />
regional offices <strong>and</strong> has led to more discussions <strong>and</strong> sharing of information across<br />
the fleet.
Session Chair: Richard Turcotte<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Monday March 14, 2011 - 3:45 PM - Carolina<br />
3:45 PM<br />
Methodology for Parsing Cumulative Rupture Frequencies for<br />
Internal Flood Initiators<br />
Robert J. Wolfgang<br />
ERIN Engineering <strong>and</strong> Research, Inc., West Chester, PA<br />
EPRI data for pipe rupture frequencies published in 2006 subdivided the flooding flow<br />
rates into three major categories, namely sprays (< 100 gpm), general floods (between<br />
100 <strong>and</strong> 2000 gpm), <strong>and</strong> major floods (> 2000 gpm). For large capacity water<br />
systems, it was customary to assign the maximum flooding flow rate to the major<br />
flooding frequencies. However, this was overly conservative in that it did not recognize<br />
that a range of equivalent break sizes (EBS) were possible that could give rise to<br />
much lower flow rates. The revised EPRI pipe rupture frequencies developed in 2010<br />
propose a methodology to parse the rupture frequency for pipe ruptures of varying<br />
sizes that give rise to corresponding flow rates, which in essence subdivide the categories<br />
into any desired range of flow rates. For example, the rupture frequencies for<br />
a given break size or larger are presented in the 2010 EPRI report, <strong>and</strong> can be parsed<br />
to represent a particular frequency or likelihood for a given range of break sizes, <strong>and</strong><br />
hence range of flow rates. The methodology presented in this paper was applied to<br />
the Fire Protection system at a particular nuclear plant in order to provide three ranges<br />
for major flooding flow rates in order to provide a greater opportunity for isolation <strong>and</strong><br />
mitigation response instead of assuming the maximum flow rate for a single rupture<br />
frequency, which tends to minimize the time available for mitigation.<br />
4:10 PM<br />
A Method to Identify <strong>and</strong> Calculate the Frequency of High Energy<br />
Line Break-Induced Flooding Events<br />
Raymond Dremel, Russell Sharpe, Todd Reichardt (a), Jayne Ritter, Dave<br />
Malek (b)<br />
a) Maracor Software & Engineering, Inc., Batavia, IL, b) Xcel Energy, Prairie Isl<strong>and</strong> Nuclear Plant, Welch,<br />
MN<br />
In a qualification to supporting requirement (SR) IFSN-A6 of ASME/ANS RA-Sa-2009,<br />
Regulatory Guide 1.200, Revision 2 states that the effects of high energy line breaks<br />
be considered in flooding analyses in order to meet Capability Category II. An evaluation<br />
of the turbine building at the Prairie Isl<strong>and</strong> Nuclear Generating Plant (PINGP)<br />
identified the potential for break in a high energy line to impact another system <strong>and</strong><br />
initiate flooding from a source in addition to the system that experienced the initial<br />
break. Because high-energy line break-induced flooding was being Authors’ names,<br />
use et al. if more than 3 <strong>Page</strong> 2 of 6 considered in the significance determination<br />
process (SDP), there was a need to determine an initiating event frequency for these<br />
HELB-induced floods so that their impact on core damage frequency (CDF) could be<br />
assessed. Little documentation of factors affecting HELB-induced flooding events was<br />
available <strong>and</strong> data to support any numerical evaluations of initiating event frequency<br />
was even more sparse than the other documentation. Because hundreds of potential<br />
interactions between high energy lines <strong>and</strong> lines with the potential to cause significant<br />
flooding existed, detailed evaluations such as finite element analyses for each potential<br />
interaction were impractical. Therefore, it was necessary to develop a method to<br />
identify potential HELB-induced flooding events, determine potential flooding effects<br />
from each event, <strong>and</strong> quantify frequency for each event. This paper details the method<br />
used to develop <strong>and</strong> quantify the HELB-induced floods for events in the PINGP turbine<br />
building. The method used a set of assumptions that, when taken as a group, result<br />
in a consistent <strong>and</strong> easily reproducible method. The method can be used to limit the<br />
high energy piping that must be considered as contributing to HELB-induced floods<br />
<strong>and</strong> gives a basis for eliminating the need for detailed stress or finite element analyses<br />
of high energy pipe. This method provides a reasonable estimate for HELB-induced<br />
flooding initiating events consistent with the qualification of Regulatory Guide 1.200<br />
to use conservative assumptions. The method makes use of the latest published pipe<br />
break data from the Electric Power Research Institute (EPRI)<br />
Flooding PSA - 2<br />
4:35 PM<br />
Effects of Alternative Leak Detection Methods on Internal<br />
Flooding Initiating Event Frequencies in Flooding PSA<br />
Russell Sharpe<br />
Maracor Software & Engineering, Inc., Louisville, TN<br />
It is not unusual for the initial quantification of an internal flooding PSA to result in<br />
sequences that offer an unreasonably high contribution to the overall core damage<br />
frequency. Typically, such sequences are analyzed further <strong>and</strong> conservatisms are removed.<br />
Such analysis might include replacing HEP screening values with detailed<br />
HRA values, applying directional factors to spray events, or performing detailed flow<br />
calculations to obtain a less conservative picture of flood propagation. If such analysis<br />
still does not provide reasonable results, leak detection methods may be credited.<br />
The most well-known methods of leak detection include non-destructive examination<br />
(NDE) <strong>and</strong> system leak surveillance. Non-destructive examination typically involves<br />
ultrasonic testing of pipe walls to detect hidden flaws in the piping material. The frequency<br />
of such NDE can vary but is commonly performed every 10 years. System leak<br />
surveillance programs usually involve visual examination of the piping for leaks. It is<br />
important to note that visual examination in the context of this paper includes actual<br />
inspection of the piping itself <strong>and</strong> not simply a search for pools of water on the floor<br />
due to a leaking pipe. The frequency of such leak surveillance can vary, but typically<br />
more credit is awarded as the frequency increases. For service water <strong>and</strong> fire protection<br />
system piping, crediting such alternative leak detection methods typically results<br />
in an order-of-magnitude reduction in the initiating event frequency <strong>and</strong>, therefore, the<br />
CDF contribution. For some very large pipe breaks the reduction can be two orders of<br />
magnitude. The application of such leak detection factors eliminates conservatism <strong>and</strong><br />
results in a more realistic result.<br />
5:00 PM<br />
Enhanced Piping Reliability Models for Use in Internal Flooding<br />
PSA<br />
Bengt Lydell (a), Ali Mosleh, <strong>and</strong> Danielle Chrun (b)<br />
a) Sc<strong>and</strong>power Inc., Houston, TX, b) University of Maryl<strong>and</strong>, ENGR-Mechanical Engineering, College<br />
Park, MD<br />
The likelihood of a pipe flaw propagating to a significant structural failure (SF) is expressed<br />
by the conditional failure probability pSF|DC where “DC” represents degraded<br />
condition. With no service data available to support a direct statistical estimation of the<br />
conditional probability the assessment can be based on probabilistic fracture mechanics<br />
(PFM), expert judgment, or a combination of service data insights, expert judgment<br />
<strong>and</strong> PFM. Different PFM algorithms have been developed, but with a focus on fatigue<br />
growth <strong>and</strong> stress corrosion cracking. There remain issues of dispute with respect<br />
to reconciliation of results obtained through statistical estimation versus the physical<br />
models of PFM, however. Results from studies to benchmark PFM calculations against<br />
field experience have shown PFM computer codes to over-predict pipe failure rates<br />
by more than an order magnitude relative to statistical estimates of field experience<br />
data. In general, the results obtained with PFM computer codes are quite sensitive<br />
to assumptions about weld residual stresses, crack growth rates, <strong>and</strong> correlations of<br />
crack initiation times <strong>and</strong> growth rates. In earlier applications a simple Beta distribution<br />
formulation has been used to estimate the conditional probability of flood modes. The<br />
main issue with assuming a prior Beta distribution is the estimation of its parameters.<br />
Several “constrained” approaches have been proposed. Methods to determine the<br />
parameters of the prior Beta distribution include: the method of moments, the PERT<br />
approach or the Pearson-Tukey approach. In the absence of data, non-informative<br />
priors appear to be a straightforward solution. However, there is often a good knowledge<br />
on one constraint, such as the mean probability. The approach described in this<br />
paper is the use of a constrained non-informative prior. This approach seems to be<br />
especially relevant to situations where limited failure data are available to assess the<br />
probability that a structural failure occurs, given a degraded condition. In the Pearson-<br />
Tukey approach a subject matter expert (SME) is asked to provide the 5th, 50th, 95th<br />
percentiles (noted C05, C50 <strong>and</strong> C95, respectively) <strong>and</strong> these statistical estimates are<br />
used to determine the parameters of a Beta prior distribution. Included in this paper are<br />
the results from practical applications of the Pearson-Tukey approach to estimating<br />
conditional flood modes for Service Water piping.<br />
31
32<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 8:00 AM - Gr<strong>and</strong> Ballroom<br />
Plenary Session II<br />
George Apostolakis - US NRC Commissioner<br />
The Honorable George Apostolakis was sworn in as a Commissioner<br />
of the U.S. Nuclear Regulatory Commission (NRC) on April 23, 2010, to a term ending on<br />
June 30, 2014.<br />
Dr. Apostolakis has had a distinguished career as an engineer, professor <strong>and</strong> risk analyst.<br />
Before joining the NRC, he was the Korea Electric Power Corporation professor of Nuclear<br />
Science <strong>and</strong> Engineering <strong>and</strong> a professor of Engineering Systems at the Massachusetts<br />
Institute of Technology. He was also a member <strong>and</strong> former chairman of the statutory Advisory<br />
Committee on Reactor Safeguards of the NRC.<br />
In 2007, Dr. Apostolakis was elected to the National Academy of Engineering for “innovations<br />
in the theory <strong>and</strong> practice of probabilistic risk assessment <strong>and</strong> risk management.” He has<br />
served as the Editor-in-Chief of the International Journal Reliability Engineering <strong>and</strong> System<br />
Safety <strong>and</strong> is the founder of the International <strong>Conferences</strong> on Probabilistic Safety Assessment<br />
<strong>and</strong> Management. He received the Tommy Thompson Award for his contributions to improvement<br />
of reactor safety in 1999 <strong>and</strong> the Arthur Holly Compton Award in Education in 2005 from the American Nuclear<br />
Society.<br />
Dr. Apostolakis has published more than 120 papers in technical journals <strong>and</strong> has made numerous presentations at<br />
national <strong>and</strong> international conferences. His research interests include the use of Probabilistic Risk Assessment (PRA) in<br />
reactor design; uncertainty analysis; decision analysis; infrastructure security; risk-informed <strong>and</strong> performance-based regulation;<br />
human reliability; <strong>and</strong> risk management involving multiple stakeholders. He has edited or co-edited eight books <strong>and</strong><br />
conference proceedings <strong>and</strong> has participated in many PRA courses <strong>and</strong> reviews.<br />
Dr. Apostolakis received his diploma in electrical engineering from the National Technical University in Athens, Greece in<br />
1969. He earned a master’s degree in engineering science from the California Institute of Technology in 1970 <strong>and</strong> a Ph.D.<br />
in engineering science <strong>and</strong> applied mathematics in 1973, both from the California Institute of Technology.
Session Chair: Bill Burchill<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 9:00 AM - Azalea<br />
9:00 AM<br />
A Probabilistic Physics of Failure Approach to Prediction of<br />
Steam Generator Tube Rupture Frequency<br />
Kaushik Chatterjee <strong>and</strong> Mohammad Modarres<br />
Center for Risk <strong>and</strong> Reliability, Department of Mechanical Engineering, University of Maryl<strong>and</strong> College<br />
Park, PA<br />
In probabilistic safety assessments of pressurized water reactors, it is imperative to<br />
assess the potential <strong>and</strong> frequency of steam generator tube rupture failures. Estimation<br />
of frequency of steam generator tube ruptures has traditionally been based on<br />
historical occurrences, which are not applicable to new designs of steam generators<br />
with different geometries, material properties, degradation mechanisms <strong>and</strong> thermalhydraulic<br />
behaviors. This paper presents a new probabilistic mechanistic-based approach<br />
for estimating steam generator tube rupture frequencies that is based on the<br />
principle that failure of passive systems is governed by degradation or unfavorable<br />
conditions created through the underlying operating conditions <strong>and</strong> underlying mechanical,<br />
electrical, thermal, <strong>and</strong> chemical processes. As opposed to using the historical<br />
data for reliability prediction, the developed probabilistic physics-offailure based<br />
approach identifies, probabilistically models, <strong>and</strong> simulates potential degradations in<br />
new <strong>and</strong> existing steam generator designs to assess degradation versus time, until<br />
such degradation exceeds a known endurance limit. An example application of proposed<br />
probabilistic physics-of-failure based reliability prediction approach has been<br />
presented for a new design of steam generators consisting of helical tubes <strong>and</strong> more<br />
advanced tube material. The developed probabilistic physics-of-failure based approach<br />
when combined with probabilistic safety assessment techniques can provide<br />
an effective tool for the evaluation of safety <strong>and</strong> reliability of steam generators, particularly<br />
new steam generator designs used in advanced reactors.<br />
Passive Reliability - 2<br />
9:25 AM<br />
Passive System Accident Scenario Analysis by Simulation<br />
Francesco Di Maio (a), Enrico Zio (a,b), Tao Liu <strong>and</strong> Jiejuan Tong (c)<br />
a) Energy Department, Politecnico di Milano, Milano, Italy, b) Ecole Centrale Paris <strong>and</strong> Supelec, Chatenay-Malabry<br />
Cedex, France, c) Institute of Nuclear <strong>and</strong> New Energy Technology, INET<br />
Tsinghua University, Beijing, China<br />
In this paper, a simulation framework of analysis is presented aiming at evaluating the<br />
safety performance of the Residual Heat Removal system (RHRs) of the Chinese High<br />
Temperature Gas- Cooled Reactor – Pebble Bed Modular (HTR-PM) under uncertain<br />
operation conditions, <strong>and</strong> components <strong>and</strong> equipments failures. A transparent <strong>and</strong> fast<br />
model of the passive system has been implemented in MATLAB to reproduce the<br />
three-interconnected natural circulation trains of the RHRs, for removing the residual<br />
heat of the reactor core after a reactor shut-down. The model is characterized by<br />
a one-dimensional mono-phase moving fluid, whose operation is based on thermalhydraulic<br />
(T-H) principles. The model is coded into a Monte Carlo (MC) failure engine<br />
for sampling single <strong>and</strong> multiple components faults at r<strong>and</strong>om times <strong>and</strong> of r<strong>and</strong>om<br />
magnitudes. Accidental transients of the system are simulated, highlighting equipment<br />
contribution to system failure.<br />
33
34<br />
Session Chair: Paul Amico<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 9:00 AM - Camellia/Dogwood<br />
9:00 AM<br />
Development of a Generation Risk Assessment Model for a<br />
Fossil-Fueled Power Station<br />
Thomas A. Morgan (a), Wayne Crawford <strong>and</strong> Frank Rahn (b)<br />
a) Maracor Software & Engineering, Inc., Middletown, MD, b) Electric Power Research Institute, Palo<br />
Also, CA<br />
Generation Risk Assessment (GRA) has been used at several US nuclear power<br />
plants to estimate the frequency of a plant shutdown or power reduction due to equipment<br />
failures or plant configuration changes. A GRA model would also be of value to<br />
fossil-fueled stations by identifying key contributors to plant unreliability <strong>and</strong> can assist<br />
maintenance planning by highlighting inter-system relationships.<br />
A GRA model was developed for a coal-fired power station. EPRI’s Equipment Out of<br />
Service (EOOS) software was used to provide the user interface to the model. The<br />
likelihood of a plant shutdown or power reduction of greater than 10% within two hours<br />
of a failure or adverse plant configuration change was considered. About 25 systems<br />
were modeled, including steam cycle systems, coal h<strong>and</strong>ling systems, boiler systems,<br />
combustion air <strong>and</strong> ash h<strong>and</strong>ling systems, <strong>and</strong> various plant support systems.<br />
Simplified system models were developed, using generic failure estimates for major<br />
components. System interdependencies were modeled <strong>and</strong> plant conditions were<br />
considered that could affect operation (such as winter conditions, the quality of the<br />
coal, etc.). Status panel displays were developed to graphically display system/component<br />
status, <strong>and</strong> to provide an easy-to-use interface for staff to input component <strong>and</strong><br />
alignment status changes.<br />
The plant staff plans to use the GRA model to assist in the review of proposed maintenance<br />
work during daily planning meetings. The software’s graphical system status<br />
display will be helpful to the shift supervisor. Lastly, the tool can be used to assist in<br />
the training of new plant personnel.<br />
Non-Reactor PSA - 2<br />
9:25 AM<br />
Study of Risk Assessment Programs at Federal Agencies <strong>and</strong><br />
Commercial Industry Related to the Conduct or Regulation of<br />
High Hazard Operations<br />
Robert A. Bari (a), Samuel Rosenbloom <strong>and</strong> James O’Brien (b)<br />
a) Brookhaven National Laboratory, Upton, NY, b)U. S. Department of Energy, Washington, DC<br />
In the Department of Energy (DOE) Implementation Plan (IP) for Defense Nuclear<br />
Facilities Safety Board’s Recommendation 2009-1, the DOE committed to studying<br />
the use of quantitative risk assessment methodologies at government agencies <strong>and</strong><br />
industry. This study consisted of document reviews <strong>and</strong> interviews of senior management<br />
<strong>and</strong> risk assessment staff at six organizations. Data were collected <strong>and</strong> analyzed<br />
on risk assessment applications, risk assessment tools, <strong>and</strong> controls <strong>and</strong> infrastructure<br />
supporting the correct usage of risk assessment <strong>and</strong> risk management tools. The<br />
study found that the agencies were in different degrees of maturity in the use of risk<br />
assessment to support the analysis of high hazard operations <strong>and</strong> to support decisions<br />
related to these operations. Agencies did not share a simple, “one size fits all”<br />
approach to tools, controls, <strong>and</strong> infrastructure needs. The agencies recognized that<br />
flexibility was warranted to allow use of risk assessment tools in a manner that is commensurate<br />
with the complexity of the application. The study also found that, even with<br />
the lack of some data, agencies’ application of the risk analysis structured approach<br />
could provide useful insights such as potential system vulnerabilities. This study, in<br />
combination with a companion study of risk assessment programs in the DOE Offices<br />
involved in high hazard operations, is being used to determine the nature <strong>and</strong> type of<br />
controls <strong>and</strong> infrastructure needed to support risk assessments at the DOE.
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 9:00 AM - Magnolia<br />
Configuration Risk Management - 3<br />
Session Chair: Ross Anderson<br />
9:00 AM<br />
A Method of Implementing NEI (A)(4) Fire Risk Guidance<br />
Edward Parsley <strong>and</strong> Leo Shanley<br />
ERIN Engineering <strong>and</strong> Research, Inc., West Chester, PA<br />
Since November, 2000, Licensees have been using their Configuration Risk Management<br />
programs to meet federal regulation 10CFR 50.65(a)(4). These programs<br />
generally evaluate risk of internal events quantitatively with supporting qualitative assessments.<br />
Regarding External Event Risk, the NRC has stated that it would be acceptable<br />
for the industry to add only internal fire hazards to the (a)(4) program, <strong>and</strong><br />
can be accomplished by [generally] following the guidance provided by NEI in June<br />
2006. Although the guidance has not yet been endorsed by the NRC, NEI-sponsored<br />
pilot efforts have been undertaken to demonstrate possible methods. In general, the<br />
approach will be qualitative, which is consistent with the NEI guidance. One such<br />
pilot’s method for addressing fire risks in (a)(4) will utilize the plant’s fire PRA to focus<br />
attention <strong>and</strong> risk management actions to fire scenarios for which there is no mitigation<br />
available.<br />
This presentation discusses one such pilot’s method for addressing fire risks in (a)<br />
(4). The method utilizes the plant’s fire PRA to focus attention <strong>and</strong> risk management<br />
actions to fire scenarios for which there is no mitigation available. An overview of the<br />
equipment scoping methodology will be described, <strong>and</strong> will include discussion of issues<br />
encountered. Additionally, the presentation discusses items to consider when<br />
identifying Risk Management Actions for c<strong>and</strong>idate fire scenarios. Finally, the presentation<br />
highlights items to consider when implementing this approach with a risk<br />
monitor, with examples using the PARAGON software.<br />
9:25 AM<br />
On Crediting a 10CFR50.54(X) Proceduralized Operator Action<br />
in SONGS PRA Used for Maintenance Rule (A)(4) Risk Assessments<br />
Parviz Moieni, Michelle P. Carr, <strong>and</strong> Dean R. Goodwin<br />
Southern California Edison<br />
The purpose of this paper is to discuss an issue that was raised recently by the NRC<br />
residents at San Onofre Nuclear Generating Station (SONGS) with regard to crediting<br />
a 10CFR50.54(x) operator action in PRA used for Maintenance Rule (MR) (a)(4) risk<br />
assessments. The operator action is to manually cross-tie an emergency diesel generator<br />
(EDG) from one unit to the same train EDG of the other unit. The EDG manual<br />
cross-tie credit for the baseline PRA was not challenged because this is a feasible,<br />
proceduralized, <strong>and</strong> trained-on operator action. There were three key questions associated<br />
with this issue: 1) is the risk impact on the opposite unit assessed correctly, 2) is<br />
it clear in the EOIs that this is a last resort action, <strong>and</strong> 3) are there adequate risk management<br />
actions in place when an EDG is taken OOS? Following many discussions<br />
with the residents, the region SRAs, NRC headquarters’ PRA staff, other utilities, <strong>and</strong><br />
NEI, the use of EDG cross-tie for MR (a)(4) risk assessments remained acceptable<br />
given some procedural changes are made. These included addition of formalized risk<br />
management actions to the MR (a)(4) procedure <strong>and</strong> a note to the SBO EOI informing<br />
the operators that the preferred strategy for restoring AC power is from the switchyard<br />
or unit specific EDGs. The 10CFR50.54(x) EDG cross-tie action should be utilized after<br />
normal actions have been proven unsuccessful, or Safety Functions are challenged<br />
by being in danger of becoming not satisfied.<br />
35
36<br />
Session Chair: Raymond H Gallucci<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 9:00 AM - Salon A<br />
9:00 AM<br />
A Comparison of the MQH Method <strong>and</strong> CFAST for Scoping<br />
Fire Modeling<br />
Tom Elicson<br />
WorleyParsons Polestar, Inc., Hudson, OH<br />
The EPRI/NRC fire PRA methodology presented in NUREG/CR-6850 recommends<br />
using the method of McCaffrey, Quintiere, <strong>and</strong> Harkleroad (MQH) for hot gas layer<br />
Zone of Influence (ZOI) calculations as part of Task 8: Scoping Fire Modeling.<br />
Compared to measured temperatures for prototypical cable spreading room fires with<br />
a peak heat release rate of 1 MW (International Fire Model Benchmarking Exercise<br />
# 3, Tests 2 <strong>and</strong> 3), the MQH method shows errors relative to the measured gas<br />
temperatures from 47% to 1190%. In contrast, CFAST shows errors of less than 1%,<br />
which is within the exp<strong>and</strong>ed uncertainty of the temperature measurements.<br />
The MQH method deviation from experimental data increases as the room ventilation<br />
size decreases. Yet for totally enclosed rooms, NUREG/CR-6850 recommends using<br />
the MQH method with a 0.5” high leakage path. With this approach, the error relative<br />
to measured temperatures is 1190%.<br />
Benchmark results suggest that the MQH method is inadequate for predicting smoky<br />
layer temperatures for closed compartments as part of the fire PRA scoping fire modeling<br />
task. In contrast, CFAST provides reasonable predictions of gas temperature<br />
<strong>and</strong> appears to be a better choice for smoky layer ZOI scoping calculations.<br />
Fire PSA Methods - 2<br />
9:25 AM<br />
Development <strong>and</strong> Application of a Large Scale Fire Dynamics<br />
Simulator Model for BWR Reactor Building Fire Scenarios<br />
Jeffrey Miller<br />
Reliability & Safety Consulting Engineers, Inc. , Knoxville, TN<br />
To gain a more realistic evaluation of fire scenarios in a BWR reactor building, a sophisticated<br />
Fire Dynamics Simulator (FDS) model was created that would simulate as<br />
close as possible the actual building openings, passages, <strong>and</strong> structural features of<br />
the entire building. The result was a FDS model of approximately 40 meters (131 ft) in<br />
diameter <strong>and</strong> approximately 55 meters (180 ft) in height. From the completed model,<br />
various large fire scenarios were evaluated with significant result improvements from<br />
other more bounding estimations or other model simulations that only focused on portions<br />
of the building structure size. In addition to use on this project, the same FDS<br />
model can be utilized for other future scenario evaluations throughout the building<br />
structure in a very easy manner by adding a new fire source to the base building model<br />
<strong>and</strong> performing the evaluations. Data is captured through the use of FDS outputs as<br />
well as added outputs for temperatures at various building locations, <strong>and</strong> presented<br />
using graphical plots for easier, clearer underst<strong>and</strong>ing of estimated room temperatures<br />
<strong>and</strong> potential component impacts. While it is vital to capture details as close as possible<br />
to the actual structure <strong>and</strong> fire scenario being modeled, as well as to not make<br />
gross over assumptions, ever present resource limitations must be managed. Key<br />
model development efficiencies were gained by using a model construction approach<br />
similar to solid three dimensional CAD modeling rather than typical piece by piece<br />
FDS modeling. Model simulations were able to be made overnight with approximately<br />
twelve (12) hour run times while staying within the suggested FDS model grid size using<br />
an off the shelf multi-processor server style computer. Lessons learned <strong>and</strong> future<br />
work suggestions will also be discussed.
Session Chair: Earl <strong>Page</strong>, Ian Wall<br />
9:00 AM<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 9:00 AM - Salon B<br />
History of Nuclear PSA<br />
The two presentations in this session cover the history of development of probabilistic risk (safety) assessment (PRA or<br />
PSA) <strong>and</strong> its application to domestic US nuclear power plants. It actually begins before publication of WASH 1400, considered<br />
to be the birth of PRA, <strong>and</strong> continues through the early development <strong>and</strong> acceptance stages to the long saga of<br />
specific application to real power plant situations <strong>and</strong> regulatory application. Key milestones in policy <strong>and</strong> development are<br />
cited together with specific examples to help realistically portray this four decade story.<br />
37
38<br />
Session Chair: Parviz Moieni<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 9:00 AM - Carolina<br />
9:00 AM<br />
Simulator Use in Support of Human Reliability Analysis –<br />
Where do we st<strong>and</strong>?<br />
Vinh N. Dang<br />
OHSA/D16, Paul Scherrer Institut, Villigen, Switzerl<strong>and</strong><br />
Full-scope simulators are the primary means to observe operating crews responding<br />
to most of the major accident scenarios treated in the Probabilistic Safety Assessments<br />
of nuclear power plants. Worldwide, many plants operate plant-specific<br />
simulators, where they are an essential element of training. With regard to HRA, such<br />
simulators offer the means to conduct the walk-throughs of key operator actions as<br />
recommended in the THERP guidance (NUREG/CR-1278), <strong>and</strong> much more. They are<br />
frequently used to characterize the dem<strong>and</strong>s of the operators’ tasks, to estimate typical<br />
values of the time taken to perform tasks, <strong>and</strong> to determine the plant information<br />
available during the scenario evolution. Although some of this information is used as<br />
input to (some) HRA quantification methods, simulator observation remains primarily<br />
a support for qualitative analysis. This paper will examine the outlook <strong>and</strong> issues<br />
for more extended use of simulator studies <strong>and</strong> data for HRA. To what extent are<br />
the limitations inherent? Which sources of potential biases are of most concern <strong>and</strong><br />
what can be done about them? What are some features of a state-of-the-art simulator<br />
study methodology? The paper will draw on the broader results <strong>and</strong> implications recent<br />
efforts, in particular on the International HRA Empirical Study <strong>and</strong> the NEA CSNI<br />
WGRISK work related to HRA data (Nuclear Energy Agency, Committee on the Safety<br />
of Nuclear Installations, Working Group on Risk Assessment).<br />
Human Reliability Analysis - 2<br />
9:25 AM<br />
Human Error Probabilities Derived From German Operational<br />
Experience -Methodology <strong>and</strong> Results-<br />
Wolfgang Preischl<br />
Gesellschaft für Anlagen- und Reaktorsicherheit (GRS) mbH, Garching, Germany<br />
The results of German PSA studies for nuclear power plants <strong>and</strong> their uncertainties are<br />
considerably affected by the assessment of human reliability. According to the German<br />
PSA Guideline <strong>and</strong> its supplementary documents on PSA methods <strong>and</strong> data, databases<br />
containing data gained with the ASEP <strong>and</strong> THERP methodologies shall preferably<br />
be used to provide error probabilities for human actions. The amount of these data is<br />
too limited to evaluate all human actions considered in a modern state-of-the-art PSA<br />
adequately. The recommended data are not sufficiently validated <strong>and</strong> rely as well as<br />
the proposed uncertainty bounds on expert judgment.<br />
The paper summarizes the investigations of GRS on human performance data collection<br />
<strong>and</strong> data evaluation during the past three years. In order to derive human error<br />
probabilities from the available operational experience from reportable events occurred<br />
in German nuclear power plants almost 6000 events have been reviewed. More<br />
than 100 events with human errors have been screened out as potential c<strong>and</strong>idates for<br />
the application of the Bayesian methodology. The method of Bayes is widely accepted<br />
to calculate error rates <strong>and</strong> error probabilities of mechanical <strong>and</strong> electrical components<br />
based on the error frequencies observed within samples taken from operational experience.<br />
To get suitable samples describing human reliability it is necessary to know<br />
with sufficient accuracy the number of opportunities for an error, the number of errors<br />
really occurred <strong>and</strong> the relevant performance shaping factors. Approximately 50 % of<br />
the identified c<strong>and</strong>idates have been sufficiently reinvestigated <strong>and</strong> evaluated with the<br />
Bayesian methodology.<br />
The calculated probabilistic data are establishing the first human reliability database<br />
derived from the German operational experience. They have been used to validate<br />
recommended human error probabilities as well as to review predicted impact of performance<br />
shaping factors (e.g. ergonomic features or stress), to extend the amount<br />
of available data (e.g. activities out of main control room) <strong>and</strong> to get some preliminary<br />
data to cognitive tasks (e.g. to remember knowledge). Finally, the paper outlines the<br />
next steps of the ongoing project. All remaining c<strong>and</strong>idates will be evaluated <strong>and</strong> a new<br />
approach for using human performance experience from events below the reporting<br />
threshold will be developed <strong>and</strong> tested.
Session Chair: Bulent Alpay<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 10:05 AM - Azelea<br />
10:05 AM<br />
Reliability of the EPR Fuel Pool Cooling System Using a Dynamic<br />
Approach<br />
Marie Sordelet (a), Mohamed Hibti (b)<br />
a) EDF SEPTEN, Lyon, France, b) EDF R&D, Clamart, France<br />
One of the important issues for PSA analysis is to fully consider safety systems with<br />
their dynamic behaviour <strong>and</strong> the possibility to include operational properties <strong>and</strong> procedures.<br />
In the static traditional approach, it is not easy to introduce such dynamic<br />
phenomena in a the event tree model <strong>and</strong> one may need to use some dynamic framework<br />
to solve such problems. In this paper, we consider the Boolean Markov Driven<br />
Processes (BDMP) to model a safety system of a nuclear power plant. The main<br />
objective is to model functional dependencies, component recoveries, time dependant<br />
or conditional failures/recoveries <strong>and</strong> the possibility to use special congurations with \<br />
extra”-alignments. Thanks to a declarative knowledge based tool, these features can<br />
be embedded in such models in a compact form that may be instantiated in dierent<br />
ways with respect to the conguration or state of the system. Indeed, the BDMP<br />
framework allows to dene such dynamic models using a fault-tree like construction<br />
with interesting mathematical properties. In particular, the possibility to reduce the<br />
combinatorial explosion problems inherent to Markov models. This allows to quantify<br />
the models <strong>and</strong> get the dierent reliability measures in reasonable times. The dynamic<br />
approach oered by the BDMP is particularly useful to model very redundant systems<br />
such as FA3 EPR FCPS (Fuel Pool Cooling System). The FCPS consists in three<br />
trains: two identical main trains, each equipped with two pumps in parallel, <strong>and</strong> a<br />
third train, fully independent. The complexity of the dependencies between each line<br />
can only be apprehended by a dynamic model <strong>and</strong> the BDMP allows a more realistic<br />
approach to model accident scenarios. The BDMP model of the FCPS as well as the<br />
reliability results obtained are presented in this article.<br />
10:30 AM<br />
Data Processing Methodologies Applied to Dynamic PRA: an<br />
Overview<br />
Diego M<strong>and</strong>elli, Alper Yilmaz <strong>and</strong> Tunc Aldemir<br />
The Ohio State University<br />
The use of dynamic event trees (DETs) can serve as a powerful tool for the dynamic<br />
probabilistic risk assessment (DPRA) of nuclear power plants. The DETs have the<br />
capability to more accurately model the complex interactions <strong>and</strong> events which may<br />
occur during a transient. One of the challenges of DPRA through DETs is the management<br />
of the resulting very large data sets. Hence, the need for a methodology able<br />
to h<strong>and</strong>le high volumes of data in terms of both cardinality (due to the high number<br />
of uncertainties included in the analysis) <strong>and</strong> dimensionality (due to the complexity of<br />
systems) arises. Hierarchical <strong>and</strong> partitional clustering methodologies are compared<br />
<strong>and</strong> evaluated with regard to their potential to analyze large scenario datasets generated<br />
by DETs using several different data sets.<br />
Dynamic PSA - 1<br />
10:55 AM<br />
A Monte Carlo Algorithm for Dynamic PSA Based on the Concept<br />
of Stimulus<br />
A. Jourdain <strong>and</strong> P.E. Labeau<br />
Université Libre de Bruxelles (CP 165/84), Brussels, Belgium<br />
The theory of probabilistic dynamics (TPD) was first introduced in order to overcome<br />
some of the limitations of the classical PSA methodology, by incorporating the coupling<br />
between the deterministic evolution of the process variables <strong>and</strong> discrete stochastic<br />
transitions in the delineation process of accident sequences. The Stimulus-Driven<br />
Theory of Probabilistic Dynamics (SDTPD) enriches the TPD framework by modeling<br />
in a finer fashion the competing process defining the next branching in an event tree.<br />
Each possible next event is modeled as a two-stage process: first, a so-called stimulus<br />
must be activated, i.e. conditions necessary for the event to take place must be satisfied;<br />
then a delay must elapse before the actual event occurrence.<br />
An analog Monte Carlo game can easily be implemented to solve these problems.<br />
Yet it usually turns out to be inefficient, as rare scenarios with potentially high damage<br />
are not or insufficiently sampled. To tackle this issue, an innovative algorithm properly<br />
uses the outputs of a pre-simulation of the mother branch of the event tree <strong>and</strong> the<br />
SDTPD to sample more systematically various types of branching events out of this<br />
mother branch. Compared with a classical analog simulation, this new algorithm leads<br />
to a better identification of rare sequences <strong>and</strong> a more accu-rate estimation of their<br />
frequency. This method is illustrated on a pressurization transient in con-tainment. Different<br />
sampling methods of branching points along the mother branch are considered<br />
<strong>and</strong> their efficiency compared with that of the analog Monte Carlo game.<br />
39
40<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 10:05 AM - Camellia/Dogwood<br />
Next Generation Reactor PSA - 3<br />
Session Chair: Matthew Warner<br />
10:05 AM<br />
Containment Source Terms in SFR Accidents<br />
M. Umbel, A. Brunett <strong>and</strong> R. Denning<br />
The Ohio State University, Columbus, OH<br />
In order to support the demonstration of a risk-informed approach to the design optimization<br />
of an SFR, it was necessary to make realistic estimates of the consequences of<br />
severe accident scenarios. This paper describes the database <strong>and</strong> assumptions used<br />
to estimate the magnitude <strong>and</strong> characteristics of representative containment source<br />
terms for characteristic accident scenarios. The reference plant design is a 1,000 MWt<br />
pool-type design with metallic fuel. An integrated analysis tool comparable to MEL-<br />
COR does not exist for SFR accident scenario analysis that is capable of predicting<br />
radionuclide release <strong>and</strong> transport <strong>and</strong> the assessment of offsite doses. In order to<br />
perform the analysis of an entire sequence, it was necessary to write a computer<br />
code, RCS, that could examine the in-pool aspects of the release <strong>and</strong> transport of<br />
radionuclides. The offsite consequences for the different scenarios are presented in a<br />
companion paper that examines containment transport processes <strong>and</strong> environmental<br />
release.<br />
10:30 AM<br />
Containment Processes in Sodium-Cooled Fast Reactor Accidents<br />
A. Brunett, W. Wutzler <strong>and</strong> R. Denning<br />
Department of Nuclear Engineering, The Ohio State University, Columbus, OH<br />
In order to support the demonstration of a risk-informed approach to the design optimization<br />
of an SFR, it was necessary to make realistic estimates of the consequences<br />
of severe accident scenarios. This paper describes the containment transport, deposition<br />
<strong>and</strong> release to the environment of radionuclides escaping the sodium pool region<br />
in characteristic scenarios as calculated by the MELCOR code. The models used in<br />
the development of these containment source terms are described in a companion paper.<br />
The reference plant design is a 1,000 MWt pool-type design with metallic fuel <strong>and</strong><br />
a conventional dry containment. The offsite dose at one mile from the plant boundary<br />
is calculated using conservative meteorology for scenarios involving different modes<br />
of failure of the primary system <strong>and</strong> the containment system. For perspective, the conditional<br />
probability of early fatalities within one mile <strong>and</strong> latent cancer fatalities within<br />
ten miles was calculated with the MACCS code for each scenario. Comparisons are<br />
made with the NRC’s Quantitative Health Objectives.<br />
10:55 AM<br />
Risk-Informed Approach for Design of Korean Demonstration<br />
Fusion Reactors<br />
Gyunyoung Heo, Myoung-suk Kang (a), Young-seok Lee <strong>and</strong> Hyuck Jong<br />
Kim (b)<br />
a) Kyung Hee University, Yongin-si, Gyeonggi-do, South Korea, b) National Fusion Research Institute,<br />
Yusung-gu, Daejeon-si, South Korea<br />
The Korean fusion technology roadmap is aggressively pushing ahead the realization<br />
of a demonstrative-scale fusion power plant (FPP) around 2030. While many of the<br />
critical design parameters are not technically verified <strong>and</strong> the regulatory requirements<br />
are, therefore, not specified, it is generally agreed that engineering phases should be<br />
initiated to create a design framework <strong>and</strong> prioritize related R&D needs. For fusion<br />
technology to settle down as an industry, radiological safety should be guaranteed<br />
even though the risk from fusion reactors may not be as serious as that of the fissionbased<br />
power plants. On the other h<strong>and</strong>, excessively controlled regulation may delay<br />
commercialization <strong>and</strong> make generation cost higher. Conventionally the deterministic<br />
approach has been primarily utilized to evaluate nuclear safety. On the other h<strong>and</strong>,<br />
the application of the probabilistic approach is being emphasized for, particularly, advanced<br />
fission-based reactors. This technical trend should be applicable to FPPs. This<br />
study articulates the conceptual design of the Korean demonstration FPP under the<br />
framework of a risk-informed design. We aimed at (1) embracing uncertainties in selecting<br />
design parameters, (2) investigating the list of initiating events, <strong>and</strong> (3) evaluating<br />
design weaknesses. Due to technical status <strong>and</strong> the lack of available failure data,<br />
the qualitative aspect was focused. In this study the principles of axiomatic design<br />
were followed to setup a bare-bone FPP, <strong>and</strong> a risk-informed approach based on fault<br />
trees, event trees, <strong>and</strong> failure modes & effects analysis were conducted to determine<br />
the list of initiating events <strong>and</strong> scenarios.<br />
11:20 AM<br />
Partitioning of LOCA Initiating Event Frequencies to Support<br />
PRA Modeling of Debris-Induced Failure of Long Term Core<br />
Cooling Via Recirculation Sumps<br />
David S. Teolis, Heather L. Detar, Robert J. Lutz, Jr., <strong>and</strong> Rachel A. Solano<br />
Westinghouse Electric Company LLC, Cranberry Twp., PA<br />
Generic Safety Issue GSI-191 identified that the methodology used for assessing containment<br />
sump screen debris loading at Pressurized Water Reactor (PWR) nuclear<br />
power plants may not be conservative. All PWR licensees have been required to reassess<br />
their design basis for long term core cooling (LTCC) <strong>and</strong> make necessary<br />
modifications. NEI 04-07 provided a conservative methodology for assessing PWR<br />
sump screen performance <strong>and</strong> the impact on LTCC. These studies were acceptable<br />
for conservative design basis assessments; however, a probabilistic risk assessment<br />
(PRA) model was necessary to enable utilities to model the potential for debris-induced<br />
failure of LTCC <strong>and</strong> to allow for the determination of the risk significance of any nonconformances<br />
to their licensing basis. A probabilistic risk assessment model for debrisinduced<br />
LTCC was developed, as reported in WCAP-16882-NP Revision 1, based on<br />
the conservatisms, margins <strong>and</strong> uncertainties in the licensing basis methodology <strong>and</strong><br />
provides implementation guidance. Changes to the PRA are recommended prior to<br />
implementation of the debris-induced LTCC model to permit development of a model<br />
that more realistically represents the potential for failure of LTCC due to debris generation.<br />
A key part of the recommendations in the WCAP was to use decreasing failure<br />
probabilities for failure of LTCC as loss of coolant accident (LOCA) size decreases. A<br />
general exception to this guidance was made for those plants that have determined<br />
that some smaller breaks are within the limiting breaks assessed for the licensing basis.<br />
For example, some plants have a small line directly above the containment sump<br />
screens where transport of all of the debris generated by the break is highly likely. In<br />
such cases, a higher probability for failure of LTCC should be used for that portion<br />
of the small break initiating event frequency represented by the limiting pipe break<br />
location. A separate small break initiating event should be defined <strong>and</strong> assessed for<br />
that break location. No guidance was provided in the WCAP on how to partition the<br />
initiating event frequency (IEF). This paper discusses two methods that could potentially<br />
be used to partition the total IEF in such instances based on pipe dimensions.<br />
The first method is based on the assumption that the conditional probability of a break<br />
within a specific portion of pipe is proportional to the total length of pipe that a break<br />
could occur in. The second approach is based on a methodology, referred to as the<br />
“Thomas-approach”, which was developed several years ago in the United Kingdom to<br />
estimate the frequency of pipe leaks <strong>and</strong> catastrophic failures. An example is provided<br />
that demonstrates application of both methods <strong>and</strong> compares the results between the<br />
two methods. Extension of this partitioning approach to more general applications is<br />
also discussed for cases where it may be beneficial to partition LOCA IEFs based on<br />
the impact on mitigating equipment such as accumulators in legacy plants or passive<br />
safety systems in advanced plants.
Session Chair: James Liming<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 10:05 AM - Magnolia<br />
10:05 AM<br />
Methodology to Rank BOP Components at STP<br />
Fatma Yilmaz <strong>and</strong> Ernie Kee<br />
South Texas Project Electric Generating Station, Wadsworth, TX<br />
STP developed a categorization process to aid in communicating the overall importance<br />
of components. The components are ranked under Graded Quality Assurance<br />
(GQA) program with input from STP PRA model. The GQA program is approved by<br />
Nuclear Regulatory Commission (NRC) under 10CFR50.69. Components are also<br />
ranked under Plant Generation Risk (PGR) categorization process communicating<br />
components’ importance in supporting maximum electrical generation output. Categorization<br />
for both processes is performed by an Integrated Working Group. Currently,<br />
the Integrated Working Group uses heuristics for PGR ranking. This process can be<br />
improved by using the STP Balance of Plant Performance Predictor (BOPPP) model<br />
to provide ranking of the components it models (those that have a potential to lead<br />
to a power reduction event including turbine trip, manual shutdowns <strong>and</strong> reduced<br />
power operations) [1]. In this article, it is proposed to rank equipment modeled in STP<br />
BOPPP for PGR using the triggering event probabilities [2] <strong>and</strong> the consequence of a<br />
failure in terms of dollar amounts. The results of this ranking process has been used<br />
for creating a poster for the maintenance shop at STP. Results of this application are<br />
summarized for some components in production-critical systems.<br />
10:30 AM<br />
An Improved Generation Risk Assessment (GRA) Model Considering<br />
Degradation of Components in a Nuclear Plant<br />
M.I. Jyrkama <strong>and</strong> M.D. P<strong>and</strong>ey (a), S.M. Hess (b)<br />
a) Department of Civil <strong>and</strong> Environmental Engineering, University of Waterloo, Waterloo, Ontario, Canada,<br />
b) Electric Power Research Institute, West Chester, PA<br />
The objective of generation risk assessment (GRA) is to predict the potential economic<br />
losses from forced outages <strong>and</strong> derates due to equipment degradation <strong>and</strong><br />
failure. The primary challenge with the current GRA approach is the inability to model<br />
explicitly any temporal changes in the underlying parameters or processes, i.e., failure<br />
rates are assumed to be constant over time.<br />
This paper illustrates how time-dependent equipment reliability <strong>and</strong> availability information<br />
can be integrated with a system reliability model to quantitatively predict<br />
the generation risk associated with various operating <strong>and</strong> maintenance scenarios,<br />
including life extension <strong>and</strong> refurbishment. The analysis is performed in a st<strong>and</strong>ard<br />
spreadsheet based on the cut set output <strong>and</strong> basic event information from a fault tree<br />
program. The impact of aging degradation can be modeled separately for each component,<br />
assuming the events are independent. In order to capture the joint contribution<br />
of equipment failure <strong>and</strong> unavailability to generation risk, new risk-based importance<br />
measures are also developed based on the concept of net present value.<br />
The developed methodology is applied to the risk assessment of the main turbine/<br />
generator system at a nuclear station. The results of the study readily demonstrate<br />
the benefits <strong>and</strong> cost-savings realized from the integrated GRA methodology, <strong>and</strong><br />
also the resulting improvement in flexibility <strong>and</strong> long range stability of the budget for<br />
plant improvement.<br />
Generation Risk Assessment<br />
10:55 AM<br />
GRA Model Development at Bruce Power<br />
R. Parmar <strong>and</strong> K. Ngo (a), I. Cruchley (b)<br />
a) AMEC NSS Limited, Toronto, Ontario, Canada, b) Bruce Power, Tiverton, Ontario, Can<strong>and</strong>a<br />
In 2007, Bruce Power undertook a project, in partnership with AMEC NSS Limited, to<br />
develop a Generation Risk Assessment (GRA) model for its Bruce B Nuclear Generating<br />
Station. The model is intended to be used as a decision-making tool in support of<br />
plant operations. Bruce Power has recognized the strategic importance of GRA in the<br />
plant decision-making process <strong>and</strong> is currently implementing a pilot GRA application.<br />
The objective of this paper is to present the scope of the GRA model development<br />
project, methodology employed, <strong>and</strong> the results <strong>and</strong> path forward for the model implementation<br />
at Bruce Power. The required work was split into three phases. Phase 1<br />
involved development of GRA models for the twelve systems most important to electricity<br />
production. Ten systems were added to the model during each of the next two<br />
phases. The GRA model development process consists of developing system Failure<br />
Modes <strong>and</strong> Effects (FMEA) analyses to identify the components critical to the plant<br />
reliability <strong>and</strong> determine their impact on electricity production. The FMEAs were then<br />
used to develop the logic for system fault tree (FT) GRA models. The models were<br />
solved <strong>and</strong> post-processed to provide model outputs to the plant staff in a user-friendly<br />
format. The outputs consisted of the ranking of components based on their production<br />
impact expressed in terms of lost megawatt hours (LMWH). Another key model output<br />
was the estimation of the predicted Forced Loss Rate (FLR).<br />
41
42<br />
Session Chair: Marina L Röwekamp<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 10:05 AM - Salon A<br />
10:05 AM<br />
Post-Processing Franc Results to Determine Fire Risk Importance<br />
Measures <strong>and</strong> Uncertainty<br />
David Miskiewicz<br />
Progress Energy, Raleigh, NC<br />
FRANC is a software tool developed as part of the EPRI Risk <strong>and</strong> Reliability workstation<br />
for quantifying fire PRAs. It is a scenario based tool that computes conditional core<br />
damage probabilities (CCDP) for individual scenarios. The CCDPs can be combined<br />
with predetermined ignition frequencies <strong>and</strong> non-suppression probabilities to produce<br />
scenario core damage frequencies (CDF). The individual scenario results contain cutsets<br />
that use the same basic event names but with different values as determined by<br />
the sequence. For example, depending on the scenario, the same basic event can be<br />
set to 1.0 (failed), 0.6 (hot short induced spurious), or retain the base r<strong>and</strong>om failure<br />
probability. The cutsets may also use the same initiating event name although each<br />
scenario can have a unique frequency. These factors prevent the analyst from simply<br />
combining the scenario cutsets for evaluation. An additional software tool is needed to<br />
facilitate the combining of scenario results into a single cutset file such that the traditional<br />
CAFTA analysis tools can be used to determine various importance measures<br />
<strong>and</strong> uncertainty. A prototypical software tool has been developed for this purpose. This<br />
paper presents details of the issues <strong>and</strong> challenges for the PRA analyst, development<br />
<strong>and</strong> use of the software, <strong>and</strong> relevant findings.<br />
10:30 AM<br />
Progress Energy Fire PRA: Putting Our Tools to Work Use of<br />
Linked Databases in Development of the Progress Energy<br />
HNP Fire PRA<br />
Ricardo Davis-Zapata<br />
Progress Energy, Raleigh, NC<br />
For the pilot NFPA805 submittal for Harris Nuclear Plant, Progress Energy developed<br />
a set of linked database tools to bring together the data necessary to process the Fire<br />
PRA. This linked database method is being implemented with development of our<br />
subsequent Fire PRAs, providing consistency among the fleet for creation of the Fire<br />
PRAs as well as simplifying the process for future PRA updates. The linked database<br />
format is based on creating a series of tables, queries, <strong>and</strong> visual basic coding to link<br />
each of the Fire PRA data gathering tasks, Safe Shutdown Analysis, cable routing<br />
information, <strong>and</strong> the Fire PRA model.<br />
The linked database method is expected to facilitate many applications, including<br />
future updates to the Fire PRA. Updates to data can be as simple as adding new<br />
lines to the linked tables <strong>and</strong> re-running the associated queries. This also simplifies<br />
sensitivities, by allowing the data to be treated in aggregate as well as with individual<br />
modeling. Progress Energy’s utilization of the linked databases allows us to put our<br />
tools to work for us.<br />
Fire PSA Methods - 3<br />
10:55 AM<br />
Cooper Nuclear Station Fire Risk Evaluations – Insights <strong>and</strong><br />
Challenges<br />
Ole Olson (a), Stephen P Meyer (b), Jim Chapman (c)<br />
a) Nebraska Public Power District, Cooper Nuclear Station, Brownsville, NE, b) Scientech, Curtiss Wright<br />
Flow Control, Madison, OH, c) Scientech, Curtiss Wright Flow Control, Lake Mary, FL<br />
Cooper Nuclear Station (CNS) is a single unit BWR 4. A Fire PRA was developed, using<br />
guidance from NUREG/CR-6850, Frequently Asked Questions (FAQs) <strong>and</strong> recent<br />
EPRI technical evaluations, such as fire ignition frequency updates. The fire PRA was<br />
developed to support the NFPA 805 project <strong>and</strong> other risk informed initiatives. Detailed<br />
fire modeling, cable <strong>and</strong> circuit analysis <strong>and</strong> Human Reliability Analyses (HRA) were<br />
needed to achieve results which were not clearly extraordinarily conservative. The<br />
results achieved are believed to be conservative but a factor of 5 to 10; <strong>and</strong> there are<br />
plans to further refine the results as Industry <strong>and</strong> NRC research <strong>and</strong> development<br />
programs provide improved methods <strong>and</strong> data in areas including fire frequency, fire<br />
development <strong>and</strong> propagation, heat release rate <strong>and</strong> detection <strong>and</strong> suppression. Even<br />
though the results are conservative, the insights obtained are being successfully used<br />
to evaluate variances from deterministic requirements (VFDRs) <strong>and</strong> support identification<br />
<strong>and</strong> evaluation of potential safety enhancements.<br />
Each VFDR is evaluated using a risk informed approach which considers the calculated<br />
change in risk if the VFDR was eliminated, as measured by delta CDF <strong>and</strong> delta<br />
LERF <strong>and</strong> defense in depth <strong>and</strong> safety margin. The paper discusses the approach to<br />
evaluating VFDRs in the fire risk evaluations (FREs) using the fire PRA. For a sample<br />
of VFDRs critical aspects of the evaluation, such as reviewing the base case fire PRA<br />
for sufficiency for evaluating the VFDR case <strong>and</strong> the compliant case, changes needed<br />
<strong>and</strong> the insights <strong>and</strong> sensitivity of results to alternative assumptions or model refinements,<br />
where performed, will be provided. Finally the challenges in conducting the<br />
analyses, including lessons learned are provided.<br />
11:20 AM<br />
Summary of Fire PRA Development Activities at Kewaunee<br />
Power Station<br />
John Spaargaren (a), Francisco Joglar (b)<br />
a) Dominion Resources Services, Millstone Power Station, Waterford CT, b) SAIC, Mclean VA<br />
Kewaunee Power Station is currently transitioning to NFPA 805. This process includes<br />
the development of a Fire PRA. The fire PRA is currently in the final quantification<br />
stages of its development process. The Fire PRA has been developed following the<br />
guidance in NUREG/CR-6850 <strong>and</strong> subsequent supplemental material. The purpose of<br />
this paper is to describe the Fire PRA development activities including: 1. The use of<br />
the EPRI’s Fire Modeling Database. This topic includes description of the data collection<br />
process, the fire modeling analysis to complete key input fields in the database,<br />
<strong>and</strong> the development <strong>and</strong> automation of input tables to the FRANX software. 2. The<br />
description of the quantification process including treatment of single compartment,<br />
multi-compartment, main control room scenarios <strong>and</strong> individual fixed ignition source<br />
fire scenarios.
Session Chair: Doug True<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 10:05 AM - Salon B<br />
PSA Knowledge Management - 3<br />
10:05 AM<br />
Procedures <strong>and</strong> Tools Comparing PSA in the Frame of Periodic<br />
Safety Reviews<br />
Joachim Herb <strong>and</strong> Joachim von Linden<br />
Gesellschaft für Anlagen- und Reaktorsicherheit (GRS) mbH, Garching b. München, Germany<br />
Different procedures <strong>and</strong> tools have been developed by GRS for improving efficiency<br />
<strong>and</strong> comprehensibility of PSA review tasks. They are based on the database interface<br />
of a widely applied PSA software tool using SQL queries <strong>and</strong> the scripting language<br />
Ruby. Changes in fault <strong>and</strong> event trees are identified <strong>and</strong> presented as “difference<br />
graphs” by drawing an overlay of the fault/event trees of the different versions <strong>and</strong><br />
flagging the differences. It is also possible to trace the influence of changes of a specified<br />
fault tree to all corresponding TOP-gates, to the affected function events <strong>and</strong><br />
event trees. For a given fault tree an “exp<strong>and</strong>ed” view can be created consisting of all<br />
fault trees connected to it by transfer gates either “upwards” to all affected TOP-gates<br />
or “downwards” to the basic events. Another feature of the GRS tools is the merging<br />
of data from different sources such as specifications of basic events (e.g. failure rates,<br />
test intervals, repair times). For quantifying the changes in the core damage frequency<br />
(CDF) between different versions of a PSA the quantitative differences are split up in<br />
contributions by the changes of the initiating event frequencies, changes in the modeling<br />
of fault trees <strong>and</strong> event trees respectively, as well as changes in the reliability data<br />
for the basic events.<br />
10:30 AM<br />
Using a Modern PRA Documentation System to Facilitate Review<br />
Ola Bäckström, Wei Wang <strong>and</strong> Johan Sörman (a), Andrea Maioli (b)<br />
a) Sc<strong>and</strong>power - Lloyds Register, Sundbyberg, Sweden, b) Westinghouse Electric Company LLC, Cranberry<br />
Township, PA<br />
The PRA documentation is written to make the PRA traceable <strong>and</strong> underst<strong>and</strong>able.<br />
The documentation is normally very comprehensive, since it shall cover several different<br />
purposes. The main purpose is that the study shall be possible to underst<strong>and</strong><br />
<strong>and</strong> reproduce.<br />
A review, <strong>and</strong> especially a peer review process, shall make sure that the study meets<br />
some defined criteria. It can be a tedious task to verify that the requirements are met<br />
due to that the verification of a specific task may be spread over several documents.<br />
A review is also normally done with restrictions in time. Therefore, due to the comprehensiveness,<br />
the limitations in time <strong>and</strong> the need to focus on the correct things – the<br />
existing PRA documentation should be improved to facilitate PRA review.<br />
This paper proposes a dynamic PRA documentation <strong>and</strong> presents features <strong>and</strong> advantages<br />
of the new system, <strong>and</strong> discusses how it can help in PRA review.<br />
43
44<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 10:05 AM - Carolina<br />
Human Reliability Analysis - 3<br />
Session Chair: Luca Podolfillini<br />
10:05 AM<br />
Pre-Initiator HRA using the PRA St<strong>and</strong>ard<br />
Joshua Beckton, Barbara Baron, Stephen Nass (a), William Etzel <strong>and</strong> Jason<br />
Hall (b)<br />
a) Westinghouse Electric Company LLC, Cranberry Township, PA, b) First Energy Nuclear Operating<br />
Company, Shippingport, PA<br />
Pre-initiator Human Failure Events (HFEs) occur when an operator fails to return<br />
equipment to its Normal System Alignment (NSA) during calibration, maintenance, or<br />
test activities. Pre-initiator HFEs result in the unavailability of equipment/functions included<br />
in the Probabilistic Risk Assessment (PRA). There are two types of pre-initiator<br />
HFEs: (1) instrument miscalibrations <strong>and</strong> (2) system/train misalignments following<br />
maintenance or test activities. Human Reliability Analysis (HRA) is used to determine<br />
the pre-initiator Human Error Probabilities (HEPs). This paper presents a method <strong>and</strong><br />
assumptions applied to identify HFEs <strong>and</strong> quantify pre-initiator HEPs for the Beaver<br />
Valley Power Station, a Westinghouse Electric Company LLC designed plant with two<br />
units, which occur during maintenance or test activities. The method of identifying<br />
potential misalignments to be included in the PRA as pre-initiator HFEs involved a<br />
process of assigning each PRA component manipulation from the maintenance or test<br />
activity to a category representing a specific criterion. Pre-initiator HFEs that occur<br />
due to instrument miscalibrations are addressed in common cause failure rates [1].<br />
The method considers the supporting requirements included in the ASME/ANS PRA<br />
St<strong>and</strong>ard [2]. The Technique for Human Error Rate Prediction (THERP), as included in<br />
the EPRI HRA Calculator, Version 4.1.1 [3] is used to quantify the pre-initiator HEPs.<br />
The results show that when the method is applied to identify pre-initiator HFEs for<br />
each unit, a similar number of HFEs are identified for each unit. 12 pre-initiator HFEs<br />
were identified for Unit 1, <strong>and</strong> 13 pre-initiator HFEs were identified for Unit 2. The<br />
HEPs ranged between 3.80E-06 <strong>and</strong> 1.30E-03 for Unit 1 <strong>and</strong> between 2.00E-07 to<br />
1.30E-03 for Unit 2. Per NUREG-1792 [4], pre-initiator HEPs should typically fall between<br />
1.00E-02 <strong>and</strong> 1.00E-05, <strong>and</strong> HEPs outside that range should be justified. Further<br />
review of the application indicated that when using the THERP as included in the<br />
EPRI HRA Calculator, HEPs that were outside of the typical range involved infrequent<br />
tests (i.e., 18 months) with frequent position verification checks (i.e., monthly). The<br />
difference between these two intervals results in relatively few chances for misaligning<br />
equipment with a far greater number of opportunities to identify the misalignment <strong>and</strong><br />
minimize the duration. Thus, the low HEPs were justified.<br />
10:30 AM<br />
Post-initiator Human Reliability Analysis <strong>and</strong> Documentation<br />
Approach for Atypical Accident Scenarios<br />
Charlene Greene, Raymond J. Dremel (a), Jayne Ritter & Dave Malek (b)<br />
a) Maracor Software <strong>and</strong> Engineering, Maple Valley, WA, b) Prairie Isl<strong>and</strong> Nuclear Generating Plant,<br />
Welch, MN<br />
A significance determination process (SDP) evaluation of turbine building flooding for<br />
Unit 1 <strong>and</strong> Unit 2 at the Prairie Isl<strong>and</strong> Nuclear Generating Plant (PINGP) identified the<br />
need to perform a detailed post-initiator human reliability analysis (HRA) for actions<br />
that are anticipated to be taken as a result of pipe breaks in the turbine building that<br />
would cause a reactor trip <strong>and</strong> also cause a failure of the plant equipment required<br />
to mitigate the event. Three broad categories of human failure events were created:<br />
flooding events resulting from r<strong>and</strong>om pipe breaks, flooding events resulting from<br />
high energy line break (HELB) interactions with other plant systems, <strong>and</strong> seismicallyinduced<br />
dual unit flooding events. Documentation is essential in the creation of any<br />
human failure event (HFE), however when modeling highly unusual situations, the<br />
documentation is often as important as the numerical value obtained. Further, communication<br />
between the main control room (MCR) operators <strong>and</strong> the turbine building<br />
operators is essential to the successful outcome for many of the flooding scenarios<br />
analyzed. Because this communication affects a specific response, it is an important<br />
consideration when ensuring the HFE reflects the as-operated plant. Finally, assessing<br />
each HFE for reasonableness within categories of events as well as a comparison<br />
of events across categories is a useful check to ensure the human error probabilities<br />
(HEP) generated are reasonable, given the context. This paper will discuss a documentation<br />
approach used to analyze atypical accident scenarios, identify considerations<br />
for ensuring that the HFE reflects the as-operated plant, <strong>and</strong> present insights<br />
from interviews with control room personnel, turbine building operators, training, <strong>and</strong><br />
security.<br />
10:55 AM<br />
Calculation of Human Error Probabilities for Initiating Event<br />
Fault Trees<br />
Loys Bedell<br />
Entergy Services Inc., Jackson, MS<br />
As the Probabilistic Risk Assessment technology grows <strong>and</strong> the uses for the technology<br />
increase, the ability to calculate the likelihood of support system initiating events<br />
has become a more important <strong>and</strong> more detailed. One of the issues in developing detailed<br />
initiating event fault trees is the calculation of human error probabilities. Detailed<br />
initiating event fault trees generally include operator actions for aligning redundant<br />
equipment to prevent an automatic or manual reactor scram. Initiating event-related<br />
interactions, the so-called Type B human errors, have not been explicitly addressed<br />
in most human error techniques. This paper discusses the use of post-initiator human<br />
error techniques for calculating the Type B human errors developed for the River<br />
Bend support system initiating event fault trees. Similar to the post-initiator event, the<br />
operator actions to prevent an initiating event will be evaluated based on the cues<br />
that indicate a problem, the available procedural guidance, <strong>and</strong> other performance<br />
shaping factors. However, some of the performance shaping factors may not be applicable<br />
to Type B actions. The stress from the accident mitigation will generally not<br />
be present for these support system initiating events. In many instances, the plant will<br />
be trending various performance measures, such as increases in pump vibration or<br />
gradual degradation in heat exchanger performance that will result in a swap from one<br />
train to another. This paper will review some of the similarities <strong>and</strong> differences in the<br />
performance shaping factors for post-accident events <strong>and</strong> provides some insight into<br />
how the post-accident HRA techniques can be applied with caution to develop the human<br />
error probabilities for initiating event fault trees. Entergy Nuclear is a large diverse<br />
nuclear fleet that consists of nine nuclear sites <strong>and</strong> two regional headquarters offices.<br />
The PSA models for these plants were generally developed <strong>and</strong> maintained separately<br />
until the early 2000’s. Therefore, much of the organizational learning <strong>and</strong> best practices<br />
from one site were not implemented at another site due to time constraints, plant<br />
dem<strong>and</strong>s, lack of communication, or lack of expertise.<br />
11:20 AM<br />
Re-Writing Fire Response Procedures to Reduce Fire Response<br />
Human Failure Event Probabilities<br />
Thomas J. Asmus<br />
EPM Inc., Risk Solutions Division, Hudson, WI<br />
Fire response procedures describe what actions an operator may need to perform in<br />
order to ensure a credited path exists for safe shutdown. These procedures are not<br />
typically written to mimic existing Emergency Operating Procedures (EOP) <strong>and</strong> may<br />
be written as a guidance document. In many cases, the equipment that is credited for<br />
the safe shutdown path in fire areas is not listed along with instrumentation that may be<br />
needed in order to confirm proper equipment operation. Actions contained within the<br />
procedure are also not ordered such that time sensitive actions may not be performed<br />
before other actions that have a much longer time frame. With these shortcomings in<br />
mind, calculation of an acceptable fire response Human Failure Event (HFE) is very<br />
challenging<br />
A method to remove these shortcomings is to re-write the fire response procedures<br />
into a format with which operators are more familiar. Fire response procedures can<br />
be re-written to mimic the current Pressurized Water Reactor two column format such<br />
that these documents can then be used to supply cues <strong>and</strong> definitive instructions as<br />
to what actions to perform to reduce the impact of fire induced failures, or to recover<br />
failed equipment. Instrumentation can also be specified so operators will know what<br />
instruments may be available for diagnosis <strong>and</strong> recovery. The equipment that is credited<br />
to satisfy the various safe shutdown functions such as Reactor Coolant System<br />
(RCS) Inventory Control, or AC power can be listed. The needed operator actions can<br />
also be ordered such that time critical actions are performed first. Recovery steps can<br />
also be provided to ensure equipment is operating correctly after performance of a fire<br />
response action.
Session Chair: Pierre-Etienne Labeau<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 1:30 PM - Azalea<br />
1:30 PM<br />
An Approach to Validation of Dynamic PRA Methods against<br />
Past Events<br />
Kaspar Kööp (a), Yury Vorobyev (b), Pavel Kudinov (b)<br />
a) Division of Nuclear Power Safety, Royal Institute of Technology, Stockholm, Sweden, b) Department of<br />
Nuclear Power Plants, Moscow Power Engineering Institute, Russia<br />
The paper is concerned with the validation of the deterministic/probabilistic risk assessment<br />
tools. Specifically we address validation of Genetic Algorithm (GA) based<br />
Dynamic Probabilistic Risk Analysis (DPRA). GA-DPRA is developed for exploration<br />
of the plant scenario space with the goal to identify failure domains in which at least<br />
one of the safety limits is violated. GA-DPRA approach is based on the combination of<br />
(i) a deterministic system code for modeling of the plant transients, (ii) GA for solution<br />
of the global optimization problem on identification of the failure domains <strong>and</strong> (iii) importance<br />
sampling (IS) method for probabilistic characterization of the identified failure<br />
domains. Straightforward validation of the GA-DPRA approach in terms of comparison<br />
of probabilistic characteristics of the failure domains against a reality is impossible<br />
because of the rareness of the adequate plant data in abnormal behaviors.<br />
In order to increase confidence in the GA-DPRA analysis results we propose a hierarchical,<br />
separate effect approach to verification <strong>and</strong> validation of the GA-DPRA. At the<br />
first level each component of the GA-DPRA (deterministic code, GA, IS) are verified<br />
<strong>and</strong> validated separately. At the second level we propose to validate coupled GA-<br />
DPRA on the base of analysis of the past plant events. Main idea of such validation is<br />
to check if past events which have happen in the existing plants can be identified by<br />
GA-DPRA in the process of exploration of the plant scenarios space. As a benchmark<br />
case for validation of the GA-DPRA we propose to use data from high power oscillations<br />
event occurred in the Oskarshamn-2 nuclear power plant in 1999 (O2-99). This<br />
event was a result of complex interaction between plant physics (BWR instability),<br />
control logic, <strong>and</strong> operator actions. The first step in the validation process is optimization<br />
of the uncertain parameters in the RELAP5 system code input model. At this<br />
step a combination of uncertain plant parameters is selected by solving optimization<br />
problem to minimize discrepancy between available plant transient data <strong>and</strong> system<br />
code predictions. At the second step GA-DPRA is used to find O2-99 type scenarios<br />
in the plant events space. Each free parameter forming the event space (e.g. closing/<br />
opening of the valves, start/stop/reduction of the pump flow, partial/full scram, etc.) is<br />
characterized by a certain time window within which changes of the parameter can<br />
occur. Results of the validation <strong>and</strong> an approach to selection of the fitness function for<br />
guiding global optimum search process towards scenarios of safety importance are<br />
discussed in the paper. (Presentation Only)<br />
1:55 PM<br />
Bayesian Network Representing System Dynamics in Risk<br />
Analysis of Nuclear Systems<br />
Athi Varuttamaseni, John C. Lee (a), Robert W. Youngblood (b)<br />
a) Department of Nuclear Engineering <strong>and</strong> Radiological Sciences, University of Michigan, Ann Arbor, MI,<br />
b) Idaho National Laboratory, Idaho Falls, ID<br />
Conventional probabilistic risk assessment using fault trees (FTs) <strong>and</strong> event trees<br />
(ETs) is inefficient when dealing with systems having more than two states <strong>and</strong> with<br />
scenarios where the timing of the event is critical. A Markov approach can be applied<br />
to cases in which the FT/ET structure proves inadequate, but as the number of<br />
components grows, the number of system states grows exponentially. This paper proposes<br />
the use of a dynamic Bayesian network (DBN) as an alternative to Markov chain<br />
analysis. The DBN uses conditional independence to simplify the factorization of the<br />
system joint probability function, leading to a problem that can be analyzed piecewise<br />
instead of globally. We demonstrate the use of the DBN by analyzing a feed <strong>and</strong> bleed<br />
procedure in a nuclear power plant.<br />
Dynamic PSA - 2<br />
2:20 PM<br />
Development <strong>and</strong> Application of a Genetic Algorithm Based<br />
Dynamic PRA Methodology to Plant Vulnerability Search<br />
Yury Vorobyev (a), Pavel Kudinov (b)<br />
a) Department of Nuclear Power Plants, Moscow Power Engineering Institute Krasokazarmennaya, 14,<br />
111250, Moscow, Russia, b) Division of Nuclear Power Safety, Royal Institute of Technology, Sweden<br />
The paper describes recent achievements in development <strong>and</strong> application of the Dynamic<br />
Probabilistic Risk Analysis (DPRA) methodology based on the Genetic Algorithm<br />
(GA). The aim of the GA-DPRA approach is to enable identification of safety<br />
vulnerabilities <strong>and</strong> quantification of accident risks related to operation of nuclear power<br />
plants (NPP). The approach combines a system code as a deterministic model of the<br />
plant <strong>and</strong> a GA search engine for the exploration of the plant scenarios space. A point<br />
in this space represents a scenario (transient) which is defined by unique combination<br />
of initial plant state <strong>and</strong> time dependent sequence of changes in the plant state<br />
parameters implemented in the system code input. The GA-DPRA is used to address<br />
two main types of safety analysis problems: (i) identification of a “worst case” scenario<br />
with most severe violation of safety limits (failure of safety barriers); (ii) identification<br />
of “failure domains” (sub-domains in the space of plant scenarios where at least one<br />
of the safety limits (barriers) is violated). Safety critical parameters (safety limits) are<br />
used by GA as fitness functions to guide selection of the system code input parameters<br />
in process of the global optimum search. The GA controls selection of system code<br />
input parameters within predefined diapasons <strong>and</strong> time windows. Unlike “brute force”<br />
approaches or Monte Carlo type methods the GA-DPRA is much less dem<strong>and</strong>ing to<br />
computational resources due to intelligent <strong>and</strong> adaptive resolution in the exploration<br />
of the plant scenarios space. Stochastic properties of GA <strong>and</strong> Importance Sampling<br />
technique are applied to estimate probabilistic characteristics of the identified vulnerabilities.<br />
Solutions of benchmark problems <strong>and</strong> comparison with other methods are<br />
discussed in the paper.<br />
2:45 PM<br />
Hybrid Fault Tree Markov Chain (HFT-MC) Probabilistic Risk<br />
Assessment Methodology with Application<br />
Mohammad Pourgol-Mohammad (a), Kamran Sepanloo (b), <strong>and</strong> Kaveh Karimi<br />
(c)<br />
a) FM Global, Norwood, MA, USA, b) AEOI, Vienna Office, Vienna, Austria, c) Science <strong>and</strong> Research<br />
Branch, Islamic Azad University, Tehran, Iran<br />
The Hybrid Fault Tree-Markov Chain (HFT-MC) methodologies is developed in framework<br />
of dynamic <strong>and</strong> hybrid PRA methods as new generation of the probabilistic risk<br />
assessment methodologies. An overall description of proposed hybrid fault tree (FT)/<br />
continuous time Markov chain methodology is given with an application example for<br />
demonstration of methodology on the steps, assumptions <strong>and</strong> the results. HFT-MC<br />
is a localized dynamics methodology for assessment of the temporal behavior of the<br />
safety-critical systems in case of an accident e.g., anticipated Loss of Coolant Accident<br />
(LOCA). The fault tree is used for localized component/subcomponent failure rate<br />
estimation assessment. Markov chain, coupled by the results from fault tree for each<br />
node, provides overall unavailability/dependability estimation of the system over the<br />
time for either repairable or non-repairable system. The methodology has capability to<br />
consider common cause failure, <strong>and</strong> effect of operators. The methodology is applied to<br />
simulation of emergency power system of the Bushehr nuclear power plant with combined<br />
construction of two different design technologies (Western KWU PWR design<br />
<strong>and</strong> Russian WWER PWR design).<br />
45
46<br />
Session Chair: Jonathan Li<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 1:30 PM - Camellia/Dogwood<br />
Next Generation Reactor PSA - 4<br />
1:30 PM<br />
Reliability Analysis of 2400 Mwth Gas-Cooled Fast Reactor<br />
Natural Circulation Decay Heat Removal System<br />
M. Marquès, C. Bassi (a), F. Bentivoglio (b)<br />
a) CEA, DEN, SESI, Cadarache, Saint-Paul-lez-Durance, France, b) CEA, DEN, SSTH, Grenoble,<br />
France<br />
In support to a PSA performed at the design level on the 2400 MWth Gas-cooled<br />
Fast Reactor, the functional reliability of the decay heat removal system working in<br />
natural circulation has been estimated in two transient situations corresponding to an<br />
“aggravated” Loss of Flow Accident (LOFA) <strong>and</strong> a Loss of Coolant Accident (LOCA).<br />
The reliability analysis was based on the RMPS methodology. Reliability <strong>and</strong> global<br />
sensitivity analyses use uncertainty propagation by Monte Carlo techniques. The results<br />
obtained on the reliability of the DHR system <strong>and</strong> on the most important input<br />
parameters are very different from one scenario to the other showing the necessity for<br />
the PSA to perform specific reliability analysis of the passive system for each considered<br />
scenario. The analysis shows that the DHR system working in natural circulation<br />
is a very reliable system in case of LOFA situations even when only one DHR loop is<br />
available. On the other h<strong>and</strong>, its reliability has to be improved in LOCA situations. This<br />
analysis shows the way to make this improvement in specifying the main uncertainties,<br />
which could to be reduced.<br />
1:55 PM<br />
Options for Defining Large Release Frequency for Applications<br />
to the Level-2 PRA <strong>and</strong> Licensing of SMRS<br />
Mohammad Modarres (a), Mark Leonard (b), Kent Welter, Jason Pottorf (c)<br />
a) University of Maryl<strong>and</strong>, Center for Risk <strong>and</strong> Reliability, College Park, MD, b) Dycoda, LLC, Los Lunas,<br />
NM, c) NuScale Power, Inc., Corvallis, OR<br />
Large release frequency (LRF) is used in Probabilistic Risk Assessments (PRAs) as<br />
a risk metric for advanced LWR Design Certification (DC) <strong>and</strong> Combined Construction<br />
<strong>and</strong> Operating License (COL) applications. While the Commission requested the<br />
Nuclear Regulatory Commission (NRC) staff to provide a definition of LRF, in SECY-<br />
93-138 the Staff recommended to the Commission that work on a definition be terminated.<br />
As a result, the definitions of LRF in the Design Control Document (DCD) <strong>and</strong><br />
COL applications of advanced Light Water Reactors (LWRs) differ to varying degrees.<br />
In the absence of a unique regulatory definition for LRF, the Small Modular Reactors<br />
(SMRs), including NuScale’s PRA <strong>and</strong> DCD, must define <strong>and</strong> adopt one. The purpose<br />
of this paper is to highlight possible options for LRF measures along with the pros <strong>and</strong><br />
cons of each. The paper will propose one of such options for consideration. The most<br />
challenging part of LRF definition is to describe what is meant by “large” to measure<br />
the scale of release. There are three possible bases for describing the scale of release:<br />
number of fatalities, amount of radionuclide release, or state <strong>and</strong> integrity of the<br />
reactor pressure boundary <strong>and</strong> containment at the time of release. These options will<br />
be discussed in this paper.<br />
2:20 PM<br />
Achievement of the Level 1 PSA in Support to the CEA 2400<br />
MWTH Gas-Cooled Fast Reactor<br />
M. BALMAIN (a), C. BASSI, P. AZRIA (b)<br />
a) EDF R&D Division, Industrial Risks Management Department, Clamart, FRANCE, b) CEA, Nuclear<br />
Energy Directorate, Reactor Studies Department, Innovative Systems Service CEA, Saint-Paul-Lez-<br />
Durance, FRANCE<br />
Within Generation IV International Forum, the CEA has developed since 2006 a Level<br />
1 PSA to support the design of the 2400 MWth GFR. A first period, with insights published<br />
in 2008, consisted in a model with few initiators representative of medium <strong>and</strong><br />
high pressure situations, those used for the deterministic design of the Decay Heat<br />
Removal dedicated loops. In a second period, an iterative work reached the probabilistic<br />
targets used for generation III reactors, with prior use of normal loops, <strong>and</strong><br />
increase of DHR reliability in high pressure conditions. The PSA team covered all<br />
the internal initiators, <strong>and</strong> supported the design of components with instrumentation<br />
<strong>and</strong> control <strong>and</strong> electrical supplies, <strong>and</strong> the shutdown operating modes of secondary,<br />
tertiary circuits, with possible re-alignment to dedicated DHR loops. Besides, the completed<br />
PSA integrated more realistic success criteria than the preliminary model <strong>and</strong><br />
than the deterministic approach, thanks to CATHARE2 code. In case of loss of Forced<br />
Convection, the probability of success of the Natural Convection DHR was assessed<br />
by a reliability method for passive systems. The paper underlines the PSA methodology<br />
knowledge from the EdF expertise, the improvements co-developed with CEA,<br />
<strong>and</strong> the iteration design-PSA-design.<br />
2:45 PM<br />
U.S. Regulatory Lessons Learned from New Nuclear Power<br />
Plant Applications on Evaluating Degraded Voltage Protection<br />
Robert G. Fitzpatrick, Ronaldo V. Jenkins, Malcolm D. Patterson, <strong>and</strong> Nicholas<br />
T. Saltos<br />
United States Nuclear Regulatory Commission, Rockville, Maryl<strong>and</strong><br />
This paper addresses one of the lessons learned from regulatory review of applications<br />
for new nuclear power plants. It discusses U.S. regulations <strong>and</strong> implementing<br />
guidance related to applications for a design certification (DC) or a combined operating<br />
license (COL). Regulations require applicants for a design certification to perform<br />
a design-specific probabilistic risk analysis (PRA). Applicants for a COL must have a<br />
plant-specific PRA. Each application must include a description of the associated PRA<br />
<strong>and</strong> its results. This paper describes a method used to assess the safety significance<br />
of degraded grid voltage <strong>and</strong> to confirm that a particular passive design meets General<br />
Design Criterion 17, “Electric power systems.” The staff of the Nuclear Regulatory<br />
Commission (NRC) used insights from the PRA to evaluate the effects of degraded<br />
grid voltage. The PRA insights provided by the applicant, deterministic considerations,<br />
<strong>and</strong> the evaluation of safety issues under degraded voltage conditions are discussed<br />
in the context of new reactors. The paper also discusses some of the technical issues<br />
that the NRC staff has encountered in reviewing recent applications <strong>and</strong> the staff’s<br />
need for additional information to make appropriate safety determinations.
Session Chair: Shan Chien<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 1:30 PM - Magnolia<br />
1:30 PM<br />
Dynamical <strong>and</strong> Hierarchical Criticality Matrixes-Based analysis<br />
of Power Grid Safety<br />
Eugene Brezhnev (a), Vyacheslav Kharchenko (b), Alex<strong>and</strong>r Siora (c), Vladimir<br />
Sklyar (b)<br />
a) National Aerospace University KhAI, Kharkiv, Ukraine, b) Centre for Safety Infrastructure Oriented<br />
Research <strong>and</strong> Analysis, National Aerospace University KhAI, Kharkiv, Ukraine, c) Research <strong>and</strong> Production<br />
Company Radiy, Kirovograd, Ukraine<br />
This paper presents the technique for the power grid safety assessment based on<br />
accident risk-analysis by use of the dynamical <strong>and</strong> hierarchical criticality matrixes<br />
(D&HCM). The technique is founded on principles suggested for the power grid safety<br />
assessment. The basic tool is Failure Modes, Effects <strong>and</strong> Criticality Analysis (FMECA)<br />
supplemented with changes in procedure according to the features of safety assessment<br />
process. The power grid safety assessment model is presented as a graph of<br />
criticality with edges connecting the nodes corresponding with subsystems of next<br />
higher <strong>and</strong> lower levels. The nodes are described by criticality matrixes. The changes<br />
of subsystems’ failures criticality during the power grid operation are the results of<br />
sequential changes of subsystems’ states (transition to state of nonoperability) or the<br />
changes of failures probabilities caused by influence of the operational environment<br />
or factor of time (physical or automaton time). This approach suggests considering the<br />
interaction <strong>and</strong> mutual influence among subsystems which results to multiple failures,<br />
change of the criticality <strong>and</strong> risk values. In this way the capacities of FMECA-based<br />
safety assessment may be exp<strong>and</strong>ed. The accident in Sayano–Shushenskaya hydroelectric<br />
power station was investigated on dynamical <strong>and</strong> hierarchical criticality<br />
matrixes-based analysis.<br />
1:55 PM<br />
Towards an Integrated Probabilistic Analysis of the Blackout<br />
Risk in Transmission Power Systems<br />
Pierre Henneaux, Pierre-Etienne Labeau, Jean-Claude Maun<br />
Service de Métrologie Nucléaire, Service Beams-Energy, Université Libre de Bruxelles, Brussels, Belgium<br />
In our modern society, the electrical grid has become one of the most critical infrastructures.<br />
Even if feedback from the electrical sector is very positive, electricity generation<br />
<strong>and</strong> transmission cannot be considered as totally reliable activities. A residual blackout<br />
risk remains, especially as new ways of generating electricity <strong>and</strong> operating the<br />
grid develop. To study the grid reliability, deterministic criteria are usually considered.<br />
Probabilistic risk assessment methods have also been developed, but they usually<br />
neglect the dependencies between failures <strong>and</strong> the dynamic evolution of the grid in the<br />
course of a transient: yet a blackout is due to cascading failures in the grid. There is a<br />
strong coupling between events, since the loss of an element increases the stress on<br />
others <strong>and</strong>, hence, their probability to fail. Our purpose is therefore to develop an integrated<br />
probabilistic approach to blackout analysis, capable of h<strong>and</strong>ling the dynamic<br />
response of the grid to stochastic initiating perturbations <strong>and</strong> the event sequences<br />
they possibly entail. This approach is adapted from dynamic reliability methodologies,<br />
by accounting for the different characteristic times <strong>and</strong> processes of different cascading<br />
phases leading to a blackout. This paper focuses on the modeling adopted for the<br />
first phase, ruled by thermal transients. The goal is to identify dangerous cascading<br />
scenarios (possibly leading to a blackout) <strong>and</strong> calculate their frequency. A Monte Carlo<br />
code derived from this methodology is validated on a test grid. Some dangerous scenarios<br />
are presented <strong>and</strong> their frequency calculated by this method is compared with<br />
the classical estimation.<br />
Grid Reliability<br />
2:20 PM<br />
Probabilistic Risk Assessment of a Transmission <strong>and</strong> Distribution<br />
System<br />
Frank Rahn, Jeff Riley (a), Alan Ross (b)<br />
a) Jean-Francois Roy, <strong>and</strong> Alex<strong>and</strong>er Bonilla, Electric Power Research Institute, Palo Also, CA, b) Consultant,<br />
Pleasanton, CA<br />
Probabilistic Risk Assessment (PRA) tools <strong>and</strong> modeling techniques can be used to<br />
evaluate a wide variety of complex systems <strong>and</strong> facilities. This paper presents an application<br />
of PRA techniques to an electric transmission <strong>and</strong> distribution system. The<br />
work focuses on the reliability of a small utility system <strong>and</strong> examines the probability of<br />
loss of system-wide service, as well loss of power to critical facilities. The evaluation is<br />
both qualitative <strong>and</strong> quantitative in nature.<br />
The work was originally motivated by an unfortunate event that caused a complete<br />
city-wide blackout that lasted approximately 12 hours <strong>and</strong> was close to exceeding the<br />
coping time of vital services, such as fire water. The outage also resulted in a high<br />
economic loss.<br />
For this project, the EPRI CAFTA software tool was used to examine the fault trees<br />
representing the transmission system. Also modeled were the underground transmission<br />
cables feeding a central substation that was configured in a breaker <strong>and</strong> a half arrangement,<br />
<strong>and</strong> a transmission system that encircled the service area. The evaluation<br />
also considered other risks including earthquakes, flooding, gas pipeline ruptures, <strong>and</strong><br />
aircraft crashes that could disrupt the system.<br />
2:45 PM<br />
Reliability Forecasting Modeling for Distribution System Infrastructure<br />
Decisions<br />
Shan (Sam) H. Chien, Zoilo S. Roldan, Roger J. Lee<br />
Southern California Edison Company, Santa Ana, CA<br />
Transmission <strong>and</strong> distribution (T&D) infrastructure is aging in electric utilities throughout<br />
the U.S. as indicated by upward trends in average equipment ages. There are significant<br />
implications ahead in system reliability <strong>and</strong> customer service. The magnitude<br />
of these future challenges can only be revealed by probabilistic reliability modeling.<br />
Such models have been developed to forecast future distribution system reliability<br />
<strong>and</strong> to evaluate the value of various asset management strategies. Three key insights<br />
which would be of value to reliability practitioners in the area of distribution system<br />
asset <strong>and</strong> reliability management are 1) the underst<strong>and</strong>ing that the systems are aging<br />
<strong>and</strong> declining in reliability, 2) the appreciation that there are major benefits from<br />
developing reliability models, <strong>and</strong> 3) the underst<strong>and</strong>ing that there are many levels of<br />
reliability modeling complexity, all of which are useful.<br />
47
48<br />
Session Chair: David N Miskiewicz<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 1:30 PM - Salon A<br />
1:30 PM<br />
Achieving Realism in Fire PRA: Insights <strong>and</strong> Challenges based<br />
on Fire Damage States <strong>and</strong> Associated Frequencies<br />
James R Chapman<br />
Scientech, Lake Mary, Florida<br />
About half the US fleet has developed or is developing fire PRAs to support NFPA 805<br />
licensing basis transition. These fire PRAs, or adapted versions of these fire PRAs,<br />
can also support other risk informed applications, such as risk informed completion<br />
times. Many other units are also developing fire PRAs for risk informed applications<br />
other than NFPA -805. The Fire PRAs have been or are being developed using guidance<br />
from NUREG/CR-6850, Industry Frequently Asked Questions (FAQs) <strong>and</strong> recent<br />
EPRI technical evaluations, such as fire ignition frequency updates. Many of these<br />
fire PRAs have used detailed fire modeling, cable <strong>and</strong> circuit analysis <strong>and</strong> Human<br />
Reliability analyses (HRA) to improve the calculated results. However, even with such<br />
detailed analyses, the calculated results are believed to be conservative by a factor<br />
in the range of 5 to 10 (or perhaps higher) overall. This belief is based on comparison<br />
of calculated results, such as the frequency of fire damage states to operating experience,<br />
as provided by the NRC’s Accident Sequence Precursor (ASP) program. This<br />
paper will discuss the results of a comparison of calculated fire damage state frequencies,<br />
at the cumulative level, <strong>and</strong> associated consequences in terms of damage level<br />
(at the conditional core damage probability level <strong>and</strong> availability of mitigating systems<br />
<strong>and</strong> actions level) to actual industry experience. The comparison is based on calculated<br />
results for several US units. This comparison provides additional evidence that the<br />
calculated results overall are conservative because the calculated frequencies of fire<br />
scenarios leading to the failure of safety significant equipment are too high. Industry<br />
<strong>and</strong> NRC have plans to provide improved methods <strong>and</strong> data in technical areas including<br />
fire frequency, fire development <strong>and</strong> propagation, heat release rate <strong>and</strong> detection<br />
<strong>and</strong> suppression. Comparison to operating experience needs to be considered when<br />
benchmarking the integrated effect of changes in methods <strong>and</strong> data intended to refine<br />
the conservative results presently being developed <strong>and</strong> when making decisions on<br />
plant changes. (Presentation Only)<br />
1:55 PM<br />
Collective Insights from NFPA-805 Fire PRAs <strong>and</strong> Related Fire<br />
Risk Evaluations<br />
Edward Simbles <strong>and</strong> Usama Farradj<br />
ERIN Engineering, Inc., Walnut Creek, CA<br />
Completion of a series of Fire Probabilistic Risk Assessments (FPRAs) for NFPA 805<br />
transitioning plants has provided insights with respect to the fire PRA methodology as<br />
defined by NUREG/CR-6850 as well as insights with respect to contributors to plant<br />
fire risk <strong>and</strong> modifications identified for addressing these risks. The Fire Risk Evaluation<br />
(FRE) methodology for calculation of the risk of variances from deterministic<br />
requirements (VFDRs) <strong>and</strong> risk of recovery actions is also addressed. Insights associated<br />
with the FRE process, methodology <strong>and</strong> the impact of FREs as opposed to overall<br />
fire risk on decisions regarding plant modifications are addressed. The methods of<br />
defining the compliant plant condition for the plant including alternative shutdown fire<br />
areas (e.g., control room, cable spreading room) are discussed. Based on the insights<br />
identified, recommendations for refinements in NUREG/CR-6850 methodologies <strong>and</strong><br />
FRE process requirements <strong>and</strong> methodologies are proposed. (Presentation Only)<br />
Fire PSA Methods - 4<br />
2:20 PM<br />
How Immature <strong>and</strong> Overly Conservative is Fire PRA? - A Comparison<br />
of Early Vs. Contemporary Fire PRAS <strong>and</strong> Methods<br />
Raymond H.V. Gallucci<br />
U.S. Nuclear Regulatory Commission (NRC), Washington, D.C.<br />
There is a prevailing cognition, at least among an apparently significant portion of the<br />
commercial nuclear power industry, that the current methods available for fire PRAs<br />
are still relatively immature, at least when compared to internal events PRA methods,<br />
<strong>and</strong> produce overly conservative predictions of risk (core damage frequency [CDF]<br />
<strong>and</strong> large early release frequency [LERF]). This paper compares “conservatism” issues<br />
from the “early” era of fire PRA to contemporary issues to answer three questions:<br />
Is fire PRA conservative? Is it immature? Is it too conservative?<br />
2:45 PM<br />
Fire Modeling in PSA with EdF/EPRI Magic Code<br />
Isabel Viniegra, Mariano J. Fiol, Miguel Á. Celaya<br />
IBERDROLA, Ingeniería y Construcción, Madrid, Spain<br />
The MAGIC software is a fire simulation code developed <strong>and</strong> maintained by EdF <strong>and</strong><br />
sponsored by EPRI. It uses a typical two homogeneous zones model where the solution<br />
of the mass <strong>and</strong> energy balances accumulated on each zone, together with the<br />
ideal gas law <strong>and</strong> equation of heat conduction into the walls, results in the environmental<br />
conditions generated by the fire. Several rooms <strong>and</strong> their interactions can be<br />
modeled, including doors opening, hatches, forced or natural ventilation, sprinkler actuation<br />
<strong>and</strong> trigger of some fire detectors. A useful set of outcomes (temperatures, heat<br />
fluxes, hot gas layer thickness, etc.) can be obtained to determine the time to targets’<br />
damage in a variety of scenarios. It has been broadly validated <strong>and</strong> verified.<br />
IBERDROLA, Ingeniería y Construcción has used the MAGIC code in one Spanish<br />
Fire PSA for calculate available times to credit manual extinguishment on Fire Brigade<br />
actuation. The use of the code is conveniently simple, compared with CFD codes, allowing<br />
a high number of scenarios to be modeled in a restricted project schedule <strong>and</strong><br />
results sound credible <strong>and</strong> realistic with a coherent nearness to intuitive expectations.<br />
Finally, it is important to note that MAGIC features related with its input data definition<br />
(Heat Release Rate of fire load sources specially) permit a good fulfillment of NUREG/<br />
CR-6850 methodological <strong>and</strong> data provisions.
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 1:30 PM - Salon B<br />
Risk-Informed Safety Margins<br />
Session Chair: Dominique Vasseur<br />
1:30 PM<br />
Enhanced Defence-in-Depth features during the design<br />
phase of Olkiluoto 3<br />
Matti Lehto, Jouko Marttila, Ari Julin, Reino Virolainen<br />
STUK, Helsinki, Finl<strong>and</strong><br />
The first EPR, Olkiluoto 3, is under construction in Finl<strong>and</strong> <strong>and</strong> the unit is expected to<br />
be commissioned in 2013. Detailed, full-scope PSA of Olkiluoto 3 will be a part of the<br />
required documentation to be attached to the operation license application.<br />
Finnish regulatory requirements include e.g. separation principle applied to parallel<br />
parts of the safety systems <strong>and</strong> diversity principle applied to the systems related to<br />
the most important safety functions. The probabilistic design objectives in Finl<strong>and</strong> are<br />
the following:<br />
- The mean value of the PSA Level 1 result must be < 1E-05/a (core damage frequency).<br />
- The mean value of the PSA Level 2 result must be < 5E-07/a (major radioactive<br />
release frequency).<br />
Previous review of the Olkiluoto 3 Preliminary Safety Analysis Report <strong>and</strong> the preliminary<br />
PSA revealed some deficiencies in the plant design. Thereafter, several improvements<br />
have been done to fulfil Finnish regulatory requirements, as well as to assure<br />
on adequacy of safety margins. For example, following improvements have been done<br />
in the design considering Defence-in-Depth features:<br />
- Additional heat exchangers were applied to certain room cooling systems in safeguard<br />
buildings to provide two diverse heat sinks for the cooling function.<br />
- Structural modification was applied to protect diesel engine combustion <strong>and</strong> cooling<br />
air intakes against weather phenomena <strong>and</strong> external fires.<br />
- Additional measures were applied to prevent or limit leakage of primary coolant pump<br />
motor’s lubrication oil system to mitigate impact of assumed oil fires inside the containment.<br />
- Additional measures were applied to prevent or limit leakage of fire water system to<br />
mitigate impact of assumed flooding in the reactor building annulus.<br />
Considering fire safety of the typical fire retardant cables to be installed in Olkiluoto<br />
3, fire research <strong>and</strong> some specific fire tests were performed. Thereafter, several fire<br />
simulations of a cable spreading room have been done based on a new model taking<br />
into account the fire properties of the typical cables. The study was performed to be<br />
able to quantify cable fire spreading <strong>and</strong> to assure on the adequacy of the designed<br />
fire protection concept, especially considering the cable rooms containing big fire<br />
loads. (Presentation Only)<br />
1:55 PM<br />
Recent Trends In Risk-Informed Safety Margin Characterization<br />
Stephen M. Hess (a), Robert Youngblood (b), Dominique Vasseur (c)<br />
a) Electric Power Research Institute, West Chester, PA, b) Idaho National Laboratory, Idaho Falls, ID, c)<br />
Electricité de France, Clamart, France<br />
The design <strong>and</strong> maintenance of adequate safety margins has served as a foundational<br />
principle for the safe operation of commercial nuclear power plants since the inception<br />
of the commercial nuclear power industry. During the original licensing of the current<br />
fleet of plants, adequate safety margins were established by performing conservative<br />
analyses <strong>and</strong> using conservative engineering judgment to specify appropriate safety<br />
limits for critical plant parameters. However, over time, plant operation <strong>and</strong> ageing of<br />
plant structures systems <strong>and</strong> components (SSCs) has the potential to impact these<br />
original design margins. Due to the recent emphasis on extended plant operation, it<br />
will become imperative that effective methods be developed to manage age-related<br />
degradation of plant SSCs, prevent the occurrence of safety-significant operational<br />
events, <strong>and</strong> demonstrate maintenance of acceptable (<strong>and</strong> even improved) nuclear<br />
safety risk. In this paper, we summarize the current state of research to develop a<br />
risk-informed approach to characterize <strong>and</strong> manage nuclear plant safety margins. We<br />
describe the basic safety margin concept <strong>and</strong> summarize research performed under<br />
the Nuclear Energy Agency Committee on the Safety of Nuclear Installations Safety<br />
Margins Working Group to investigate such an approach for use by regulatory authorities.<br />
We also describe collaborative safety margin research sponsored by the<br />
Electric Power Research Institute Long Term Operation initiative <strong>and</strong> the United States<br />
Department of Energy’s Light Water Reactor Sustainability program being conducted<br />
to support decision making by plant owner/operators. Finally, we provide some preliminary<br />
conclusions <strong>and</strong> suggestions for further investigation.<br />
2:20 PM<br />
Experiences in Describing PRA Technical Adequacy in Risk<br />
Informed Submittals<br />
Victoria A. Warren, Donald E. Vanover (a), Lawrence K. Lee (b)<br />
a) ERIN Engineering <strong>and</strong> Research, Inc., West Chester, PA, b) ERIN Engineering <strong>and</strong> Research, Inc.,<br />
Campbell, CA<br />
With the advent of Revision 2 of Regulatory Guide 1.200, the technical adequacy of<br />
Probabilistic Risk Assessments (PRAs) used for risk informed submittals has come<br />
to the forefront. The type of submittal from the very specific, such as a change to the<br />
completion time of a single system to very broad process changes such as the surveillance<br />
frequency control program (i.e., Risk Informed Technical Specification (RITS)<br />
Initiative 5B) affects how technical adequacy is determined <strong>and</strong> described. The level<br />
of internal assessment <strong>and</strong> external review of the PRA is also a factor. The information<br />
content involving the impact of a gap to fully meeting the PRA st<strong>and</strong>ard (ASME/<br />
ANS RA-Sa-2009) must allow independent determination of acceptability. It is relatively<br />
straightforward to address PRA technical adequacy for a narrow application but<br />
more complex for a broad application where the specific instances are not defined.<br />
The broad application may need to rely on the methodology used to address certain<br />
technical adequacy issue. An example of this is the RITS 5B methodology which requires<br />
data sensitivities as part of the surveillance test interval analysis. Forethought<br />
about the intended use of the PRA technical adequacy assessment will lead to a better<br />
assessment leading to a better analysis <strong>and</strong> a better submittal.<br />
2:45 PM<br />
Insights from the SM2A Pilot Study Towards Quantification of<br />
a Change of Plant Safety Margin After a Hypothetical Power<br />
Up-Rate<br />
Martin A. Zimmermann, Vinh N. Dang (a), Jeanne-Marie Lanore, Pierre<br />
Probst (b), Javier Hortal (c), Abdallah Amri (d)<br />
a) Paul Scherrer Institute, Villigen, Switzerl<strong>and</strong>, b) Institut de Radioprotection et de Sûreté Nucléaire,<br />
Fontenay aux Roses, France, c) Consejo de Seguridad Nuclear, Madrid, Spain, d) OECD/NEA / Nuclear<br />
Safety Division, Issy-les-Moulineaux, France<br />
During recent years, many nuclear power plants underwent significant modifications,<br />
e.g. power up-rating. While compliance with all the deterministic acceptance criteria<br />
must be shown during the licensing process, the larger core inventory <strong>and</strong> the facts<br />
that the plant response might get closer to the limits after a power up-rate, suggest<br />
an increase of the core damage frequency (CDF) <strong>and</strong> other possible risk indicators.<br />
Hence, a framework to quantitatively assess a change in plant safety margin becomes<br />
very desirable. The Committee on the Safety of Nuclear Installations (CSNI) m<strong>and</strong>ated<br />
the Safety Margin Action Plan expert group (SMAP) to develop a framework for the<br />
assessment of such changes to safety margin. This framework combines PSA <strong>and</strong><br />
the analytical techniques developed in BEPU. CSNI then m<strong>and</strong>ated the SM2A expert<br />
group to especially explore the practicability of the SMAP framework. This pilot study<br />
was completed end of 2010. An increase of the (conditional) probability of exceedance<br />
for a surrogate acceptance limit (PCT) indicating core damage was successfully evaluated<br />
for the selected sequences from several initiating event trees, <strong>and</strong> it was found<br />
that only a restricted number of sequences need to be analyzed. The impact of power<br />
up-rate could also be assessed for scenarios where no violation of the surrogate criterion<br />
was observed. The modeling of human actions was found to be of particular<br />
importance as the sequences related to scenarios including a time delay for a recovery<br />
action or for a repair correspond to the more visible risk increase.<br />
49
50<br />
Session Chair: Gareth Parry<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 1:30 PM - Carolina<br />
1:30 PM<br />
Towards an Improved HRA Quantification Model<br />
Gareth W Parry (a), John A Forester, Katrina Groth, <strong>and</strong> Stacey M L Hendrickson<br />
(b), Stuart Lewis (c), Erasmia Lois (d)<br />
a) ERIN Engineering <strong>and</strong> Research Inc., Walnut Creek, CA, b) S<strong>and</strong>ia National Laboratories, Albuquerque,<br />
NM, c) Electric Power Research Institute, Knoxville, TN, d) U.S. Nuclear Regulatory Commission,<br />
Washington DC<br />
The U.S. Nuclear Regulatory Commission <strong>and</strong> the Electric Power Research Institute<br />
are working together under a memor<strong>and</strong>um of underst<strong>and</strong>ing to improve the state of<br />
the art in human reliability analysis (HRA) by incorporating an underst<strong>and</strong>ing of the<br />
causes of human failures <strong>and</strong> the contextual factors that influence the likelihood of<br />
failures based on a review of relevant behavioral science <strong>and</strong> cognitive psychology<br />
literature. This paper outlines a decision-tree approach that is being developed for<br />
the estimation of human error probabilities (HEPs) that is consistent with that underst<strong>and</strong>ing.<br />
1:55 PM<br />
The Value of Upgrading the HRA Method<br />
P.F. Nelson<br />
Departamento de Sistemas Energéticos, Facultad de Ingeniería, Universidad Nacional Autónoma de<br />
México, Mexico DF, CP<br />
Human Reliability Analysis (HRA) is a very important part of Probabilistic Risk Analysis<br />
(PRA), <strong>and</strong> constant work is dedicated to improving methods, guidance <strong>and</strong> data in<br />
order to approach realism in the results as well as reducing uncertainties. In order to<br />
advance in these areas, several HRA studies are being performed globally. Mexico<br />
has participated in the recent HRA Empirical studies with the objective of “benchmarking”<br />
HRA methods by comparing HRA predictions to actual crew performance in a<br />
simulator. The experience of participating in these efforts is being incorporated in the<br />
updating of the Laguna Verde PRA to comply with the ASME/ANS PRA st<strong>and</strong>ard. In<br />
order to be considered an HRA with technical adequacy for PRA risk-informed applications,<br />
the methodology used for the HRA in the original PRA is not considered<br />
sufficiently detailed, <strong>and</strong> the methodology had to upgraded. The HCR/CBDT/THERP<br />
method was chosen, since this is used in many nuclear plants with similar design.<br />
The HRA update includes the evaluation of human errors that can occur during an<br />
accident, known as post initiating events. Due to the results, it does not appear to be<br />
necessary to use a more detailed existing HRA method for the quantification of the<br />
human error probabilities; however, there is room for qualitative assessment enhancement.<br />
It is also expected that if new methods are employed with new data, there could<br />
be advances in the quantitative HRA predictions as well.<br />
Human Reliability Analysis - 4<br />
2:20 PM<br />
Development <strong>and</strong> Use of a Bayesian Network to Estimate Human<br />
Error Probability<br />
Katrina Groth <strong>and</strong> Ali Mosleh<br />
Center for Risk <strong>and</strong> Reliability, University of Maryl<strong>and</strong>, College Park, MD<br />
In Human Reliability Analysis (HRA), Performance Influencing Factors (PIFs) are used<br />
to represent the various factors that influence individual behavior <strong>and</strong> to predict the<br />
outcome of human cognitive processes. PIFs have been used in many HRA methods<br />
as a means to estimate Human Error Probability (HEP). Recently there has been an<br />
interest in replacing “linear models” of accounting for the impact of PIF on estimates<br />
for HEPs with model-based approach that include the interdependencies among PIFs.<br />
Addressing the PIFs in a model is expected to provide more refined HEP estimates<br />
<strong>and</strong> reduce the amount of information required to assess HEPs.<br />
A previous paper [1] has proposed a Bayesian Network (BN) model of the relationships<br />
among PIFs. The model structure <strong>and</strong> probabilities were developed based on analysis<br />
of available data. The BN provides a natural framework to assess the impact of different<br />
combinations of the same PIFs. This paper describes an extension of the original<br />
model to estimate HEPs. This paper discusses how to the model was modified <strong>and</strong><br />
how it can be used to make inferences in the BN. It also demonstrates how to integrate<br />
the PIF model into traditional PRA.<br />
2:45 PM<br />
First Results From A Study For Errors Of Commission For A<br />
Boiling Water Reactor<br />
Luca Podofillini, Vinh N. Dang (a), Olivier Nusbaumer, Dennis Dres (b)<br />
a) Paul Scherrer Institut, Villigen, Switzerl<strong>and</strong>, b) Leibstadt Nuclear Power Plant, Leibstadt, Switzerl<strong>and</strong><br />
Errors Of Commission (EOCs) refer to carrying out inappropriate, undesired actions<br />
that aggravate an accident scenario. The challenges to their systematic treatment in<br />
PSA relate to both the identification (which error events should be included in the PSA)<br />
as well as to the quantification of their probability. This paper presents the first results<br />
from a plant-specific study performed to identify potential EOC vulnerabilities <strong>and</strong><br />
quantify their risk significance. The study addresses a Boiling Water Reactor (BWR) in<br />
Switzerl<strong>and</strong> <strong>and</strong> is one of the first EOC analyses ever done for BWRs. The Commission<br />
Error Search <strong>and</strong> Assessment (CESA) method was used to identify EOC events.<br />
The application shows that CESA is effective in narrowing the EOC search down to a<br />
limited number of events to be included in the PSA – six events in the present case.<br />
This demonstrates the feasibility of a systematic treatment of EOCs for large-scale<br />
applications. A preliminary analysis shows that the contribution to risk of the most<br />
important EOCs is comparable to that of the most important errors of omission. This<br />
highlights the significance of EOCs in the overall risk profile of the plant.
Session Chair: Tunc Aldemir<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 3:45 PM - Azelea<br />
3:45 PM<br />
Research Activities of Germany’s GRS in the Field of Dynamic<br />
PSA<br />
Martina Kloos<br />
Gesellschaft für Anlagen- und Reaktorsicherheit (GRS) mbH, Garching, Germany<br />
GRS started its research activities in the field of dynamic PSA with the development<br />
of the MCDET method which considers discrete aleatory uncertainties (referring, for<br />
instance, to the occurrence of system function failures or of human errors) by the<br />
Discrete Dynamic Event Tree (DDET) approach <strong>and</strong> continuous aleatory uncertainties<br />
(e.g. failure-to run times of system functions or execution times for human actions) by<br />
MC simulation. The method is implemented as a module system which can in principal<br />
be coupled with any deterministic dynamics code. Since the MCDET modules can account<br />
for epistemic uncertainties as well, two approaches for an epistemic uncertainty<br />
analysis were developed. They are useful for complex long running applications. Last<br />
step of the research activities until now was the development of a so-called crew<br />
module. It enables calculating the dynamics of crew actions depending <strong>and</strong> acting on<br />
the uncertainties as considered in the MCDET modules <strong>and</strong> on the dynamics as modeled<br />
in the deterministic code. The combination of the MCDET <strong>and</strong> crew modules with<br />
an appropriate deterministic code allows for evaluating complex accident scenarios<br />
where human actions, technical installations, the physical process <strong>and</strong> aleatory uncertainties<br />
are the main interacting parts in the course of time. Accident sequences are<br />
generated automatically <strong>and</strong> supplied together with probabilistic assessments which<br />
account for the spectrum of sequences that may actually evolve. This paper describes<br />
the current state of development, some large scale applications <strong>and</strong> future research<br />
projects in the context of the MCDET method.<br />
4:10 PM<br />
<strong>Online</strong> State Estimation in Dynamic Event Trees for a Level<br />
Controller Dataset<br />
Daniya Zamalieva <strong>and</strong> Alper Yilmaz (a), Tunc Aldemir (b)<br />
a) Photogrammetric Computer Vision Lab., The Ohio State University, Columbus, OH, b) Department of<br />
Mechanical <strong>and</strong> Aerospace Engineering, The Ohio State University, Columbus, OH<br />
The large amount of data produced by dynamic event tree generation algorithms introduces<br />
the need for new methods <strong>and</strong> software tools that are capable of analyzing the<br />
data <strong>and</strong> extracting useful information. The classification of each transient produced<br />
by dynamic event tree generation algorithms as normal or failure (i.e. situation that has<br />
to be avoided) is addressed. The classification is carried out in an online manner, i.e.<br />
using the part of the scenario that is available, while the rest is still being generated.<br />
The classification can be used for more efficient utilization of computing resources by<br />
discontinuing scenarios with normal transient behavior. Learning the behavior of normal<br />
scenarios is accomplished using a Hidden Markov Model. Experiments show that<br />
using the proposed model, it is possible to continue the execution of 100% of failed<br />
scenarios while identify more than 50% of normal scenarios for termination.<br />
Dynamic PSA - 3<br />
4:35 PM<br />
Discrete Dynamic Event Tree Analysis of MLOCA Using Ads-<br />
Trace<br />
Durga R. Karanki, Vinh N. Dang, Tae-Wan Kim<br />
Paul Scherrer Institute, Villigen, Switzerl<strong>and</strong><br />
In current practice, success criteria analyses for Probabilistic Safety Assessments<br />
(PSAs) primarily use thermal-hydraulic simulation (transient analysis) codes. In dynamic<br />
event tree (DET) simulations, a stochastic model is coupled to such codes. The<br />
stochastic model allows the variability of system failures (number of trains, timing)<br />
<strong>and</strong> of operator responses (response strategies, timing of actions) to be considered.<br />
Consequently, DET simulations provide the means to examine the combined influence<br />
of such variabilities on success criteria. This paper presents initial results from DET<br />
analyses performed for Medium Loss of Coolant Accident (MLOCA) scenarios in a<br />
Pressurized Water Reactor (PWR). The analyses focus in particular on the interaction<br />
of break size, number of high pressure safety injection trains, <strong>and</strong> the timing <strong>and</strong><br />
rate of primary cooldown <strong>and</strong> depressurization over the secondary, in terms of their<br />
impacts on sequence success.<br />
5:00 PM<br />
Dynamic Event Tree Analysis of Competing Creep Failure<br />
Mechanisms in a Station Blackout Accident<br />
Kyle Metzroth, Richard S. Denning, <strong>and</strong> Tunc Aldemir<br />
The Ohio State University, Columbus, OH<br />
The ADAPT (Analysis of Dynamic Accident Progression Trees) methodology is a dynamic<br />
event tree (DET) methodology capable of accounting for the uncertainty in the<br />
modeling of complex stochastic phenomena which may take place during the course<br />
of a severe accident. In this work, the ADAPT methodology is applied to a stationblackout<br />
(SBO) scenario <strong>and</strong> the competition of creep failure mechanisms of several<br />
components of reactor coolant system (RCS) is analyzed. Special attention is paid<br />
to the modeling of steam generator tube rupture <strong>and</strong> approximations are used to account<br />
for the possible temperature stratification in the steam generator tubes that may<br />
not be captured by lumped parameter models. Timings of the creep failure of various<br />
components are estimated.<br />
51
52<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 3:45 PM - Camellia/Dogwood<br />
Risk-Informed Decision Making - 1<br />
Session Chair: Stanley Levinson<br />
3:45 PM<br />
Risk Informed Optimization of Fatigue Rules<br />
Alex<strong>and</strong>er Knoll<br />
Consultant, Wyomissing, PA<br />
Various PRAs in the nuclear <strong>and</strong> other industries identified human errors as a significant<br />
contributor to undesired events <strong>and</strong> accidents. Fatigue is one of the factors<br />
included in human reliability analyses of PRAs. This paper will compare the existing<br />
<strong>and</strong> proposed fatigue rules in various industries <strong>and</strong> will provide tangible recommendations<br />
to optimize the procedural <strong>and</strong> regulatory requirements for reducing the risk of<br />
fatigue errors to an acceptable level.<br />
High risk industries have work hour limitations based on current or planned regulations.<br />
These limitations need to comply also with new regulations to help mitigating<br />
the risks of fatigued personnel. The current fatigue rules <strong>and</strong> limitations are constantly<br />
<strong>and</strong> frequently revised because there is no consistent methodology that satisfies all<br />
the impacted stakeholders: public (safety), employee unions, employers, regulators,<br />
government, etc.<br />
This is a Risk Informed Optimization Problem: If the Fatigue Rules are extremely lenient,<br />
allowing key employees work continuously an unacceptable number of hours,<br />
public safety might be reduced, employees might be exposed to accidents <strong>and</strong> the<br />
resultant company losses might be unacceptably high. If the Fatigue Rules are extremely<br />
dem<strong>and</strong>ing, exaggerated in their levels of reduced work-hour requirements,<br />
the risk reduction might not be tangible but the implementation costs might be unacceptably<br />
high as well. This is a classical Risk Informed Optimization problem (see<br />
Reference 1): Identifying fatigue rules <strong>and</strong> procedural guidance that are optimal (not<br />
exaggerated in dem<strong>and</strong> <strong>and</strong> not lenient.<br />
Published industry experience of fatigue errors in various industries will be reviewed<br />
<strong>and</strong> translated into statistical data. Then they will be correlated with previous work<br />
(see Reference 2) <strong>and</strong> the Risk Informed methodology of Reference 1. Recommendations<br />
will be provided how to optimize fatigue rules <strong>and</strong> procedural requirements in<br />
various industries.<br />
References: 1.A. Knoll, “Risk Informed Optimization, Theory <strong>and</strong> Applications”, Proc.<br />
ANS PSA ’05, International Topical Meeting on Probabilistic Safety Assessment, San<br />
Francisco, 2005. 2. A. Knoll & Al., “Event Tree Methodology for Analyzing the Risk of<br />
Fatigue Errors During Flight”, Proc. PSAM 5 Topical Meeting on PSA <strong>and</strong> Management,<br />
Osaka, Japan, 2000. (Presentation Only)<br />
4:10 PM<br />
Application of Analytic-Deliberative Decision-Making Process<br />
(ADP) to the Design of Advanced Reactor Passive Residual<br />
Heat Removal System<br />
LIU TAO, Tong jiejuan, Zheng Yanhua<br />
INET, Tsinghua University<br />
Analytic-Deliberative Decision-Making Process (ADP) is a process that helps stakeholders<br />
make risk-informed decisions. It has been used in variety of decision-making<br />
problems since has been worked out. The paper describes the application of the ADP<br />
to the selection of Residual Heat Removal System (RHRS) design which will work for<br />
an advanced reactor. Two RHRS options are identified <strong>and</strong> evaluated, which are 3<br />
trains, 50% load per train <strong>and</strong> 2trains, 70% load per train. (Presentation Only)<br />
4:35 PM<br />
WGRISK Activities: What’s New?<br />
Jeanne-Marie Lanore (a), Marina Röwekamp (b), Nathan O. Siu (c), Abdallah<br />
Amri (d)<br />
a) Institut de Radioprotection et de Sûreté Nucléaire (IRSN), Fontenay-aux-Roses Cedex, France, b)<br />
Gesellschaft für Anlagen- und Reaktorsicherheit (GRS) mbH, Köln, Germany, c) U.S. Nuclear Regulatory<br />
Commission (NRC), Washington, DC, USA, d) OECD Nuclear Energy Agency, Issy-les-Moulineaux,<br />
France<br />
The main objective of the Working Group on Risk Assessment (WGRISK) of the OECD<br />
Nuclear Energy Agency (NEA) Committee for the Safety of Nuclear Installations<br />
(CSNI) is to advance the PSA underst<strong>and</strong>ing <strong>and</strong> to enhance its utilization for improving<br />
the safety of nuclear installations. The main products of WGRISK are state-of-theart<br />
reports, workshops, technical notes <strong>and</strong> technical opinion papers (available to all<br />
NEA member countries <strong>and</strong> in some cases to the public). The integrated plan of the<br />
WGRISK is prepared in order to help ensure the Working Group addresses important<br />
safety issues identified by the CSNI. It also helps ensure that WGRISK is appropriately<br />
coordinated with other international activities. A number of past products of WGRISK<br />
have been presented to international experts at various meetings. The objective of this<br />
paper is to focus on recently completed <strong>and</strong> ongoing activities: - Recent topic areas<br />
include: Probabilistic risk criteria <strong>and</strong> safety goals, non-seismic external events, low<br />
power <strong>and</strong> shutdown PSA, digital I&C risk, severe accident management, human reliability<br />
analysis data. - Currently active topic areas include: PSA for advanced reactors,<br />
PSA knowledge transfer, PSA for new plants, digital system failure modes, <strong>and</strong> PSA<br />
use <strong>and</strong> development.<br />
5:00 PM<br />
Experiences from the project on Validity of Safety goals<br />
Göran Hultqvist<br />
Forsmark Nuclear Power plant, Sweden<br />
A guidance document has been developed as part of a four-year Nordic project dealing<br />
with the use of probabilistic safety criteria for nuclear power plants. The project have<br />
been supported by NPSAG, NKS (the Nordic utilities <strong>and</strong> regulators). The Guidance<br />
sums up, on the basis of the work performed throughout the project, issues to consider<br />
when defining <strong>and</strong> applying probabilistic safety criteria. The Guidance describes the<br />
terminology <strong>and</strong> concepts involved, levels of probabilistic safety criteria <strong>and</strong> relations<br />
between these, how to define a criterion, how to apply a criterion, on what to apply<br />
the criterion, <strong>and</strong> how to interpret the result of the application. It specifically deals<br />
with what makes up a probabilistic safety criterion, i.e., the risk metric, the frequency<br />
criterion, the PSA used for assessing compliance, <strong>and</strong> the application procedure for<br />
the criterion. It will also discuss the concept of subsidiary criteria, i.e., different levels<br />
of safety goals, their relation to defense in depth <strong>and</strong> to a primary safety goal in terms<br />
of health effects or other off-site consequences.<br />
The project has included 4 different parts in which different assessment have been<br />
performed. These includes the following<br />
- Historical use of safety goals <strong>and</strong> the experiences of this<br />
- The historical basis for setting safety goals<br />
- International use of safety goals historical <strong>and</strong> today <strong>and</strong> trends<br />
- Quality dem<strong>and</strong>s on PSA methodologies <strong>and</strong> data to be used for safety goals<br />
- Uncertainties/Variance in PSA outputs in assessing the safety level of a specific plant<br />
(important parameters for low variance)<br />
- Use of safety goals in other industries<br />
- Development of recommendations of using safety goals in the Nuclear industry.<br />
The project has been developed in parallel with a similar project in OECD. The project<br />
leaders have been involved in both these projects. The Nordic project has included a<br />
broader scope. The presentation will include information from the different phases of<br />
the project <strong>and</strong> important outputs from the work.
Session Chair: Robert L Ladd<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 3:45 PM - Camellia/Dogwood<br />
3:45 PM<br />
Mapping of Fire Events to Multiple Internal Events PRA Initiating<br />
Events<br />
Richard C. Anoba<br />
Anoba Consulting Services, LLC, Raleigh, NC<br />
Probabilistic Risk Assessments (PRAs) are increasingly being used as a tool for developing<br />
a Fire PRA model to support NFPA 805. Most PRAs have the capability to address<br />
internal events including internal floods. As more dem<strong>and</strong>s are being placed for<br />
using the PRA to support risk-informed applications, there has been a growing need<br />
to quantitatively address external events such as fire. The NFPA pilot applications<br />
have implemented the guidance provided in NUREG/CR-6850 <strong>and</strong> the ANS/ASME<br />
PRA St<strong>and</strong>ard to develop a Fire PRA that adequately addressees the unique impact<br />
of a fire event initiating event. A fire event that results in damage to electrical cables<br />
could cause potentially unique plant dem<strong>and</strong>s <strong>and</strong> responses beyond the scope of the<br />
Internal Events PRA model. The current PRA practice provides alternate methods <strong>and</strong><br />
approaches to address unique initiating events. One method is to develop an event<br />
tree model for each unique initiating event. For a Fire PRA, this method could be impractical<br />
since the number of unique compartment/scenario fire initiating events could<br />
number in the hundreds <strong>and</strong> possibly in the thous<strong>and</strong>s. Recent Fire PRA model development<br />
experience has demonstrated that cable damage translates to nuclear power<br />
plant dem<strong>and</strong>s <strong>and</strong> responses that can be characterized by multiple Internal Events<br />
PRA initiating events. From this perspective, a fire event can be mapped to multiple Internal<br />
Event PRA initiating events that already exist in the logic models. Consequently,<br />
an alternate approach would be to map the fire event to multiple Internal Event PRA<br />
initiating events, while utilizing the existing structure of the Internal Events PRA event<br />
tree models. This methodology presents new challenges for addressing simultaneous<br />
<strong>and</strong> sequential occurrences of plant dem<strong>and</strong>s <strong>and</strong> responses chased by a single fire<br />
initiating event. The intent of this paper is to provide an overview of a modeling approach<br />
for mapping fire events to multiple Internal Events PRA initiating events.<br />
4:10 PM<br />
Applying Hierarchical Bayes Methods to Fire Ignition Frequency<br />
Estimation<br />
Patrick Baranowsky <strong>and</strong> Krisn<strong>and</strong>ito Hardjoko (a), Corwin Atwood (b)<br />
a) ERIN Engineering <strong>and</strong> Research, Inc., Bethesda, MD, b) Statwood Consulting, Silver Spring, MD<br />
This paper provides a brief description of the methodology that is currently being<br />
considered for derivation of fire ignition frequency distributions for use in fire PRA<br />
(Probabilistic Risk Assessment) applications when updated fire events data becomes<br />
available. The approach uses a hierarchical Bayesian methodology to account for between<br />
plant variability of the fire ignition frequencies that is more data driven <strong>and</strong> uses<br />
analytic techniques that are well established nuclear power risk assessment methods<br />
<strong>and</strong> used broadly in many other technological <strong>and</strong> medical research applications. This<br />
paper summarizes the application methodology, evaluation <strong>and</strong> validation analyses<br />
that were performed, <strong>and</strong> recommends implementation details for the proposed methodology.<br />
A more extensively detailed report has been prepared for peer review.<br />
Fire PSA Methods - 5<br />
4:35 PM<br />
Use of Computational Fluid Dynamic Fire Models to Evaluate<br />
Operator Habitability for Manual Actions in Fire Compartments<br />
Robert L. Ladd<br />
Engineering Planning <strong>and</strong> Management, Inc., Hudson, WI<br />
Conduct of a Fire PRA may identify situations that require the performance of operator<br />
manual actions (OMA) to mitigate the consequences of a fire. In cases where<br />
OMAs are required within the affected fire compartment or the action requires transit<br />
through the compartment to access components, human reliability analysis has traditionally<br />
assigned little to no credit for their performance. These situations typically require<br />
the performance of additional analysis to credit additional system options or the<br />
performance of modifications to relocate/protect affected circuits <strong>and</strong>/or equipment.<br />
However with the advent of advanced computational fluid dynamic (CFD) fire modeling<br />
tools such as Fire Dynamics Simulator (FDS), such cases can be evaluated to<br />
estimate feasibility <strong>and</strong> demonstrate the ability to perform necessary actions or transit<br />
through the fire environment. FDS fire models used to show feasibility of manual actions<br />
in a fire environment are designed much like those used to evaluate Fire PRA<br />
target damage. Feasibility of OMAs is demonstrated by establishing reasonable acceptance<br />
criteria <strong>and</strong> a means to measure the fire environment against those criteria.<br />
The acceptance criteria must ensure that the fire environment to which the operator is<br />
exposed, is acceptable for the performance of the required action <strong>and</strong> that it poses no<br />
immediate danger to the operator. In addition the model is designed to measure the<br />
time when equipment damage would precipitate performance of the action as well as<br />
the time when the required action must take place for successful mitigation of undesirable<br />
affects. This allows measurement of the expected environmental conditions when<br />
the operator would be required to be in the affected fire compartment to perform the<br />
required actions.<br />
5:00 PM<br />
Exp<strong>and</strong>ing the Use of Generic Fire Model Treatments<br />
Gregory T. Zucal (a), Jeffrey L. Voskuil (b), Donald E. Vanover (c), Sean Hunt<br />
(d)<br />
a) ERIN Engineering <strong>and</strong> Research, Inc., West Chester, PA, b) Entergy, Covert, MI, c) ERIN Engineering<br />
<strong>and</strong> Research, Inc., West Chester, PA, d) Hughes Associates, Bingham, ME<br />
Generic fire models provide an efficient method to determine fire scenario zones of<br />
influence in support of development of fire probabilistic risk assessments. These fire<br />
models generally assume static conditions <strong>and</strong> therefore limit the ability to consider<br />
time in the fire risk analysis. This paper explores an approach to adapt the results of a<br />
generic fire model in order to perform a timed based analysis. This facilitates the ability<br />
to analyze the growth phase of selected fires <strong>and</strong> provides a method for manual suppression<br />
to be credited during fire PRA scenario development. This approach includes<br />
input parameters that have known uncertainties. These parameters include fire growth<br />
rates, heat release rate distributions, <strong>and</strong> cable damage delay times. The approach<br />
utilizes various features of Mathcad® to calculate an overall non-suppression probability<br />
for a given fixed distance to an initial target. The method accounts for each of the<br />
heat release rate distribution bins, the vertical zone-of-influence from each bin, the fire<br />
growth time to reach the peak release rate, <strong>and</strong> the time it takes for cable damage to<br />
occur once the heat flux at a given distance exceeds the threshold heat flux criteria.<br />
53
54<br />
Session Chair: Kohei Hisamochi<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 3:45 PM - Salon A<br />
3:45 PM<br />
Advancing Performance-Based <strong>and</strong> Risk-Informed Design<br />
Methods for the Seismic Design <strong>and</strong> Regulation of SSCs in<br />
NPPs<br />
Robert J. Budnitz<br />
Lawrence Berkeley National Laboratory, University of California, Berkeley CA<br />
The current NRC regulations for design <strong>and</strong> analysis of nuclear power plants to resist<br />
large earthquakes use a framework that is partially risk-informed, in the sense that<br />
a target performance goal of 10-5 per year is the design target for the design of every<br />
individual SSC (structure, system, or component) that contributes significantly to<br />
the safety performance of the plant. However, the current framework does not admit<br />
design-specific or plant-specific PSA information directly as a part of the technical basis<br />
used to determine whether an SSC should be approved. Instead, the design rules<br />
<strong>and</strong> analysis provisions have used information from the body of seismic PSAs already<br />
in the literature to inform how the design process <strong>and</strong> analysis provisions themselves<br />
are framed. This is “risk informed” but not fully so, <strong>and</strong> it is also not fully performancebased<br />
because although the target is framed in probabilistic terms, most of the design<br />
rules are prescriptive, rather than allowing the designer to choose his/her own design<br />
approach. This paper will discuss a group of several proposals, any one of which could<br />
advance the situation significantly toward a more fully performance-based <strong>and</strong> riskinformed<br />
framework. This paper will discuss the technical basis for each of the several<br />
proposals, what valid reasons st<strong>and</strong> in the way of their early implementation, <strong>and</strong> what<br />
research could be undertaken to help move the seismic design <strong>and</strong> approval process<br />
along toward a more nearly risk-informed <strong>and</strong> performance-based framework.<br />
4:10 PM<br />
Calculation of Seismic Fragility Parameters for Flatbottom<br />
Vertical Liquid Storage Tanks by Numerical Simulation<br />
John J. O’Sullivan <strong>and</strong> Tsiming Tseng<br />
Stevenson <strong>and</strong> Associates, Woburn, MA<br />
Seismic probabilistic risk assessments for nuclear power plants will normally include<br />
a fragility analysis of one or more flat-bottom vertical liquid storage tanks <strong>and</strong> these<br />
tanks will often rank high for risk-significance. Typically a tank’s function is to provide<br />
a reliable source of cooling water <strong>and</strong> the consequence of failure is of high importance.<br />
In this paper, seismic fragility parameters are calculated for storage tanks using<br />
a Monte Carlo analysis procedure. A range of tank geometries is investigated, with<br />
tank design parameters chosen to be representative of water storage tanks at older<br />
nuclear power plants. Following common practice, probabilistic variables are taken<br />
to follow a lognormal distribution. The Latin hypercube procedure is used to sample<br />
probabilistic variables. By performing the capacity analysis many times, each time with<br />
newly sample variables, the underlying probability distribution of the seismic capacity<br />
is estimated. Three lightly anchored example tanks were analyzed with height to<br />
radius (H/R) ratios of 1.41, 2.13 <strong>and</strong> 2.84. The logarithmic st<strong>and</strong>ard deviation (β) values<br />
produced by the simulation vary from 0.334 to 0.360. This is within the expected<br />
range. The trend is for β to increase with tank height. It was judged that the trend is<br />
a consequence of increasing ductility (μ) values. Calculations were also performed<br />
using a conservative deterministic failure margin procedure (CDFM) with a single set<br />
of input parameters. The CDFM <strong>and</strong> simulation are in very good agreement for the<br />
lower H/R ratios (within about 5%). The CDFM produced moderately conservative<br />
results compared to the simulation results for the tallest tank (11% lower HCLPF). The<br />
higher capacity values produced by the simulation for the tallest tank are attributed<br />
to the computed inelastic energy absorption factor, which was conservatively fixed at<br />
unity in the CDFM.<br />
Seismic PSA - 3<br />
4:35 PM<br />
EPRI Pilot Application of the ASME/ANS Seismic PRA St<strong>and</strong>ard<br />
Greg Hardy (a), Robert Kassawara (b), Divakar Bhargava (c), David Moore<br />
(d)<br />
a) Simpson Gumpertz <strong>and</strong> Heger, Newport Beach, CA, b) Electric Power Research Institute, Palo Alto,<br />
CA, c) Dominion Resources Inc., Glen Allen, VA, d) Consultant, Mercer Isl<strong>and</strong>, WA<br />
The American Society of Mechanical Engineers (ASME) <strong>and</strong> the American Nuclear<br />
Society (ANS) have developed a “St<strong>and</strong>ard for Level 1/Large Early Release Frequency<br />
Probabilistic Risk Assessment for Nuclear Power Plant Applications.” The objective<br />
of the St<strong>and</strong>ard is to provide basic requirements for performing probabilistic risk assessments<br />
that would support future risk informed decisions. The St<strong>and</strong>ard limits its<br />
requirements to performing a Level 1 analysis of the core damage frequency (CDF)<br />
<strong>and</strong> a limited Level 2 analysis of Large Early Release Frequency (LERF). The St<strong>and</strong>ard<br />
also provides requirements for a graded approach to risk assessment. These<br />
requirements are set for three “Capability Categories” representing three levels of<br />
detail. Guidance is not provided as to which capability category is appropriate for riskinformed<br />
decisions. This is left to the judgment of the risk analyst.<br />
The probabilistic risk assessment (PRA) st<strong>and</strong>ards for internal events <strong>and</strong> for fire have<br />
been piloted <strong>and</strong> updated in past studies <strong>and</strong> are further along in terms of common<br />
usage, regulatory review, <strong>and</strong> familiarity by nuclear industry engineers than is the case<br />
for seismic risk. While seismic PRAs (SPRAs) have been conducted for research purposes<br />
<strong>and</strong> in response to the Individual Plant Evaluation for External Events (IPEEE),<br />
no systematic SPRA has been conducted using the new SPRA st<strong>and</strong>ard requirements.<br />
Dominion Generation teamed with Electric Power Research Institute (EPRI) to conduct<br />
this Pilot study of the Surry nuclear plant.<br />
The purpose of the EPRI pilot project was twofold: To evaluate the process, requirements,<br />
<strong>and</strong> results involved in updating the Surry SPRA developed for the IPEEE<br />
program using modern SPRA methods such that it can meet regulatory approval <strong>and</strong><br />
be used in future risk-based decision making. To review the requirements in the ASME/<br />
ANS SPRA St<strong>and</strong>ard to determine if they are reasonable or require clarification relative<br />
to the current state of the art in performing SPRAs.<br />
This paper focuses on the key results from this SPRA Pilot project.<br />
5:00 PM<br />
Seismic PSA of Kernkraftwerk Neckarwestheim Unit 2<br />
P. Amico, A. Lubarsky, I. Kouzmina <strong>and</strong> M. Khatib-Rahbar (a), M. Ravindra<br />
(b), W. Tong (c), A. Strohm, J. Rattke, W. Schwarz (d), D. Rittig (e)<br />
a) Energy Research, Inc., Rockville, MD, b) Consultant, Irvine, CA, c) Simpson, Gumpertz & Heger,<br />
Newport Beach, CA, d) EnBW Kernkraft GmbH, Neckarwestheim, Germany, e) GKN Consultant, Köln,<br />
Germany<br />
In accordance with German nuclear regulations, a seismic PSA (SPSA) was performed<br />
on Kernkraftwerk Neckarwestheim Unit 2 (GKN II), a PWR located in Germany near<br />
Stuttgart. The study was conducted using techniques that comply with both German<br />
PSA guidelines <strong>and</strong> the ANS (now ASME/ANS) st<strong>and</strong>ard requirements for SPSA. The<br />
study found that the seismic design of the plant is quite high given the seismic hazard<br />
at the site. As a result, seismic core damage frequency contributes approximately 1%<br />
to total core damage risk of the plant. The risk is dominated by seismically-induced<br />
plant shutdown (no loss of offsite power) followed by r<strong>and</strong>om failures <strong>and</strong> human errors,<br />
<strong>and</strong> the dominant seismic events are at the low end of the hazard curve. The<br />
results are essentially insensitive to most seismic-related inputs, but are sensitive to<br />
the human error probabilities used. The walkdown did indentify few housekeeping<br />
items that could compromise the seismic performance of a few components, which<br />
the plant is addressing.
Session Chair: Barry Sloane<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 3:45 PM - Salon B<br />
3:45 PM<br />
Development of a St<strong>and</strong>ard for Risk-Informed Decision Making<br />
Yoshiyuki Narumiya <strong>and</strong> Munehiro Yasuda (a), Akira Yamaguchi (b), Masashi<br />
Hirano (c)<br />
a) The Kansai Electric Power Co., Inc., Osaka, Japan, b) Department of Energy <strong>and</strong> Environment Engineering,<br />
Osaka University, Osaka, Japan, c) Japan Atomic Energy Agency, Tokai, Japan<br />
Atomic Energy Society of Japan (AESJ) has developed a st<strong>and</strong>ard which provides<br />
the underlying requirements <strong>and</strong> procedures commonly applicable to Risk-Informed<br />
Decision Making (RIDM) applications for facilitating changes in safety-related activities<br />
of all kinds. The Nuclear <strong>and</strong> Industrial Safety Agency (NISA) that is the Japanese<br />
regulatory body issued Basic Guideline bearing Risk Informed Regulation (RIR)<br />
applications in mind. It is noted that NISA gives encouragement in the Guideline to<br />
the utilization of risk information in safety related activities of Nuclear Power Plants<br />
(NPPs). Accordingly, it is a matter of course that the risk information is useful <strong>and</strong> trustable<br />
not only for the licensees to submit applications but also for the regulatory agency<br />
to review <strong>and</strong> examine the application from the licensees. The AESJ st<strong>and</strong>ard, “the<br />
St<strong>and</strong>ard of Implementation on the Use of Risk Information in Changing the Safety<br />
Related Activities” has been developed. In the st<strong>and</strong>ard, the basic idea <strong>and</strong> common<br />
concept on the rules <strong>and</strong> requirements that should be implemented by the utilities<br />
are described in consistent with the requirements stated in the NISA Basic Guideline.<br />
Individual st<strong>and</strong>ards with specific applications will be expected to be developed in the<br />
future according to RIDM applications.<br />
4:10 PM<br />
Technical Overview of Japan’s St<strong>and</strong>ards for Riskinformed<br />
Decision Making<br />
Akira Yamaguchi (a), Yoshiyuki Narumiya (b), Mitsumasa Hirano (c)<br />
a) Osaka University, Osaka, Japan, b) Kansai Electric Power Co. Ltd., Osaka, Japan, c) Tokyo City<br />
University, Tokyo, Japan<br />
The paper presents the Japanese practice of the probabilistic safety assessment<br />
(PSA) technology development <strong>and</strong> its application to the safety design/operation <strong>and</strong><br />
the safety regulation. The Nuclear Safety Commission has issued the safety goal,<br />
performance objectives <strong>and</strong> the basic policies toward the risk informed decision making.<br />
The Nuclear <strong>and</strong> Industry Safety Agency has published the guidelines for the risk<br />
informed regulation <strong>and</strong> the for the PSA quality. Conforming to the movement of the<br />
regulatory agencies, st<strong>and</strong>ards have been developed by the Atomic Energy Society of<br />
Japan. The AESJ has developed the St<strong>and</strong>ards Committee in 1999 <strong>and</strong> has made a<br />
number of PSA st<strong>and</strong>ards. At present, the AESJ has issued st<strong>and</strong>ards for Level 1, 2,<br />
<strong>and</strong> 3 PSA, seismic PSA at power, Level 1 PSA during shutdown state, <strong>and</strong> estimation<br />
of PSA parameters <strong>and</strong> data. Additionally st<strong>and</strong>ard concerning the usage of the risk<br />
information in changing the safety related activities has been issued. Hence the st<strong>and</strong>ards<br />
for internal PSAs have been completed <strong>and</strong> are ready for extensive use in the<br />
risk-informed decision making (RIDM) process. Development of st<strong>and</strong>ards for other<br />
dominant risk contributors, e.g. fire risk <strong>and</strong> internal flood risk are under consideration.<br />
Moreover, we recognize the necessity of developing the st<strong>and</strong>ard for individual RIDM<br />
applications in opportune occasions.<br />
PSA St<strong>and</strong>ards - 1<br />
4:35 PM<br />
NPSAG- Nordic PSA-Group – Performed <strong>and</strong> Ongoing Research<br />
Program<br />
Göran Hultqvist<br />
Forsmark Kraftgrupp AB, Östhammar Sweden<br />
The Nordic PSA Group NPSAG was founded in December 2000 by the nuclear utilities<br />
in Finl<strong>and</strong> <strong>and</strong> Sweden. In addition, the Swedish Nuclear Power Inspectorate (SKI)<br />
participates as an observer, <strong>and</strong> also takes part in the funding of many of the projects.<br />
NPSAG is intended to be a common forum for discussion of issues related to probabilistic<br />
safety assessment (PSA) of nuclear power plants, with focus on research <strong>and</strong><br />
development needs. The group follows <strong>and</strong> discusses current issues related to PSA<br />
nationally <strong>and</strong> internationally, as well as PSA activities at the participating utilities. The<br />
group initiates <strong>and</strong> co-ordinates research <strong>and</strong> development activities <strong>and</strong> discusses<br />
how new knowledge shall be used. Important on-going activities concern CCF <strong>and</strong><br />
dependent failures in general, as well as applications of PSA. In addition, a general<br />
<strong>and</strong> quite extensive discussion has been initiated about data for PSA models. The<br />
discussion concerns a number of issues, ranging from types of data needed to future<br />
procedures for data collection, processing <strong>and</strong> analysis. Over the years, international<br />
contacts have increased, especially with partners in Europe (initiated by BWROG Associate<br />
program <strong>and</strong> EU-research contacts). This is in line with the group’s aim to<br />
create a common <strong>and</strong> lasting basis for the performance of PSA <strong>and</strong> for risk informed<br />
applications of PSA in Europe. One important result is a common pilot project with<br />
VGB (Germany) on multi-national CCF data analysis. The paper gives an overview<br />
of NPSAG projects – past <strong>and</strong> present, <strong>and</strong> of the types of international contacts <strong>and</strong><br />
information collection activities of the group.<br />
5:00 PM<br />
Recent Advances in Developing Guides <strong>and</strong> St<strong>and</strong>ards for Internal<br />
Flooding PRA<br />
Karl N. Fleming <strong>and</strong> Jean Francois Roy<br />
KNF Consulting Services LLC, Spokane, WA<br />
The Electric Power Research Institute has sponsored many projects to improve <strong>and</strong><br />
upgrade the technology for Probabilistic Risk Assessments (PRAs) <strong>and</strong> associated applications<br />
at nuclear power plants as part of their PRA Scope <strong>and</strong> Quality Program. The<br />
focus of this paper is to highlight some recent advances in the development of guides<br />
<strong>and</strong> st<strong>and</strong>ards in the evaluation of accident sequences initiated by internal flooding.<br />
The topics addressed include the development of guidelines for the performance of<br />
a PRA in a manner that meets the technical requirements in the ASME/ANS PRA<br />
st<strong>and</strong>ard, <strong>and</strong> the development of a data base of piping system failure rates for use<br />
in estimating flood-induced initiating event frequencies. Examples are shown of how<br />
these methods <strong>and</strong> tools have been used to support the evaluation of design, inspection,<br />
<strong>and</strong> surveillance strategies to reduce the risk of internal-flood induced accident<br />
sequences. Progress made recently in the enhancement of PRA st<strong>and</strong>ards for internal<br />
flooding PRA (IFPRA) that take advantage of these developments is also discussed.<br />
55
56<br />
Session Chair: Mike Lloyd<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 3:45 PM - Carolina<br />
3:45 PM<br />
Proposed Approach for Simple Support System Initiating<br />
Event (SSIE) Fault Trees<br />
Michael Lloyd (a), Heather L. Detar (b), Ashley Peterman (c)<br />
a) Risk Informed Solutions Consulting Services, Inc., b) Westinghouse Electric Corporation, c) Xcel Energy<br />
Company<br />
This paper introduces several new support system initiating event (SSIE) modeling<br />
methods. Incentive for developing these methods was provided by inadequacies in<br />
those currently used <strong>and</strong> difficulty in implementing the Explicit Event method recommended<br />
in EPRI Technical Update Report 1016741. One of these new SSIE modeling<br />
methods, the Composite method, was found to have valuable characteristics: it can<br />
accurately estimate the SSIE frequency, is relatively easy to implement, use, maintain,<br />
<strong>and</strong> document, can be used as a st<strong>and</strong>-alone SSIE model or integrated into a PRA<br />
model, is consistent with existing PRA software capabilities, <strong>and</strong> meets all applicable<br />
requirements of the PRA St<strong>and</strong>ard <strong>and</strong> Reg. Guide 1.200. As such, the Composite<br />
SSIE method is recommended for general use in the industry. This method should be<br />
considered a tool available to PRA analysts who have immediate need for a practical<br />
<strong>and</strong> easily implemented SSIE modeling method which can be integrated with a full<br />
PRA model <strong>and</strong> applied in risk applications. This paper describes the Composite SSIE<br />
model in detail <strong>and</strong> briefly describes two other SSIE methods developed in support of<br />
this paper. It describes applicable PRA requirements related to SSIEs <strong>and</strong> describes<br />
limitations of the Composite <strong>and</strong> other models. The paper also provides a detailed<br />
example application of the Composite modeling method to create a SSIE fault tree<br />
from a post-initiator support system fault tree of a simplified hypothetical but realistic<br />
Service Water (SW) plant support system. The Composite SSIE model was quantified<br />
<strong>and</strong> its cutset <strong>and</strong> frequency results were verified to be reasonable by comparing<br />
them with the results obtained from the other two new methods. Example sensitivity<br />
analyses were performed using the Composite model results to demonstrate the effect<br />
of varying SSIE model assumptions.<br />
4:10 PM<br />
Updated <strong>and</strong> Improved Methodology for treating Interfacing<br />
System LOCAs<br />
C.H. Matos <strong>and</strong> R.J. Wolfgang (a), D.E. Gaynor (b)<br />
a) ERIN Engineering, West Chester, PA, b) Entergy Nuclear<br />
Interfacing system loss of coolant accidents (ISLOCAs) are caused by the failure of<br />
piping <strong>and</strong> other components designed for low pressures as a result of their exposure<br />
to high pressure reactor coolant. Because piping susceptible to ISLOCAs is routed<br />
both inside <strong>and</strong> outside containment, the potential exists for unmitigated LOCAs <strong>and</strong><br />
for containment bypass <strong>and</strong> subsequent radionuclide release to the primary auxiliary<br />
building (PAB). Due to the need for quantification of risk caused by an interfacing system<br />
LOCA, it was necessary for a methodology to be developed that met the ASME<br />
PRA St<strong>and</strong>ard. This was done for a specific plant <strong>and</strong> followed NUREG/CR-5744 in<br />
providing screening criteria. Using the criteria from NUREG/CR-5744, all lines that<br />
penetrate containment were checked. Lines were checked against the screening criteria<br />
if they directly connected an interfacing system <strong>and</strong> the reactor coolant system.<br />
Lines that did not meet the screening criteria were retained as susceptible to ISLOCA.<br />
Additional lines were susceptible if valves in the line were periodically stroke-tested.<br />
Using this list, ISLOCA pathways were determined. Some were screened out after<br />
qualitative <strong>and</strong> quantitative reasoning. The remaining lines were modeled in a fault<br />
tree using CAFTA software. Values for component failure were obtained from either<br />
generic or plant specific sources. Finally, pipe fragilities were determined. NUREG/<br />
CR-5603 was used to determine the line rupture frequency given the identifying characteristics<br />
of the pipe from piping schedules. Quantification of this model gave an accurate<br />
representation of the risk due to an ISLOCA event for this specific plant.<br />
Fault Tree Initiating Events<br />
4:35 PM<br />
Support System Initiating Events – Selection of a Modeling<br />
Method for the Columbia Generating Station PSA<br />
Eric J. Jorgenson (a), Albert T. Chiang (b)<br />
a) Maracor Software & Engineering, Inc., Seattle, WA, b) Energy Northwest, Columbia Generating Station,<br />
Richl<strong>and</strong>, WA<br />
This paper examines the considerations made to select the most suitable method to<br />
model <strong>and</strong> quantify the support system initiating events for the Columbia Generating<br />
Station Probabilistic Safety Assessment (Columbia PSA). EPRI 1016741 [1], which<br />
was utilized as the primary resource for these considerations, documents selection<br />
considerations <strong>and</strong> technical approaches for the three generally known methodologies:<br />
1) explicit event method, 2) point-estimate fault tree method, <strong>and</strong> 3) multiplier<br />
method. The Columbia PSA development team sought specific features for the SSIE<br />
modeling, with a primary goal of meeting Capability Category II of the ASME / ANS<br />
Combined St<strong>and</strong>ard. This work was performed in 2008 <strong>and</strong> 2009 as part of an internal<br />
events PSA upgrade to meet Capability Category II of the ASME/ANS Probabilistic<br />
Risk Assessment (PRA) St<strong>and</strong>ard [2], in accordance with Regulatory Guide 1.200<br />
[3]. Although the EPRI 1016741 SSIE guidance encourages using the explicit event<br />
method, the multiplier method was found to offer overwhelming advantages for the<br />
Columbia PSA <strong>and</strong> provided the specific features that the PSA development team<br />
sought. To develop the SSIE multiplier modeling, the methodologies recommended<br />
by EPRI 1016741 were utilized. This paper does not detail the methodologies, as this<br />
would be duplicative, but instead provides the highlights of implementing the multiplier<br />
method. This paper also examines the concerns that PSA developers have cited for<br />
the multiplier method, <strong>and</strong> provides an assessment / resolution of each concern.
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Tuesday March 15, 2011 - 6:30 PM - Gr<strong>and</strong> Ballroom<br />
Banquet<br />
Kevin C. Walsh - Senior Vice President, Nuclear Fuel Cycle, GE Hitachi Nuclear Energy<br />
Kevin C. Walsh was named Senior Vice President, GE Hitachi Nuclear Energy (GEH) <strong>and</strong><br />
Chief Executive Officer of Global Nuclear Fuel, LLC, the legal entity that manages the Global<br />
Nuclear Fuel joint venture of GE, Hitachi <strong>and</strong> Toshiba, headquartered in Wilmington, North<br />
Carolina in October 2009. In his role Kevin leads all nuclear fuel cycle activities for GEH,<br />
including the global BWR fuel business <strong>and</strong> the recently formed laser enrichment business.<br />
Kevin joined GEH from his most recent role as General Manager-Nuclear Services on September<br />
4, 2006. Kevin is located at GE Nuclear Headquarters in Wilmington, NC where he is<br />
responsible for managing the Parts, Services <strong>and</strong> Repair work associated with GE’s Nuclear<br />
business globally.<br />
Kevin joined GE as a Field Engineer in 1984. He subsequently served as Project Manager,<br />
Plant Manager of a 50 MW Cogeneration Power Plant in Bethpage, NY <strong>and</strong> later as Plant<br />
Manager of 250 MW Cogeneration Plant in Springfield, MA.<br />
Kevin went on to positions in GE Energy Services as Manager-Long Term Service Agreements, General Manager-Operations<br />
for Contractual Services, General Manager- Performance Services, <strong>and</strong> General Manager-Field Services where he<br />
had responsibility for over 1,500 Field Engineers leading the installation, uprate, <strong>and</strong> maintenance activities for both GE<br />
<strong>and</strong> non-GE large gas turbines, steam turbines <strong>and</strong> generators as well as supporting Industrial power delivery <strong>and</strong> drives<br />
<strong>and</strong> controls activities.<br />
Kevin has 29 years experience in the Power Industry with an extensive background in Operations <strong>and</strong> Maintenance. He<br />
began his career sailing on ships in the Merchant Marine as a Licensed Engineer before joining GE. He attended the<br />
United States Merchant Marine Academy where he received a B.S. Degree in Marine Engineering.<br />
57
58<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 8:00 AM - Gr<strong>and</strong> Ballroom<br />
Plenary Session III<br />
John Kelly - DOE Deputy Assistant Secretary for Nuclear Energy<br />
Dr. John E. Kelly was appointed Deputy Assistant Secretary for Nuclear Reactor Technologies<br />
in the Office of Nuclear Energy in October 2010. He is responsible for the Department<br />
of Energy’s nuclear reactor research <strong>and</strong> development programs for Light Water Reactors,<br />
Gas Cooled Reactors, Small Modular Reactors, <strong>and</strong> advanced reactor concepts. His office is<br />
also responsible for the advanced modeling <strong>and</strong> simulation program within DOE-NE.<br />
Prior to joining the Department of Energy, Dr. Kelly spent 30 years at S<strong>and</strong>ia National Laboratories<br />
where he was engaged in a broad spectrum of research programs in nuclear reactor<br />
safety, advanced nuclear energy technology, <strong>and</strong> national security. In the reactor safety field,<br />
he led efforts to establish the scientific basis for assessing the risks of nuclear power plant<br />
operation <strong>and</strong> specifically those risks associated with potential accident scenarios. His research<br />
focused on core melt progression phenomena <strong>and</strong> led to an improved underst<strong>and</strong>ing<br />
of the Three Mile Isl<strong>and</strong> accident. In the advanced nuclear energy technology field, he led<br />
S<strong>and</strong>ia’s efforts to develop advanced concepts for space nuclear power, Generation IV reactors,<br />
<strong>and</strong> proliferation-resistant <strong>and</strong> safe fuel cycles. These research activities explored new<br />
technologies aimed at improving the safety <strong>and</strong> affordability of nuclear power. In the national security field, he led national<br />
efforts to evaluate the safety <strong>and</strong> technical viability of tritium production technologies.<br />
Dr. Kelly is an active member of the American Nuclear Society <strong>and</strong> has served on the Nuclear Installations Safety Division<br />
for the last 2 decades in a number of leadership positions. His committee work has focused on increasing the publication<br />
of scientific work in the nuclear safety field <strong>and</strong> in developing national positions on the safety of nuclear power.<br />
Dr. Kelly received his B.S. in nuclear engineering from the University of Michigan in 1976 <strong>and</strong> his Ph.D. in nuclear engineering<br />
from the Massachusetts Institute of Technology in 1980.
Session Chair: Martina Kloos<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 9:00 AM - Azalea<br />
9:00 AM<br />
Extension of CAFTA with Dymonda Module To Analyze Dynamic<br />
Accident Scenarios<br />
Scott Dixon, Michael Yau, Sergio Guarro<br />
ASCA, Inc., Redondo Beach, CA<br />
This paper discusses the development <strong>and</strong> applications of an advanced Probabilistic<br />
Risk Assessment (PRA) tool. This tool is an integration of the ASCA, Inc. developed<br />
Dymonda software <strong>and</strong> the EPRI managed CAFTA software. This integrated tool<br />
extends the “conventional PRA” capabilities of the CAFTA software to solve timedependent<br />
accident scenarios completely within the CAFTA environment. The class of<br />
time-dependent scenarios targeted contains recovery actions <strong>and</strong> time dependencies.<br />
Solutions to this class of scenarios traditionally require calculations external to CAFTA<br />
which are generally difficult to manage. The integrated tool permits the modeling <strong>and</strong><br />
analysis of the aforementioned time-dependent scenarios entirely within the CAFTA<br />
environment without doing any external calculations. Under EPRI sponsorship, this<br />
integrated tool was applied to the Loss of Offsite Power (LOSP) time-dependent risk<br />
scenario for the Turkey Point Nuclear Facility. In the first phase, a loosely coupled<br />
method was applied which used DFM models to identify “recovery rules” <strong>and</strong> correction<br />
factors to account for the possibility of time-dependent offsite power <strong>and</strong>/or diesel<br />
power recovery. In the second phase, a closely coupled solution was implemented.<br />
The dynamically consistent LOSP cut-sets were identified <strong>and</strong> quantified by means of<br />
DFM models. The cut-set information was then transmitted into CAFTA in st<strong>and</strong>ard-<br />
PRA-compatible format. Ongoing work is being done to apply this integrated tool to<br />
a case study involving fire risk scenarios with HRA (Human Reliability Analysis) aspects.<br />
Dynamic PSA - 4<br />
9:25 AM<br />
Heartbeat Model for Component Failure Time in Simulation of<br />
Plant Behavior<br />
R. W. Youngblood, R. R. Nourgaliev, D. L. Kelly, C. L. Smith, <strong>and</strong> T-N. Dinh<br />
Idaho National Laboratory, Idaho Falls, ID<br />
As part of the Department of Energy’s “Light Water Reactor Sustainability Program”<br />
(LWRSP), we are developing a methodology <strong>and</strong> associated tools for risk-informed<br />
characterization of safety margin that can be used to support decision-making about<br />
plant life extension beyond the first license renewal. Beginning with the traditional discussion<br />
of “margin” in terms of a “load” (a physical challenge to system or component<br />
function) <strong>and</strong> a “capacity” (the capability of that system or component to accommodate<br />
the challenge), we are developing the capability to characterize realistic probabilistic<br />
load <strong>and</strong> capacity spectra, reflecting both aleatory <strong>and</strong> epistemic uncertainty in system<br />
behavior. This way of thinking about margin comports with work done in the last 10<br />
years. However, current capabilities to model in this way are limited: it is currently possible,<br />
but difficult, to validly simulate enough time histories to support quantification in<br />
realistic problems, <strong>and</strong> the treatment of environmental influences on reliability is relatively<br />
artificial in many existing applications. The INL is working on a next-generation<br />
safety analysis capability (widely referred to as “R7”) that will enable a much better<br />
integration of reliability- <strong>and</strong> phenomenology-related aspects of margin. In this paper,<br />
we show how to implement cumulative damage (“heartbeat”) models for component<br />
reliability that lend themselves naturally to being included as part of the phenomenology<br />
simulation. Implementation of this modeling approach relies on the way in which<br />
the phenomenology simulation implements dynamic time step management. Within<br />
this approach, component failures influence the phenomenology, <strong>and</strong> the phenomenology<br />
influences the component failures.<br />
59
60<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 9:00 AM - Camellia/Dogwood<br />
Risk-Informed Decision Making - 2<br />
Session Chair: Dana Kelly<br />
9:00 AM<br />
Using PRA to Improve Safety Through Design <strong>and</strong> Operational<br />
Changes<br />
Robert Lutz<br />
Westinghouse Electric Company, Cranberry Township, PA<br />
The design <strong>and</strong> operation of the existing fleet of nuclear power plants was based on<br />
conservative design basis analyses to show reasonable assurance of compliance with<br />
regulatory requirements. These conservative analyses were often focused on meeting<br />
singular requirements using very detailed, focused analyses without consideration of<br />
the overall safety impact. With the maturing of Probabilistic Risk Assessment (PRA)<br />
as a tool for risk-informed decision making, the opportunity exists to re-visit some of<br />
design <strong>and</strong> operational features of the plants in light of their overall impact on safety<br />
as measured by risk metrics of core damage frequency (CDF) <strong>and</strong> large early release<br />
frequency (LERF).<br />
Using risk assessment techniques, several changes to existing design features <strong>and</strong><br />
emergency procedures can be identified that would result in a decrease in either CDF<br />
or LERF, but just as importantly reduce uncertainties <strong>and</strong> provide additional defense<br />
in depth. Thus an overall improvement in safety can be obtained. One of the most risk<br />
significant changes identified is elimination of automatic initiation of containment spray<br />
on high containment pressure. Another key change that has been identified is the elimination<br />
of rapid starting <strong>and</strong> loading of the diesel generators. Insights from the PRA<br />
have also been used to change Emergency Operating Procedures to decrease the<br />
potential for operator errors in performing key actions that impact CDF or LERF. The<br />
barrier to implementation of these changes is, in some cases, the approved analysis<br />
methods to show compliance with various deterministic regulatory requirements. This<br />
paper describes the basis for recommending these design <strong>and</strong> operational changes<br />
as well as regulatory barriers to change.<br />
9:25 AM<br />
An Approach for Holistic Consideration of Defence in Depth<br />
for Nuclear Installation Using Probabilistic Techniques<br />
I. Kuzmina, M. El-Shanawany, M. Modro, <strong>and</strong> A. Lyubarskiy<br />
International Atomic Energy Agency, Vienna, Austria<br />
The concept of defence in depth (DiD) is fundamental to the safety of nuclear installations.<br />
DiD is referred in the safety st<strong>and</strong>ards produced by the International Atomic<br />
Energy Agency (IAEA) as the primary means of preventing <strong>and</strong> mitigating the consequences<br />
of accidents in nuclear installations. DiD provides a hierarchical deployment<br />
of quality independent different levels of equipment <strong>and</strong> procedures in order to<br />
maintain the effectiveness of physical barriers placed between radioactive materials,<br />
the workers, public, <strong>and</strong> the environment during normal operation states <strong>and</strong> potential<br />
accident conditions. DiD ensures that a high level of safety is achieved with sufficient<br />
margins to compensate for potential equipment failures <strong>and</strong> human errors. Several<br />
publications were produced by the IAEA on DiD over the last twenty years that summarized<br />
the basic principles for DiD <strong>and</strong> provided high-level guidance on the assessment<br />
of defence in depth for nuclear power plants (NPP). The IAEA is further developing the<br />
approach for the representation <strong>and</strong> assessment of DiD in nuclear installations emphasizing<br />
the need for a holistic consideration of the levels of DiD in conjunction with<br />
deterministic <strong>and</strong> probabilistic goals <strong>and</strong> success criteria. Particularly, an investigation<br />
is being conducted by the IAEA to explore on the use of probabilistic techniques for<br />
the assessment of compliance with DiD for new NPP designs. Different categories of<br />
initiating events are considered in conjunction with equipment reliability requirements.<br />
The paper summarizes the available outcome of the work <strong>and</strong> outlines a possible<br />
holistic approach for effective application of DiD principles.
Session Chair: William E. Burchill<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 9:00 AM - Magnolia<br />
9:00 AM<br />
The Past <strong>and</strong> Current Proliferation Resistance R&D Activities<br />
in KAERI<br />
Ho-Dong Kim, Hong-Lae Chang, Won Il Ko, Hee-Sung Shin, Seong-Kyu<br />
Ahn<br />
Korea Atomic Energy Research Institute, Daejeon, Republic of Korea<br />
The Republic of Korea has carried out vigorous research <strong>and</strong> development activities<br />
on nuclear fuel cycle technology options such as direct disposal, Direct Use of PWR<br />
Spent fuel in CANDU Reactors (DUPIC), <strong>and</strong> pyroprocessing for the management of<br />
spent fuel. Since the proliferation resistance is one of the key issues in the fuel cycle<br />
option studies, the Koran Atomic Energy Research Institute (KAERI) has engaged in<br />
R&D to develop methodologies to evaluate the proliferation resistance of nuclear fuel<br />
cycles, as well as to enhance the level of proliferation resistance. This paper introduces<br />
the past <strong>and</strong> current R&D activities undertaken at the KAERI on the evaluation<br />
of proliferation resistance of direct disposal, DUPIC <strong>and</strong> pyroprocessing fuel cycles, as<br />
well as on international collaboration within the framework of INRPO <strong>and</strong> Generation<br />
IV International Forum in the area of proliferation resistance of nuclear energy systems.<br />
KAERI is currently performing an IAEA Member State Support Program (MSSP)<br />
on the safeguards approach development for the pyroprocessing facility. Even though<br />
the pyroprocessing technology is still in the development stage, efforts to make a<br />
vulnerability assessment of pyroprocessing with available design information are currently<br />
undertaking. (Not included in proceedings)<br />
Proliferation Risk - 1<br />
9:25 AM<br />
The Need for Proliferation Risk Assessment<br />
William E. Burchill<br />
Consultant, Past President, American Nuclear Society<br />
This paper presents the need for quantitative assessment of proliferation risk. Current<br />
non-proliferation methodologies provide a basic taxonomy of proliferation pathways.<br />
However, the relative likelihood of these pathways is currently known only qualitatively,<br />
subjectively, incompletely, <strong>and</strong> in many cases arguably, i.e., there is disagreement<br />
among experts. Therefore, efforts to quantify all elements of proliferation pathways<br />
including the effectiveness of various proliferation barriers would provide significant<br />
insights with which to guide policies <strong>and</strong> actions to deter potential proliferators. PRA<br />
(probabilistic risk assessment) techniques could be applied to close this knowledge<br />
gap. This paper refers to this application as “proliferation PRA.”<br />
61
62<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 9:00 AM - Salon A<br />
Fire PSA Methods - 6<br />
Session Chair: Pedro Fernández Ramos<br />
9:00 AM<br />
Fire Analyses Performed by Empresarios Agrupados for<br />
some Spanish NPPs<br />
Pedro Fernández Ramos<br />
Empresarios Agrupados, Madrid, Spain<br />
Spanish nuclear power plants are undergoing a process of updating their fire risk<br />
analyses as part of the requirements for updating the probabilistic safety analyses<br />
in the framework of periodic safety revisions. In some cases, this is also part of the<br />
transition process to NFPA 805 as an alternative to the current licensing bases for fire<br />
protection.<br />
Because part of the transition process requires carrying out analyses such as:<br />
A deterministic fire analysis<br />
A probabilistic fire analysis<br />
Empresarios Agrupados has undertaken to carry out both the deterministic <strong>and</strong> probabilistic<br />
analyses for the nuclear power plants at Almaraz, Ascó <strong>and</strong> V<strong>and</strong>ellós 2, all of<br />
which are Westinghouse PWR plants.<br />
9:25 AM<br />
Application of the NUREG/CR-6850 EPRI/NRC Fire PRA Methodology<br />
to a DOE Facility<br />
Heather Lucek, Jim Bouchard, Tom Elicson, Ray Jukkola, Duan Phan (a),<br />
Bentley Harwood <strong>and</strong> Richard Yorg (b)<br />
a) WorleyParsons Polestar, Inc, Idaho Falls, ID, b) Battelle Energy Alliance, LLC, Idaho Falls, ID<br />
The application NUREG/CR-6850 EPRI/NRC fire PRA methodology to DOE facility<br />
presented several challenges. This paper documents the process <strong>and</strong> discusses several<br />
insights gained during development of the fire PRA. A brief review of the tasks<br />
performed is provided with particular focus on the following:<br />
• Tasks 5 <strong>and</strong> 14: Fire-induced risk model <strong>and</strong> fire risk quantification. A key lesson<br />
learned was to begin model development <strong>and</strong> quantification as early as possible in the<br />
project using screening values <strong>and</strong> simplified modeling if necessary.<br />
• Tasks 3 <strong>and</strong> 9: Fire PRA cable selection <strong>and</strong> detailed circuit failure analysis. In retrospect,<br />
it would have been beneficial to perform the model development <strong>and</strong> quantification<br />
in 2 phases with detailed circuit analysis applied during phase 2. This would have<br />
allowed for development of a robust model <strong>and</strong> quantification earlier in the project <strong>and</strong><br />
would have provided insights into where to focus the detailed circuit analysis efforts.<br />
• Tasks 8 <strong>and</strong> 11: Scoping fire modeling <strong>and</strong> detailed fire modeling. More focus should<br />
be placed on detailed fire modeling <strong>and</strong> less focus on scoping fire modeling. This was<br />
the approach taken for the fire PRA.<br />
• Task 14: Fire risk quantification. Typically, multiple safe shutdown (SSD) components<br />
fail during a given fire scenario. Therefore dependent failure analysis is critical to obtaining<br />
a meaningful fire risk quantification. Dependent failure analysis for the fire PRA<br />
presented several challenges which will be discussed in the full paper.
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 9:00 AM - Salon B<br />
Significance Determination Process<br />
Session Chair: Greg Krueger<br />
9:00 AM<br />
Recent Updates of Risk Assessment St<strong>and</strong>ardization Project<br />
(RASP) H<strong>and</strong>book for Risk Assessment of Operational<br />
Events<br />
S.M. Wong, C.S. Hunter, <strong>and</strong> F.P. Bonnett<br />
U.S. Nuclear Regulatory Commission, USNRC, Washington, D.C.<br />
This paper provides an overview of recent updates <strong>and</strong> ongoing activities to enhance<br />
the NRC Risk Assessment St<strong>and</strong>ardization Project (RASP) H<strong>and</strong>book for risk assessment<br />
of operational events. This RASP H<strong>and</strong>book was developed to provide consistent<br />
methods for use by NRC staff in performing risk assessments in various risk-informed<br />
regulatory applications. The H<strong>and</strong>book describes methods that are used in risk<br />
analysis of plant conditions for Significance Determination Process (SDP) Phase 3<br />
analyses, <strong>and</strong> for the Accident Sequence Precursor (ASP) program <strong>and</strong> Management<br />
Directive (MD) 8.3 event assessments. Revision 1 of the RASP H<strong>and</strong>book containing<br />
Volumes 1, 2 <strong>and</strong> 3 has been updated on a periodic <strong>and</strong> as-needed basis, based on<br />
user comments <strong>and</strong> insights gained from field application of the documents. In concert<br />
with ongoing activities to enhance the RASP H<strong>and</strong>book, new topics are being added<br />
to future revisions of the H<strong>and</strong>book to streamline risk assessments performed by NRC<br />
staff.<br />
9:25 AM<br />
Examples of Risk Assessments in Support of Significance<br />
Determination Process (SDP) Evaluations at San Onofre Nuclear<br />
Generating Station (SONGS)<br />
Parviz Moieni, Michelle P. Carr, Craig F. Nierode<br />
Southern California Edison<br />
The purpose of this paper is to describe a few examples of risk assessments in support<br />
of significance determination process (SDP) evaluations at SONGS. The SDP uses<br />
probabilistic risk assessment (PRA) methods to assess the safety significance of various<br />
findings or events at nuclear power plants (NPPs). The focus of this paper is on<br />
Phase 3 SDPs, where detailed PRA evaluations performed by the NRC’s senior reactor<br />
analysts (SRAs) <strong>and</strong> plant PRA staff, are used to determine the safety significance<br />
of the findings or events. SDPs are typically used to assess the safety significance<br />
of events documented in Licensee Event Reports (LERs), inspection findings, <strong>and</strong><br />
equipment failures or deficiencies impacting the plant risk. The examples discussed in<br />
this paper include the safety significance evaluations of: 1) a loss of emergency core<br />
cooling system (ECCS), 2) a loss of main feedwater (LMFW) event, 3) a seismically<br />
unrestrained 4.16 kV breaker, <strong>and</strong> 4) potential inadequate Maintenance Rule (a)(4)<br />
risk assessment due to erroneous room heat up calculation results used in the PRA<br />
model.<br />
63
64<br />
Session Chair: Robert Budnitz<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 9:00 AM - Carolina<br />
9:00 AM<br />
Application of Low Power <strong>and</strong> Shutdown PSA Insights to<br />
Development <strong>and</strong> Implementation of Full Scope Severe Accident<br />
Management Guidelines Covering All Plant Operating<br />
States for VVER And PWR in Europe<br />
Oleg Solovjanov (a), Robert Lutz (b), Antoine Rubbers (a)<br />
a) Westinghouse Electric Belgium S.A., Nivelles, Belgium, b) Westinghouse Electric Company LLC,<br />
Cranberry, PA<br />
Over the past fifteen years many of the nuclear power plants worldwide have been<br />
equipped with a capability for severe accident management. This has been driven<br />
partly by the Severe Accident Management Guidance (SAMG) developed by owners<br />
groups in the USA for plant specific applications. At the same time Probabilistic Safety<br />
Analyses (PSA) have been extended to shutdown <strong>and</strong> low power operation modes in<br />
many countries [1]. Many studies such as the shutdown PSA for Beznau, Koeberg,<br />
EdF 900/1300, <strong>and</strong> VVER plants in Central Europe (Hungary, Slovak <strong>and</strong> Czech Republic)<br />
as well as latest industry events, such as Paks NPP shutdown fuel damage accident<br />
[2], demonstrated that the core damage frequency from an accident occurring<br />
when at shutdown or low power operation modes was of the same order of magnitude<br />
<strong>and</strong> even higher (up to 80% of CDF for some plants) than the one at power.<br />
In response to the needs of the European community, Westinghouse has developed<br />
Shutdown SAMG (SSAMG) that is integrated into at-power Westinghouse Owners<br />
Group (WOG) SAMG to form a complete symptom-based SAMG package applicable<br />
to all Plant Operational States (POS). The development of the SSAMG is based on<br />
the shutdown <strong>and</strong> low power PSA studies performed for the European plants. The<br />
principal changes required in the entry conditions, diagnostic parameters, diagnostic<br />
prioritization, as well as specific severe accident guidelines <strong>and</strong> development of new<br />
guideline. The SSAMG methodology based on this approach is matured <strong>and</strong> has been<br />
implemented at several operating plants with different reactor types: Westinghouse<br />
PWR, AREVA PWR, <strong>and</strong> VVER.<br />
The impact of SSAMG has also been included in a number of recent PSAs for plants<br />
that have implemented the SSAMG <strong>and</strong> this has tended to lead to a reduction in the<br />
core damage frequency, large early release frequency, <strong>and</strong> source term frequencies.<br />
The Westinghouse methodology to extend the applicability of the WOG SAMG to<br />
shutdown <strong>and</strong> low power conditions <strong>and</strong> the basis derived from the low power <strong>and</strong><br />
shutdown PSA studies is described.<br />
Shutdown PSA - 1<br />
9:25 AM<br />
Quantification of A 3 Loops Westinghouse PWR Outage Key<br />
Safety Functions Using Probabilistic Safety Assessment<br />
M.M. Cid, J.Dies, C.Tapia, O.Viñals<br />
Nuclear Engineering Research Group (NERG), Department of Physics <strong>and</strong> Nuclear Engineering (DFEN),<br />
Technical University of Catalonia (UPC), Barcelona, Spain<br />
The developed methodology provides a guidance of the systematic of using Probabilistic<br />
Safety Assessment (PSA) for the evaluation of guides or procedures which<br />
ensure the compliment of the Outage Key Safety Functions (OKSF) in nuclear power<br />
plants. As a pilot experience, the methodology has been applied to the 3th <strong>and</strong> 13th<br />
Operational Plant State (OPS), always within the operational mode 4 of a 3 loops<br />
Westinghouse Pressurized Water Reactor. The analyzed procedure requires the operability<br />
of just one charge pump as boric acid supply source. PSA gives a Core Damage<br />
Frequency increase (DCDF) of 1.19·10-6 year-1 for the pump in st<strong>and</strong>by, consequently,<br />
an exposure time T= 53.6 hours. Given an average time for the OPS of 40 hours,<br />
it is concluded the correct treatment of the procedure. However, it could be improved<br />
with the inclusion of an additional inventory replacement function. This would limit the<br />
charge pump unavailability. On the other h<strong>and</strong>, the availability of the external electrical<br />
sources is ratified. The procedure requires the operability of both supplies during<br />
the OPS. The unavailability of one of them (transformer fail) involves a DCDF equal to<br />
1.64·10-5 year-1 <strong>and</strong> a T= 3.89 hours. Then, it is considered appropriate the treatment<br />
of the procedure from the PSA point of view.
Session Chair: Jeff Riley<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 10:05 AM - Azalea<br />
10:05 AM<br />
The Performance And Importance Analysis Of Power Systems<br />
Based On Bayesian Networks<br />
Shubin SI, Caitao LI, Zhiqiang CAI, Wei HU<br />
Ministry of Education Key Laboratory of Contemporary Design <strong>and</strong> Integrated Manufacturing Technology,<br />
School of Mechantronics, Northwestern Polytechnical University, Shaanxi, P.R. China<br />
Because the power systems are becoming more gigantic, it is important for the power<br />
corporations to monitor the performance of power systems <strong>and</strong> determine which object<br />
needs maintenance most in the operation. With the advantages of describing<br />
uncertain variables <strong>and</strong> conditional independence relationships, we introduce the<br />
Bayesian network (BN) to build the performance <strong>and</strong> importance analysis model of<br />
power systems in this paper. The st<strong>and</strong>ard multilayer BN (MLBN) unit is put forward<br />
at first to represent different kinds of inner or outer factors in the power system. Then,<br />
the special meanings of nodes <strong>and</strong> edges in the equipment layer, station layer <strong>and</strong><br />
network layer of MLBN are discussed in detail. Third, the integration method of MLBN<br />
in these three layers is also described to facilitate the modeling <strong>and</strong> inference process.<br />
Based on the built MLBN model of power system, the system performance <strong>and</strong> importance<br />
analysis approaches are demonstrated with corresponding posterior probability<br />
distributions. At last, the case study based on the Yunnan electric power corporation<br />
(China) is implemented. The practical transformer model shows that the proposed<br />
MLBN method can describe the inner & outer factors <strong>and</strong> relationships well to provide<br />
useful performance <strong>and</strong> importance analysis helps.<br />
10:30 AM<br />
Fast Calculation Methods of Importance Measures in the<br />
Fault Tree Analysis<br />
Woo Sik Jung <strong>and</strong> Joon-Eon Yang<br />
Korea Atomic Energy Research Institute, Daejeon, South Korea<br />
This paper explains improved methods to calculate importance measures that are<br />
based on Rare Event Approximation (REA) <strong>and</strong> Min Cut Upper Bound (MCUB) probabilities.<br />
The new methods were developed to accelerate the importance measure calculation<br />
of enormous Minimal Cut Sets (MCSs). The new methods embody one-time<br />
accessing of the MCSs <strong>and</strong> individual quantification of MCSs. By the new methods<br />
for the importance measure calculations of huge MCSs, the MCSs are individually<br />
accessed <strong>and</strong> quantified just one time regardless of their location in a hard disk or<br />
computer memory. By virtue of the individual quantification of MCSs, these methods<br />
do not require a large computer memory <strong>and</strong> they can be used even when the huge<br />
MCSs cannot be loaded into a memory.<br />
Additionally, a fast computing method of the importance measures by the Zero-suppressed<br />
Binary Decision Diagram (ZBDD) structure is introduced in this paper. The<br />
ZBDD-based importance measure calculation also realizes the one-time accessing of<br />
the MCSs. However, the acceleration with the ZBDD is limited to the case of importance<br />
measure calculation using REA probabilities <strong>and</strong> the case when the ZBBD can<br />
be loaded into a memory. That is, there is no available acceleration method for the<br />
importance measures using MCUB probabilities.<br />
Advanced PSA Methods<br />
10:55 AM<br />
Utilizig Degradation Monitorig for Operatioal Risk Assessmet<br />
Bulent Alpay <strong>and</strong> James Paul Holloway<br />
Department of Nuclear Engineering <strong>and</strong> Radiological Sciences, University of Michigan, Ann Arbor, MI<br />
System/component degradations in nuclear power plants lead to reduction in system<br />
performance <strong>and</strong> plant economy, <strong>and</strong> further challenge safe operation of a plant by<br />
reducing the safety margins if they remain undetected. In many instances, it is hard<br />
to observe the signatures of degradation on the system behavior directly due to inefficient<br />
sensor placement, small disturbances as compared to measurement uncertainties,<br />
etc. Simultaneous multicomponent degradations may also mask the signatures<br />
of the degradations. For the cases when degradations in components/systems are<br />
detected <strong>and</strong> estimated, quantifying the operational risk associated with these degradations<br />
in that NPP in a timely manner is essential.<br />
We propose a degradation monitoring technique that is capable of detecting <strong>and</strong> estimating<br />
simultaneous multicomponent degradations for high dimensional <strong>and</strong> highly<br />
nonlinear systems. We present a degradation monitoring technique based on sequential<br />
Monte Carlo filtering with an adaptive Markov chain Monte Carlo (MCMC) step.<br />
This step works as a multiple hypotheses testing algorithm in which the hypotheses<br />
are constructed by utilizing a degradation database, which is compiled via past operational<br />
experience <strong>and</strong> manufacturer specifications. The adaptation scheme is based<br />
on a comparison of reproducibility of the limited number of measurements of the particles<br />
coming from the filter itself <strong>and</strong> from the degradation database to estimate the<br />
degradations in the components. A loworder model of a balance of plant of a boiling<br />
water reactor (BWR) is chosen as a demonstrative application. We show tests of our<br />
degradation monitoring algorithm for the estimation of nominal states, <strong>and</strong> multicomponent<br />
degradations.<br />
In addition, we utilize the resistancestress model taken from structural reliability analysis<br />
to evaluate the functional/performance failure probability of a degraded system <strong>and</strong><br />
further assess its risk on plant operation.<br />
11:20 AM<br />
Quantitative Risk Assessment Using Hybrid Causal Logic<br />
Model<br />
Yan Fu Wang, Min Xie, Shahrzad Faghih Roohi<br />
Department of Industrial & Systems Engineering, National University of Singapore, Singapore<br />
This paper presents a hybrid causal logic model, which integrates the traditional<br />
Quantitative Risk Assessment (QRA) models with Bayesian Network (BN) incorporating<br />
human <strong>and</strong> organizational factors. The multi-phase model allows different risk<br />
assessment methods to be applied to different parts. In the first phase, Event Tree<br />
(ET) defines the base scenarios for the source of risk issues. In the second phase,<br />
Fault Tree (FT) is used to model the factors how to contributing to the final failures. BN<br />
comprise the third phase, which extends the causal chain of basic events to potential<br />
human <strong>and</strong> organizational roots <strong>and</strong> provide a more precise quantitative links between<br />
the event nodes. The new model integrates the power of typical QRA for modeling deterministic<br />
causal paths with the flexibility of BN for modeling non-deterministic causeeffect<br />
relationships. The integration algorithm is demonstrated on an offshore fire case<br />
study. It clearly shows the new model is more flexible <strong>and</strong> useful than traditional QRA<br />
models.<br />
65
66<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 10:05 AM - Camellia/Dogwood<br />
Risk-Informed Technical Specifications<br />
Session Chair: Mike Snoderly<br />
10:05 AM<br />
Risk-Managed Technical Specifications Application At STP:<br />
More Than Three Years Of Experience<br />
Fatma Yilmaz, Ernie Kee, <strong>and</strong> Rick Grantom<br />
South Texas Project Electric Generating Station, Wadsworth, TX<br />
South Texas Project (STP) implemented Risk-Managed Technical Specifications<br />
(RMTS) in 2007. The overall objective of the RMTS initiative is to provide a risk-based<br />
approach to assign the amount of time allowed (allowed outage time, AOT) for certain<br />
equipment important to safety to be out of service. Classically, Technical Specifications<br />
have been written with AOTs based on heuristics or deterministic criteria. As<br />
a consequence, maintenance events unimportant to safety have caused unnecessary<br />
plant shutdowns or significant Regulator <strong>and</strong> plant staff resources to determine<br />
a more reasonable time (for example, Notice of Enforcement Discretion). Three <strong>and</strong> a<br />
half years after implementation, the STP RMTS program has proved its worth, giving<br />
unprecedented operational flexibility to STP by delivering possibly the largest operating<br />
envelope with respect to Technical Specifications in any US commercial nuclear<br />
electric generating station. From the perspective of the STP Risk Management group,<br />
there have been some lessons learned about the program’s implementation. In this<br />
article, we focus primarily on experience with the plant application, Risk Informed<br />
Completion Time Calculator (RICTCal), which provides Operators the tool needed to<br />
accurately determine the limiting times associated with RMTS.<br />
10:30 AM<br />
A Proposed Framework for Integrated Risk-Informed Performance-Based<br />
Regulation for Nuclear Power Plants<br />
James K. Liming <strong>and</strong> David H. Johnson (a), C. Richard Grantom (b)<br />
a) ABSG Consulting Inc. (ABS Consulting), Irvine, CA, b) STP Nuclear Operating Company, Wadsworth,<br />
TX<br />
This paper summarizes a refreshed perspective on a proposed integrated risk-informed<br />
performance-based regulatory framework via the application of probabilistic safety assessment<br />
(PSA). This perspective is refreshed, in that it is based on the considerable<br />
industry experience gained during the last decade in the implementation of important<br />
risk-informed applications (e.g., risk-managed technical specifications (RMTS), riskinformed<br />
surveillance frequency control programs (RI-SFCPs), risk-informed in-service<br />
testing programs (RI-IST), risk-informed in-service inspection (RI-ISI) programs,<br />
risk-informed graded quality assurance (RI-GQA) programs, etc.) <strong>and</strong> in the area of<br />
PSA st<strong>and</strong>ards development <strong>and</strong> implementation. The focus of this paper is to provide<br />
an integrated framework of proposed practical safety management metrics that can<br />
be effectively <strong>and</strong> efficiently applied in the regulation of commercial nuclear power<br />
plant design, construction, operation, maintenance, <strong>and</strong> decommissioning. The scope<br />
of the discussion in this paper includes treatment of conventional deterministic safety<br />
criteria as well as probabilistic risk criteria. The paper addresses both qualitative <strong>and</strong><br />
quantitative aspects relating to this proposed regulatory framework.<br />
10:55 AM<br />
Interpretation <strong>and</strong> Evaluation of the TS Criteria – Development<br />
of a Guidance Document<br />
Ola Bäckström, Anna Häggström <strong>and</strong> Anders Olsson<br />
Sc<strong>and</strong>power - Lloyd’s Register, Stockholm, Sweden<br />
A nuclear power plant’s Technical Specifications (TS) define the limits <strong>and</strong> conditions<br />
for plant operation. The original TS were based on deterministic analyses <strong>and</strong> engineering<br />
judgments, but as the Probabilistic Safety Assessment (PSA) has developed it<br />
has shown to constitute a useful tool for evaluating many aspects of the TS from a risk<br />
point of view. The US NRC has fully adopted a risk informed decision process, in which<br />
PSA plays an important role. In the Nordic countries the use of risk informed methods<br />
has been discussed since the early nineties, but on the whole the methods have only<br />
been applied on a case by case basis.<br />
It is however expected that the use of risk informed decision making will increase significantly<br />
in the coming years with on-going modernization <strong>and</strong> power uprate projects,<br />
which require TS to be updated. Within a co-operation project between Nordic Nuclear<br />
Safety Research (NKS) <strong>and</strong> the Nordic PSA Group (NPSAG) the different aspects that<br />
must be taken into account in a risk based evaluation process of TS changes have<br />
been studied. The aim has been to produce a guidance document covering the most<br />
important issues to consider, but not to point out a single method as the only acceptable<br />
one.<br />
11:20 AM<br />
Fleet Wide Pursuit of Risk-Informed Initiative 5B - Surveillance<br />
Frequency Control Program (SFCP) at Exelon Nuclear<br />
Stations<br />
Philip Tarpinian (a), Glenn Stewart (b), Victoria Warren (c)<br />
a) Exelon Nuclear, Limerick Generating Station, Pottstown, PA, b) Exelon Nuclear, Licensing & Regulatory<br />
Affairs, Kennett Square, PA, c) ERIN Engineering <strong>and</strong> Research, Inc., West Chester, PA<br />
Exelon Nuclear’s Limerick Generating Station (LGS) became the first plant to receive<br />
Nuclear Regulatory Commission (NRC) approval in September of 2006 to control its<br />
own surveillance test intervals via a Surveillance Frequency Control Program (SFCP).<br />
Exelon is now pursuing a fleet wide strategic initiative to implement the SFCP at its<br />
other nine (9) nuclear stations utilizing the regulatory framework established by the<br />
NRC. Exelon submitted license amendment requests (LARs) to the NRC for these<br />
nine stations in the 2009 <strong>and</strong> early 2010 timeframe. These LARs utilize Technical<br />
Specification Task Force (TSTF) traveler TSTF-425, “Relocate Surveillance Frequencies<br />
to Licensee Control - RITSTF Initiative 5b” that was subsequently developed<br />
based on the LGS pilot <strong>and</strong> NEI methodology <strong>and</strong> was approved by the NRC. The<br />
NRC granted approval to Exelon’s Peach Bottom Atomic Power Station in August of<br />
2010, Oyster Creek Generating Station in September of 2010 <strong>and</strong> Three Mile Isl<strong>and</strong><br />
Nuclear Station in January 2011. Exelon expects to receive approval from the NRC<br />
for the balance of its nuclear stations by early 2011. Implementation of the SFCP occurs<br />
within the timeframe approved by the NRC as specified in each site’s respective<br />
license amendment request (LAR) <strong>and</strong> is typically sixty (60) or one hundred twenty<br />
(120) days. Implementation of the SFCP at all Exelon sites is expected to be completed<br />
by the mid 2011. Exelon will be adapting the SFCP process <strong>and</strong> procedures initially<br />
developed for Limerick to apply toward its entire nuclear fleet by the end of 2011. In the<br />
interim, sites are implementing the SFCP on a site-specific basis. This paper is sequel<br />
to a topical paper presented by Philip Tarpinian et al, titled “Implementation of a Risk-<br />
Informed Surveillance Frequency Control Program - A PRA Perspective” (Reference<br />
1) at ANS PSA 2008 conference.
Session Chair: Steve Farminham<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 10:05 AM - Magnolia<br />
10:05 AM<br />
Methodology for Developing a Probabilistic Risk Assessment<br />
Model of Spacecraft Rendezvous <strong>and</strong> Dockings<br />
Steven J. Farnham II <strong>and</strong> Warren C. Grant (a), Michael G. Lutomski (b)<br />
a) ARES Corporation, League City, TX, b) NASA-JSC<br />
In 2007 NASA was preparing to send two new visiting vehicles carrying logistics <strong>and</strong><br />
propellant to the International Space Station (ISS). These new vehicles were the European<br />
Space Agency’s (ESA) Automated Transfer Vehicle (ATV), the Jules Verne,<br />
<strong>and</strong> the Japanese Aerospace <strong>and</strong> Explorations Agency’s (JAXA) H-II Transfer Vehicle<br />
(HTV). The ISS Program wanted to quantify the increased risk to the ISS from these<br />
visiting vehicles. At the time only the Shuttle, the Soyuz, <strong>and</strong> the Progress vehicles<br />
rendezvoused <strong>and</strong> docked to the ISS. The increased risk to the ISS was from a potential<br />
catastrophic collision during the rendezvous <strong>and</strong> the docking or berthing of<br />
the spacecrafts to the ISS. A universal method of evaluating the risk of rendezvous<br />
<strong>and</strong> docking or berthing was created by the ISS’s Risk Team to accommodate the<br />
increasing number of different spacecrafts, as well as the future arrival of commercial<br />
spacecraft, <strong>and</strong> the increasing number of rendezvous <strong>and</strong> docking or berthing operations.<br />
Before the first docking attempt of ESA’s ATV <strong>and</strong> JAXA’s HTV to the ISS, a<br />
probabilistic risk model was developed to quantitatively calculate the risk of collision<br />
between each spacecraft <strong>and</strong> the ISS. Building on ATV’s rendezvous <strong>and</strong> docking<br />
risk model, probabilistic risk models for Soyuz <strong>and</strong> Progress were developed. These<br />
5 rendezvous <strong>and</strong> docking models have been used to build <strong>and</strong> refine the methodology<br />
for rendezvous <strong>and</strong> docking of spacecrafts. This risk modeling methodology will<br />
be NASA’s basis for evaluating future spacecrafts’ hazards including the SpaceX’s<br />
Dragon, Orbital Science’s Cygnus, <strong>and</strong> NASA’s own Orion spacecraft. This paper will<br />
describe the methodology for developing a visiting vehicle risk model.<br />
Space/Aircraft PSA<br />
10:30 AM<br />
Comm<strong>and</strong> Process Modeling for Safety during Operations<br />
Leila Meshkat<br />
California Institute of Technology - Jet Propulsion Laboratory, Pasadena, CA<br />
The design of the comm<strong>and</strong> generation process for the spacecraft during operations<br />
often occurs long before launch. The different phases of the spacecraft lifecycle during<br />
design, development <strong>and</strong> operations <strong>and</strong> the applicable comm<strong>and</strong> products for each<br />
phase are considered <strong>and</strong> the process needed for the development of these comm<strong>and</strong>s<br />
are then designed <strong>and</strong> documented.<br />
A comm<strong>and</strong> error is when the comm<strong>and</strong>s sent do not match the operator intent. Examples<br />
include sending the wrong comm<strong>and</strong>, sending the right comm<strong>and</strong> twice, incorrect<br />
parameter settings, <strong>and</strong> sequence errors. Root causes include transcription errors,<br />
inadvertently selecting the wrong comm<strong>and</strong> because the names are non-intuitive, failing<br />
to notice an error caught by an automated checker, lax execution of processes,<br />
incomplete awareness of the spacecraft state, <strong>and</strong> operations complexity.<br />
Although current processes catch 99.5% of all comm<strong>and</strong> errors, they account for an<br />
alarming fraction of spacecraft anomalies <strong>and</strong> near misses. This paper explains an approach<br />
for more explicitly considering the trades involved during the design of the comm<strong>and</strong><br />
processes, in terms of risk <strong>and</strong> cost, in order to reduce comm<strong>and</strong>ing errors. The<br />
thesis is that this approach helps to reduce the comm<strong>and</strong>ing errors without increasing<br />
the costs associated with the comm<strong>and</strong> generation process. (Presentation Only)<br />
67
68<br />
Session Chair: Andrea Maioli<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 10:05 AM - Salon A<br />
10:05 AM<br />
Study on Seismic PSA for A BWR in Shutdown State<br />
Masahide Nishio <strong>and</strong> Haruo Fujimoto<br />
Japan Nuclear Energy Safety Organization, Tokyo, Japan<br />
A seismic PSA was performed for a BWR4 plant in shutdown state, assuming that it<br />
is located in relatively high earthquake ground motion site. During periodic inspection,<br />
core decay heat decreases with time <strong>and</strong> reactor system configuration changes in<br />
accordance with maintenance work. Taking into consideration plant thermal-hydraulic<br />
situation <strong>and</strong> system configuration, periodic inspection period was divided into 6 plant<br />
operating states (POS). Earthquake-induced initiating events in shutdown state were<br />
selected for analysis. They were listed in the order of the extent of severity on core<br />
damage <strong>and</strong> their occurrence probability was calculated using hierarchy tree model.<br />
Seismic shutdown PSA models were constructed <strong>and</strong> accident sequence analysis<br />
was performed for each POS. As a result, the characteristics of core damage frequency<br />
such as dominant accident sequences, core damage probability per seismic<br />
acceleration, contributing factors to core damage frequency <strong>and</strong> important components<br />
with high FV importance were obtained. Comparison of core damage frequency<br />
between in shutdown state <strong>and</strong> in full power operation was performed, considering<br />
duration time of periodic inspection <strong>and</strong> full power operation in a year. Core damage<br />
frequency in periodic inspection was shown to be smaller enough than that in full<br />
power operation.<br />
10:30 AM<br />
Human Reliability Modeling in the Kernkraftwerk Mühleberg<br />
Seismic PSA<br />
R.F. Kirchner (a), E.T. Burns <strong>and</strong> V.M. Andersen (b), O. Zuchuat <strong>and</strong> Y.<br />
Bayraktarli (c)<br />
a) RFK Dynamics, Inc., Niskayuna NY, b) ERIN Engineering <strong>and</strong> Research, Inc., Campbell, CA, c) BKW<br />
FMB Energie AG, Mühleberg, Switzerl<strong>and</strong><br />
The modeling of human interactions (HI) in a Seismic Probabilistic Safety Assessment<br />
(SPSA) is more difficult than in other types of PSA models because seismic events<br />
involve additional performance shaping factor considerations. Factors such as the<br />
magnitude of the seismic event, timeframe for actions, <strong>and</strong> location of actions all must<br />
be considered in operator reliability modeling. A seismic impact matrix method was<br />
developed for the Kernkraftwerk Mühleberg (KKM) SPSA in order to realistically model<br />
operating crew performance in seismic event response. In addition, the seismic fragility<br />
of support structures that could impact operators was also considered. This paper<br />
describes the method developed for the KKM SPSA Human Reliability Assessment<br />
(HRA) including seismic performance shaping factors <strong>and</strong> quantification of related<br />
impacts.<br />
Seismic PSA - 4<br />
10:55 AM<br />
A Procedure for The Computation of Seismic Fragility Of NPP<br />
Buildings with Base Isolation<br />
G. Bianchi, M. Domaneschi, D.C. Mantegazza <strong>and</strong> F. Perotti (a), L. Corradi<br />
dell’Acqua (b)<br />
a) Department of Structural Engineering, Politecnico di Milano, Milan, Italy, b) Energy Department, Politecnico<br />
di Milano, Milan, Italy<br />
The research work here described is devoted to the development <strong>and</strong> testing of a numerical<br />
procedure for the computation of seismic fragilities for equipment <strong>and</strong> structural<br />
components in Nuclear Power Plants (NPP). Given the very low damage probabilities<br />
which are required in modern nuclear industry, attention is focused on the comparison<br />
between the performance of traditional <strong>and</strong> seismically isolated buildings. The procedure<br />
is based on the hypothesis, typical of nuclear structures, of linear behaviour of the<br />
building in the traditional case; the behaviour of isolation devices, on the other h<strong>and</strong>, is<br />
modelled taking mechanical non-linearities into account. The proposed procedure for<br />
fragility computation makes use of the Response Surface (RS) Methodology to model<br />
the influence of the r<strong>and</strong>om variables on the dynamic response. To account for stochastic<br />
loading the latter is computed by means of a simulation procedure. Given the<br />
RS, the Monte Carlo method is used to compute the failure probability; a risk-based<br />
procedure for refining the RS is also proposed <strong>and</strong> tested in an illustrative example.<br />
For the isolated case, an overall experimental/numerical methodology for fragility assessment<br />
is summarized <strong>and</strong> an example of fragility estimation is finally shown.<br />
11:20 AM<br />
Seismic PSA in Germany<br />
Ralf Obenl<strong>and</strong>, Holger Ulrich, Theodor Bloem, Wolfgang Tietsch<br />
Westinghouse Electric Germany GmbH, Mannheim, Germany<br />
The German regulatory guide for nuclear power plants dem<strong>and</strong>s plant specific Probabilistic<br />
Safety Analyses (PSA) including External Events. In 2005, a new Methodology<br />
Guideline (Methodenb<strong>and</strong>) based on the current state of science <strong>and</strong> technology was<br />
released to provide the analyst with a set of suitable tools <strong>and</strong> methodologies for the<br />
analysis of all PSA events. In the case of earthquakes a staggered procedure is suggested<br />
which requires a probabilistic analysis only for those nuclear power plants with<br />
an intensity for the design basis earthquake above IDBE > 6. For earthquake intensities<br />
IDBE between 6 <strong>and</strong> 7, a reduced analysis is possible. For earthquake intensities<br />
IDBE above 7, a full scope analysis is m<strong>and</strong>atory.<br />
In Germany the seismic hazard curve is determined as a function of the intensity of<br />
the earthquakes. Compared to a procedure suggested in the Methodenb<strong>and</strong>, a more<br />
realistic procedure to implement the hazard curve in a seismic PSA by using realistic<br />
site specific response spectra is presented, as well as the procedure to consider these<br />
spectra in the fragility analysis. Also an approach for the reduced analysis will be presented.<br />
Additionally, experiences from performed seismic PSA are discussed.
Session Chair: Jim Chapman<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 10:05 AM - Salon B<br />
10:05 AM<br />
U.S. NRC Confirmatory Level 1 PRA Success Criteria Activities<br />
Donald Helton <strong>and</strong> Hossein Esmaili (a), Robert Buell (b)<br />
a) U.S. Nuclear Regulatory Commission, Washington, DC, b) Idaho National Laboratory, Idaho Falls, ID<br />
The U.S. Nuclear Regulatory Commission’s st<strong>and</strong>ardized plant analysis risk (SPAR)<br />
models are used to support a number of risk-informed initiatives. The fidelity <strong>and</strong> realism<br />
of these models are ensured through a number of processes including crosscomparison<br />
with industry models, review <strong>and</strong> use by a wide range of technical experts,<br />
<strong>and</strong> confirmatory analysis. This paper will describe a key activity in the latter arena.<br />
Specifically, this paper will describe MELCOR analyses performed to augment the<br />
technical basis for confirming or modifying specific success criteria of interest. The<br />
analyses that will be summarized provide the basis for confirming or changing success<br />
criteria in a specific 3-loop pressurized-water reactor <strong>and</strong> a Mark-I boiling-water<br />
reactor. Initiators that have been analyzed include loss-of-coolant accidents, loss of<br />
main feedwater, spontaneous steam generator tube rupture, inadvertent opening of a<br />
relief valve at power, <strong>and</strong> station blackout. For each initiator, specific aspects of the<br />
accident evolution are investigated via a targeted set of calculations (3 to 22 distinct<br />
accident analyses per initiator). Further evaluation is ongoing to extend the analyses’<br />
conclusions to similar plants (where appropriate), with consideration of design <strong>and</strong><br />
modeling differences on a scenario-by-scenario basis. This paper will also describe<br />
future plans.<br />
10:30 AM<br />
Peer Review of NRC St<strong>and</strong>ardized Plant Analysis Risk Models<br />
James Knudsen, Robert Buell, John Schroeder, Anthony Koonce (a), Pete<br />
Appignani (b)<br />
a) Idaho National Laboratory, Idaho Falls, Idaho, b) U.S. Nuclear Regulatory Commission, Washington,<br />
DC<br />
The Nuclear Regulatory Commission (NRC) St<strong>and</strong>ardized Plant Analysis Risk (SPAR)<br />
Models underwent a Peer Review using ASME PRA st<strong>and</strong>ard (Addendum C) as endorsed<br />
by NRC in Regulatory Guide (RG) 1.200. The review was performed by a mix<br />
of industry probabilistic risk analysis (PRA) experts <strong>and</strong> NRC PRA experts. Representative<br />
SPAR models, one PWR <strong>and</strong> one BWR, were reviewed against Capability Category<br />
I of the ASME PRA st<strong>and</strong>ard. Capability Category I was selected as the basis<br />
for review due to the specific uses/applications of the SPAR models. The BWR SPAR<br />
model was reviewed against 331 ASME PRA St<strong>and</strong>ard Supporting Requirements;<br />
however, based on the Capability Category I level of review <strong>and</strong> the absence of internal<br />
flooding <strong>and</strong> containment performance (LERF) logic only 216 requirements were<br />
determined to be applicable. Based on the review, the BWR SPAR model met 139 of<br />
the 216 supporting requirements. The review also generated 200 findings or suggestions.<br />
Of these 200 findings <strong>and</strong> suggestions 142 were findings <strong>and</strong> 58 were suggestions.<br />
The PWR SPAR model was also evaluated against the same 331 ASME PRA<br />
St<strong>and</strong>ard Supporting Requirements. Of these requirements only 215 were deemed<br />
appropriate for the review (for the same reason as noted for the BWR). The PWR review<br />
determined that 125 of the 215 supporting requirements met Capability Category<br />
I or greater. The review identified 101 findings or suggestions (76 findings <strong>and</strong> 25<br />
suggestions). These findings or suggestions were developed to identify areas where<br />
SPAR models could be enhanced. A process to prioritize <strong>and</strong> incorporate the findings/<br />
suggestions supporting requirements into the SPAR models is being developed. The<br />
prioritization process focuses on those findings that will enhance the accuracy, completeness<br />
<strong>and</strong> usability of the SPAR models.<br />
PSA St<strong>and</strong>ards - 2<br />
10:55 AM<br />
Potential Enhancements to the PRA Peer Review Process<br />
Edward T. Burns (a), Gregory A. Krueger (b), Barry D. Sloane, Donald E.<br />
Vanover (c)<br />
a) ERIN Engineering <strong>and</strong> Research, Inc., Campbell, CA, b) Exelon Nuclear, KSA 2-N Kennett Square, PA,<br />
c) ERIN Engineering <strong>and</strong> Research, Inc., West Chester, PA<br />
A common industry PRA peer review process has been in use in the US for the past<br />
decade for internal events at-power PRAs. This method of PRA model review began<br />
with the process originally developed by the BWR Owners Group (BWROG) <strong>and</strong> subsequently<br />
documented in Nuclear Energy Institute (NEI) report NEI 00-02, <strong>and</strong> has<br />
evolved slightly to the current process, documented in NEI 05-04 [Ref. 1]. At the same<br />
time, the criteria against which a PRA is assessed during a peer review have become<br />
more codified (i.e., via the ASME/ANS PRA St<strong>and</strong>ard, which provides limited guidance<br />
in application of the criteria), <strong>and</strong> the pool of PRA practitioners being called upon to<br />
participate in peer reviews has become broader, bringing in reviewers less familiar with<br />
the mechanics of a successful peer review.<br />
This paper identifies an alternative focus to that defined in NEI 05-04. This alternative<br />
focus places a greater emphasis during the peer review week (<strong>and</strong> preparation) on the<br />
PRA results <strong>and</strong> quantification process as the appropriate means to focus the team’s<br />
attention on the plant specific details that are of importance in the determination of<br />
PRA technical capability. The objective is to maintain the team’s focus on technical<br />
adequacy of the PRA in areas critical to the development of insights <strong>and</strong> calculation<br />
of risk metrics, while still addressing the scope of PRA technical requirements defined<br />
in the PRA St<strong>and</strong>ard. The review team’s deeper underst<strong>and</strong>ing of the whole PRA then<br />
provides a more insightful perspective for delving into each PRA technical element in<br />
a manner that highlights the critical aspects of the PRA element.<br />
69
70<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 10:05 AM - Carolina<br />
Panel - Joint EPRI/NRC-RES Fire HRA Guidelines<br />
Session Chair: Susan Cooper<br />
10:05 AM<br />
Updates to EPRI/NRC-RES Fire HRA Guidelines<br />
Susan E. Cooper <strong>and</strong> Kendra Hill (a), Stuart Lewis (b), Jeffrey A. Julius, Jan<br />
Grobbelaar, <strong>and</strong> Kaydee Kohlhepp (c), John Forester <strong>and</strong> Stacey Hendrickson<br />
(d), Bill Hannaman <strong>and</strong> Erin Collins (e), <strong>and</strong> Mary R. Presley (f)<br />
a) U.S. Nuclear Regulatory Commission, Washington, DC, b) Electric Power Research Institute, Knoxville<br />
TN, c) Scientech, Tukwila, WA, d) S<strong>and</strong>ia National Laboratory, Albuquerque, NM, e) Science Applications<br />
International Corporation, Campbell, CA, f) ARES Corporation, Albuquerque, NM<br />
Over the past several years, the nuclear power plant (NPP) fire protection community<br />
in the United States <strong>and</strong> overseas has been transitioning towards risk-informed<br />
<strong>and</strong> performance-based (RI/PB) practice in design, operation <strong>and</strong> regulation. In order<br />
to make more realistic decisions for risk-informed regulation, fire probabilistic risk<br />
analysis (PRA) methods needed to be improved. To address this need, in 2001, the<br />
NRC Office of Nuclear Regulatory Research (RES) <strong>and</strong> Electric Power Research Institute<br />
(EPRI) collaborated under a joint Memor<strong>and</strong>um of Underst<strong>and</strong>ing (MOU), to<br />
develop NUREG/CR-6850 (EPRI101989), “EPRI/NRC-RES Fire PRA Methodology<br />
for Nuclear Power Facilities,” a state-of-art Fire PRA methodology. The fire human reliability<br />
analysis (HRA) guidance provided in NUREG/CR-6850 included: 1) a process<br />
for identification <strong>and</strong> inclusion of the human failure events (HFEs), 2) a methodology<br />
for assigning quantitative screening values to these HFEs, <strong>and</strong> 3) initial considerations<br />
of performance shaping factors (PSFs) <strong>and</strong> related fire effects that might need to be<br />
addressed in developing best-estimate human error probabilities (HEPs). However,<br />
NUREG/CR-6850 did not identify or produce a methodology to develop these bestestimate<br />
HEPs given the PSFs <strong>and</strong> the fire-related effects.<br />
In 2007, EPRI <strong>and</strong> RES embarked upon another cooperative project to develop explicit<br />
guidance for estimating HEPs for human error events under fire generated conditions,<br />
building on existing HRA methods. It is anticipated that such guidance will be<br />
used by the industry as part of transition to the risk-informed, performance-based fire<br />
protection rule, 10CFR50.48c, which endorsed National Fire Protection Association<br />
(NFPA) 805, “Performance-Based St<strong>and</strong>ard for Fire Protection for Light Water Reactor<br />
Electric Generating Plants” <strong>and</strong> possibly in response to other regulatory issues<br />
such as multiple spurious operation (MSO) <strong>and</strong> operator manual actions (OMAs). As<br />
the methodology is applied at a wide variety of NPPs, the guidance may benefit from<br />
future improvements to better support industry-wide issues being addressed by fire<br />
PRAs.<br />
The collaborative project produced a draft report for public comment, “EPRI/NRC-RES<br />
Fire Human Reliability Analysis Guidelines,” (NUREG-1921, EPRI TR 1019196). The<br />
draft guidelines address the range of fire procedures used in existing plants, the range<br />
of strategies for main control room (MCR) ab<strong>and</strong>onment, <strong>and</strong> the potential impact<br />
of fire-induced electrical spurious actuation effects on crew performance. The draft<br />
guidelines also present a three tiered, progressive approach for fire HRA quantification.<br />
The quantification approaches included are: a screening approach per NUREG/<br />
CR-6850 guidance (modified somewhat to clarify certain aspects <strong>and</strong> to account for<br />
long-term events), a scoping approach, <strong>and</strong> detailed quantification using either EPRI’s<br />
Cause Based Decision Tree (CBDT) <strong>and</strong> HCR/ORE or the NRC’s ATHEANA approach<br />
with modifications to account for fire effects.<br />
In the spring of 2010, the joint EPRI/NRC-RES team received public comments on the<br />
draft guidelines. These comments were reviewed by the team <strong>and</strong> are currently being<br />
addressed. (Presentation Only)<br />
10:30 AM<br />
Lessons Learned During Recent Application of Draft EPRI/<br />
NRC Fire HRA Guidelines<br />
Jeffrey A. Julius, Jan F. Grobbelaar, <strong>and</strong> Kaydee Kohlhepp<br />
Scientech<br />
The fire human reliability analysis (HRA) guidelines [1] developed jointly by the Electric<br />
Power Research Institute (EPRI) <strong>and</strong> the U.S. Nuclear Regulatory Commission<br />
(NRC) are intended to provide methodology as well as guidance for identifying, modeling<br />
<strong>and</strong> quantifying human failure events under post-fire conditions. The methodology<br />
includes qualitative analysis <strong>and</strong> three tiers of quantification. The three tiers of quantification<br />
consist of a screening level similar to that presented in NUREG/CR-6850 [2],<br />
a new scoping fire HRA quantification approach, <strong>and</strong> two detailed HRA quantification<br />
approaches. This presentation discusses examples of the practical application of the<br />
EPRI/NRC Fire HRA Guidelines to recent Fire PRA/HRA projects <strong>and</strong> the associated<br />
insights. (Presentation Only)<br />
10:55 AM<br />
Lessons Learned from Fire HRA Applications<br />
Erin P. Collins, Pierre Macheret, Paul Amico, <strong>and</strong> G. William Hannaman<br />
SAIC<br />
The fire human reliability analysis (HRA) guidelines developed jointly by the Electric<br />
Power Research Institute (EPRI) <strong>and</strong> the U.S. Nuclear Regulatory Commission (NRC)<br />
are intended as explicit guidance for identifying, modeling <strong>and</strong> quantifying human failure<br />
events under fire-generated conditions. A three tiered approach to quantification<br />
is offered including a screening level similar to that presented in NUREG/CR-6850, a<br />
new scoping fire HRA quantification approach, <strong>and</strong> two detailed HRA quantification<br />
approaches. This presentation discusses examples based on the application of the<br />
EPRI/NRC Fire HRA Guidelines to recent Fire PRA/HRA <strong>and</strong> NFPA 805 transition<br />
projects <strong>and</strong> the insights gained from this experience.. (Presentation Only)<br />
11:20 AM<br />
Panel Discussion: Draft EPRI/NRC Fire HRA Guidelines<br />
Following the presentations, there will be an discussion of current technical issues <strong>and</strong><br />
potential treatment, to include methodology, guidance, <strong>and</strong> other aspects related to<br />
implementation in a fire PRA supporting a plant transitioning to NFPA-805.
John Yoshinari<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 11:45 AM - Cape Fear Ballroom<br />
Student Awards Luncheon<br />
Chief Operating Officer (COO), Hitachi-GE Nuclear Energy, Ltd.<br />
Mr. John Yoshinari, Chief Operating Officer, Hitachi-GE Nuclear Energy Ltd, is responsible for<br />
its US nuclear business. John has been in the current position since the GE Hitachi Nuclear<br />
Alliance formed in 2007.<br />
Prior to joining the GE Hitachi Alliance as COO, John experience includes the Japanese fast<br />
reactor programs including the Prototype Fast Reactor MONJU <strong>and</strong> the Demonstration Fast<br />
Breeder Reactor (FBR). In addition, he has extensive knowledge of the Advanced Boiling<br />
Water Reactors (ABWR) including the design of Shika 2 <strong>and</strong> Shimane 3 <strong>and</strong> extensive<br />
background in the digitization of design information. Outside of the FBR <strong>and</strong> ABWR reactor<br />
programs, John’s background includes the nuclear fuel cycle including fuel reprocessing in<br />
Japan.<br />
John holds the BS degree in Mechanical Engineering from The University of Tokyo <strong>and</strong> MS<br />
degree in Management Science from A. P. Sloan School of Massachusetts Institute of Technology.<br />
With his US assignment, he currently resides in New Jersey.<br />
71
72<br />
Session Chair: Gareth Parry<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 1:30 PM - Azelea<br />
1:30 PM<br />
Common Cause Failure Modeling Using Probabilistic Physics-<br />
Of-Failure (POF) Analysis: A Mechanistic Approach<br />
Zahra Mohaghegh <strong>and</strong> Mohammad Modarres<br />
Center for Risk <strong>and</strong> Reliability, University of Maryl<strong>and</strong>, College Park, MD<br />
One of the most important topics in Probabilistic Risk Assessment (PRA) is modeling<br />
dependent failures. In general, dependent failures are defined as events in which<br />
the probability of each failure depends on the occurrence of other failures. The major<br />
causes of dependence among a set of systems or components can be explicitly<br />
modeled using system reliability methods (e.g. fault trees). Other dependent failures,<br />
where root causes are not known or are difficult to model explicitly in the system or<br />
component reliability analysis, are called Common Cause Failures (CCFs). Currently,<br />
CCFs are treated using parametric modeling based on historical common cause<br />
events.<br />
This research leads to a shift of paradigm in the assessment of CCFs <strong>and</strong> seeks to<br />
model such events utilizing the underlying phenomena of failure, called the Probabilistic<br />
Physics-Of-Failure (POF) analysis. For this, we propose a methodology for the integration<br />
of POF models into PRA frameworks in a way that is capable of depicting the<br />
interactions of physical failure mechanisms <strong>and</strong>, ultimately, the dependencies between<br />
the component failures. The proposed steps of this methodology can be summarized<br />
as follows: 1. Modeling the deterministic phenomena of failures (at the material-level)<br />
due to the interactions of two failure mechanisms. A mechanistic approach (i.e. based<br />
on semi-empirical models of failure mechanisms) is suggested in this paper. 2. Developing<br />
advanced uncertainty characterization <strong>and</strong> propagation methods (probabilistic<br />
assessment of model errors, aleatory <strong>and</strong> epistemic uncertainty modeling considering<br />
the dynamic interactions of diverse equations <strong>and</strong> a large number of parameters) <strong>and</strong><br />
Bayesian updating to make the deterministic POF models (developed in step 1) probabilistic<br />
<strong>and</strong> ready to be linked to the PRA frameworks. 3. Exp<strong>and</strong>ing material-level<br />
probabilistic POF models to the component-level in order to create physics-based<br />
CCF models 4.Developing appropriate modeling techniques to link the physics-based<br />
CCF models (at the component-level) to the system-level PRA.<br />
The potential applications of this research include the abilities to (a) incorporate operational<br />
<strong>and</strong> environmental conditions in hardware failure models, (b) model aging<br />
<strong>and</strong> degradation processes, (c) model CFFs in PRAs of operating plants , (d) model<br />
CCFs in PRAs of plants at design level, (e) use retrospective assessments intended<br />
to estimate the risk significance of single or multiple equipment failures (degradation)<br />
accompanied by a deficiency in design, operating conditions, <strong>and</strong>/or a process<br />
such as maintenance scheduling (the so-called Significant Determination Process by<br />
Nuclear Regulator Commission (NRC) inspectors), (f) schedule accurate maintenance<br />
intervals based on more precise estimates of time to failure (<strong>and</strong>, ultimately, reduce<br />
maintenance costs) , (g) facilitate the connection between POF models <strong>and</strong> CCF models<br />
<strong>and</strong> the harsh post-accident environment in a nuclear power plant (using common<br />
physical variables) , (h) extend the notion of dependence beyond identical redundant<br />
components <strong>and</strong> into diverse components <strong>and</strong> applications. This research also forms<br />
a good basis for passive system reliability for advanced reactor concepts. (Presentation<br />
Only)<br />
1:55 PM<br />
A Stochastic Transition Model for Evaluating fhe Effects of<br />
Common Cause Failure Events on System Reliability<br />
Dae-Wook Chung<br />
Korea Institute of Nuclear Safety (KINS), Taejon, Republic of Korea<br />
A stochastic transition model is developed to evaluate the effects of common cause<br />
events on system reliability. It is assumed in this study that there are several common<br />
cause events which occur in sequence <strong>and</strong> affect system reliability individually <strong>and</strong><br />
independently <strong>and</strong> each common cause event has its own probability of occurrence<br />
<strong>and</strong> probability of component failure. The changes in system states (i.e., number of<br />
failed components) due to common cause events are modeled using finite Markov<br />
chain theory. The inter-arrival times between common cause events are determined<br />
using Poisson process. For every common cause event, the transition probabilities<br />
between system states are derived using Bernoulli process considering both the common<br />
cause <strong>and</strong> independent cause of component failure. By applying the transition<br />
probabilities, Markov transition matrix for each common cause event is constructed<br />
<strong>and</strong> then multiplied one by one to produce final probability distribution of system states<br />
after all common cause events hit the system. Since there is no backward transition<br />
<strong>and</strong> self-transition is dominant, our Markov transition matrix is upper triangular <strong>and</strong> diagonal<br />
dominant <strong>and</strong>, therefore, approximately commutative. Thanks to this property,<br />
the occurrence sequence of common cause events can be arranged r<strong>and</strong>omly with<br />
negligible effects on the final probability distribution. For the case that common cause<br />
events are indistinguishable, the stationary Markov transition model is developed,<br />
which assumes all common cause events have the same probability of occurrence<br />
<strong>and</strong> probability of component failure. The reliability of a redundant system consisting<br />
of three identical components is evaluated using the developed stochastic transition<br />
models which are the stationary <strong>and</strong> the non-stationary Markov transition models. The<br />
BFR model which is a special case of stationary Markov transition model with only<br />
Common Cause - 1<br />
one aggregate transition is also used for comparison. The final probability distribution<br />
of system states <strong>and</strong> corresponding system unreliability are computed. Conclusively,<br />
both the stationary <strong>and</strong> non-stationary Markov transition models produce more conservative<br />
results than the BFR model in general. It is noticeable that, for system consisting<br />
of small number (3 or 4) of components, both the stationary <strong>and</strong> non-stationary Markov<br />
transition models produce almost the same results, which implies that the stationary<br />
Markov transition model can be used in place of the non-stationary Markov transition<br />
model when data problems exist. This is not true for system having large number of<br />
components.<br />
2:20 PM<br />
Finding A Minimally Informative Dirichlet Prior Using Least<br />
Squares<br />
Dana Kelly (a), Corwin Atwood (b)<br />
a) Idaho National Laboratory, Idaho Falls, ID , b) Statwood Consulting, Silver Spring, MD<br />
Abstract In a Bayesian framework, the Dirichlet distribution is the conjugate distribution<br />
to the multinomial likelihood function, <strong>and</strong> so the analyst is required to develop a Dirichlet<br />
prior that incorporates available information. However, as it is a multiparameter<br />
distribution, choosing the Dirichlet parameters is less straightforward than choosing<br />
a prior distribution for a single parameter, such as p in the binomial distribution. In<br />
particular, one may wish to incorporate limited information into the prior, resulting in a<br />
minimally informative prior distribution that is responsive to updates with sparse data.<br />
In the case of binomial p or Poisson \lambda, the principle of maximum entropy can<br />
be employed to obtain a so-called constrained noninformative prior. However, even<br />
in the case of p, such a distribution cannot be written down in the form of a st<strong>and</strong>ard<br />
distribution (e.g., beta, gamma), <strong>and</strong> so a beta distribution is used as an approximation<br />
in the case of p. In the case of the multinomial model with parametric constraints,<br />
the approach of maximum entropy does not appear tractable. This paper presents an<br />
alternative approach, based on constrained minimization of a least-squares objective<br />
function, which leads to a minimally informative Dirichlet prior distribution. The alphafactor<br />
model for common-cause failure, which is widely used in the United States, is<br />
the motivation for this approach, <strong>and</strong> is used to illustrate the method. In this approach<br />
to modeling common-cause failure, the alpha-factors, which are the parameters in the<br />
underlying multinomial model for common-cause failure, must be estimated from data<br />
that are often quite sparse, because common-cause failures tend to be rare, especially<br />
failures of more than two or three components, <strong>and</strong> so a prior distribution that is responsive<br />
to updates with sparse data is needed.<br />
2:45 PM<br />
Adjustment of a Dirichlet Prior Distribution for Multiple Greek<br />
Letter Parameters Estimation in Bayesian Approach at EDF<br />
Thi Thuy Linh Nguyen, Christophe Bérenguer, Mitra Fouladirad (a), Anne-<br />
Marie Bonnevialle (b)<br />
a) Troyes University of Technology Institut Charles Delaunay & UMR STMR CNRS, Troyes Cedex,<br />
France, b) Department of Management of Industrial Risks, Electricité de France – R&D, Clamart Cedex,<br />
France<br />
Common cause failure (CCF) is the simultaneous failure of several components due<br />
to a shared cause. The assessment of CCF parameters deserves an important attention<br />
at EDF due to their high influence on the results of the Probabilistic Safety<br />
Analysis. Use of the classical (frequentist) approach does not permit to update the<br />
CCF parameters in case of no observed data. Bayesian approach is a suitable alternative<br />
partly because of this <strong>and</strong> it is also used as a natural way to incorporate the<br />
variety of forms of information in the estimation process. In the Bayesian inference, the<br />
analyst’s uncertainties in the parameters due to lack of knowledge are expressed via<br />
a probability distribution. In our case, the Dirichlet distribution is used as a prior distribution.<br />
The problem is how to quantify the parameters of this prior distribution based<br />
on minimal available information which is specified in term of expected value <strong>and</strong> the<br />
error factor determining by expert judgment. Using the moment matching will lead to<br />
the over-specified problem. In case of the Alpha model, to overcome this issue, Kelly<br />
<strong>and</strong> Atwood propose an approach based on the constrained noninformative (CNI) prior<br />
to build a minimally informative Dirichlet prior distribution <strong>and</strong> they use a constrained<br />
minimization of a least squares objective function. This paper investigates how this<br />
proposal can match EDF needs. A case study is presented in order to compare the<br />
performance of various estimators for the Multiple Greek Letter model.
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 1:30 PM - Camellia/Dogwood<br />
Risk-Informed Decision Making - 3<br />
Session Chair: Marty Sattison<br />
1:30 PM<br />
Phased Approach PSA in Support of CANDU License Renewal<br />
Paul Lawrence (a), Sugata Ganguli (b), Doug True (c), Greg Hardy (d), Kiang<br />
Zee, Barry Sloane (c), Alex<strong>and</strong>er Trifanov (b), Wen Tong (d), Thomas Daniels,<br />
Steven Mays (c)<br />
a) Ontario Power Generation, b) Kinectrics, Inc., c) ERIN Engineering <strong>and</strong> Research, Inc., d) SGH, Inc.<br />
In support of the license renewal requirements for its Darlington Nuclear Generating<br />
Station (DNGS), Ontario Power Generation (OPG) has embarked on development of<br />
broad scope Level 1 <strong>and</strong> 2 probabilistic safety assessment (PSA) to meet the requirements<br />
of Canadian Nuclear Safety Commission (CNSC) regulatory st<strong>and</strong>ard S-294.<br />
The DNGS PSA will ultimately address: Internal events at power, Internal events at<br />
shutdown, Internal fires, Internal floods, Seismic events, Other pertinent events.<br />
Darlington is a four-unit CANDU plant, <strong>and</strong> this is the first application of PSA to address<br />
a broad set of hazards at a multi-unit CANDU station. In developing the PSAs<br />
for the set of “complicated” spatial hazards, i.e., internal fire, internal flood, <strong>and</strong> seismic<br />
events, OPG <strong>and</strong> their PSA services consultants (Kinectrics-ERIN-SGH) have<br />
adopted a “phased approach”, which entails performing a screening PSA phase <strong>and</strong><br />
a more refined PSA phase to establish the extent to which a final comprehensive PSA<br />
phase may be needed. The phased approach is equivalent to the traditional PSA development<br />
approach, but is implemented in steps of increasing detail using the design<br />
specifics of the Darlington station to optimize the screening process <strong>and</strong> focus efforts<br />
on the most risk-significant areas. Existing guidance (e.g., NUREG/CR-6850, IAEA<br />
SSG-3) recognizes that development of any “hazard”-PSA always involves some degree<br />
of initial screening <strong>and</strong> gradual addition of detail. At the outset, there is significant<br />
uncertainty in the analysis <strong>and</strong> potentially large associated development cost. Committing<br />
to an “all-inclusive” PSA requires resources not always justified by the benefits.<br />
This is particularly the case for the latest multi-unit C<strong>and</strong>u designs, which include<br />
unique design feature such as physically separated <strong>and</strong> diverse grouping (Group 1 -<br />
Group 2) of safety systems, which are further separated into odd <strong>and</strong> even divisions.<br />
These features provide the opportunity to apply the graded process for increasing the<br />
level of analysis detail based on insights <strong>and</strong> risk significance of contributors.<br />
Three phases have been defined for each hazard: Phase 1 – Screening PSA (or PSAbased<br />
Seismic Margin Assessment for seismic risk); initial focus is on “pinch points”<br />
where both Group 1 <strong>and</strong> Group 2 safety features are affected by the hazard. Phase<br />
2 – Refined PSA; where needed, build on the Phase 1 results <strong>and</strong> insights to further<br />
develop PSA models for important contributors <strong>and</strong> to reflect additional detail for<br />
potential interactions between Groups or divisions. Phase 3 – Comprehensive PSA;<br />
continue PSA development to the degree desired to support risk-informed decisionmaking<br />
for the plant. The concept is to systematically identify <strong>and</strong> address the key risk<br />
contributors in a manner that is cost-effective, timely, <strong>and</strong> acceptable to CNSC. In all<br />
cases, appropriate technical bases <strong>and</strong> methods are applied; the difference among<br />
the phases is in the degree to which simplifying assumptions are employed to reduce<br />
time <strong>and</strong> resources to develop the PSA. A hazard or contributor is evaluated to the<br />
degree necessary to support acceptance by CNSC <strong>and</strong> the degree of operational<br />
decision-making needed by OPG. This proactive methodology, as applied by an experienced<br />
PSA team, has provided the following advantages to OPG in meeting its regulatory<br />
requirements for the DNGS PSA: gradual scope control based on intermediate<br />
assessment results <strong>and</strong> input from OPG <strong>and</strong> CNSC; the possibility of early CNSC<br />
acceptance <strong>and</strong>, thus, early removal of PSA-related activities from the license renewal<br />
critical path; efficient cost control by focusing on risk significant areas during transition<br />
from one phase to the next; <strong>and</strong> ability to extend the models cost-effectively to support<br />
development of operational decision-making tools if desired. This paper describes the<br />
phased approach to PSA development being applied for Darlington, <strong>and</strong> provides a<br />
summary of the experience to date in development of the seismic, internal fire, <strong>and</strong><br />
internal flood PSAs. (Presentation Only)<br />
1:55 PM<br />
A Study on Methodology for Identifying Correlations Between<br />
LERF <strong>and</strong> EF<br />
Kyungmin Kangb (b), Moosung Jae (a)<br />
a) Department of Nuclear Engineering, Hanyang University, Korea, b) Korea Institute of Nuclear Safety,<br />
Daejeon, Korea<br />
The correlations between Large Early Release Frequency (LERF) <strong>and</strong> Early Fatality<br />
need to be investigated for risk-informed application <strong>and</strong> regulation. In RG-1.174,<br />
there are decision-making criteria using the measures of CDF <strong>and</strong> LERF, while there<br />
are no specific criteria on LERF. Since there are both huge uncertainty <strong>and</strong> large cost<br />
need in off-site consequence calculation, a LERF assessment methodology need to<br />
be developed <strong>and</strong> its correlation factor needs to be identified for risk-informed decision-making.<br />
This regards, the robust method for estimating offsite consequence has<br />
been performed for assessing health effects caused by radioisotopes released from<br />
severe accidents of nuclear power plants. And also, MACCS2 code are used for validating<br />
source term quantitatively regarding health effects depending on release characteristics<br />
of radioisotopes during severe accidents has been performed. This study<br />
developed a method for identifying correlations between LERF <strong>and</strong> Early Fatality <strong>and</strong><br />
validates the results of the model using MACCS2 code. The results of this study may<br />
contribute to defining LERF <strong>and</strong> finding a measure for risk-informed regulations <strong>and</strong><br />
risk-informed decision-making.<br />
2:20 PM<br />
Risk Informed Safety Margin Characterization: Trial Application<br />
to a Loss of Feedwater Event<br />
Richard Sherry <strong>and</strong> Jeff Gabor<br />
ERIN Engineering <strong>and</strong> Research, Inc., West Chester, PA<br />
This paper presents the results of a trial application to assess safety margins using<br />
a risk informed approach. The trial application focused on a PWR loss of feedwater<br />
event with failure of AFW where feed <strong>and</strong> bleed cooling is required to prevent core<br />
damage. For this trial application the main parameters which impact core damage<br />
for the scenario were identified <strong>and</strong> distributions were constructed to represent the<br />
uncertainties associated with the parameter values. These distributions were sampled<br />
from using a Latin Hypercube Sampling technique to generate sets of sample cases to<br />
simulate using the MAAP4 code. Simulation results were evaluated to determine the<br />
safety margins relative to PRA modeling (success criteria) assumptions.<br />
2:45 PM<br />
Analysis of BWR CRDH System to Provide Supportable PRA<br />
Basis in Support of EPU Evaluation<br />
Benjamin Jessup (a), Julie Weber (b)<br />
a) ABZ, Inc., Chantilly, VA, b) Xcel Energy, Monticello, MN<br />
The Nuclear Regulatory Commission (NRC) requires Probabilistic Risk Assessment<br />
(PRA) models to have a documented methodology to support engineering judgments<br />
or assumptions made on a system’s performance. One important system in a PRA<br />
model for a Boiling Water Reactor (BWR) is the Control Rod Drive Hydraulic (CRDH)<br />
system. The CRDH system includes a complex set of pumps, pipes, <strong>and</strong> valves that<br />
provides motive force for the control rods, but can also be used to provide cooling<br />
water during emergencies. Accurately determining the flow rates <strong>and</strong> pressures under<br />
alternate system conditions to provide supportable bases for PRA calculations is difficult<br />
given the system’s complexity. To address these issues for the Extended Power<br />
Uprate (EPU) at the Monticello Nuclear Generating Plant (MNGP), a computerized<br />
fluid system model of the CRDH system was developed. First, the model was designed<br />
<strong>and</strong> validated to replicate normal operating conditions using operating log data.<br />
The validated model then allowed for evaluation of various alternate conditions by manipulating<br />
system lineups <strong>and</strong> the status of operating equipment. Fluid flow models allow<br />
efficient, reliable, <strong>and</strong> reproducible characterization of alternate system conditions,<br />
thus eliminating the time necessary for complex h<strong>and</strong> calculations while meeting PRA<br />
requirements for documented methodology. The CRDH model was used to simulate<br />
various plant conditions consistent with plant procedures. The Monticello PRA model<br />
includes logic for both the normal configuration as well as an enhanced flow configuration.<br />
Results were compared to previous MAAP calculations <strong>and</strong> previous assumptions.<br />
The calculated flow rates for both the normal <strong>and</strong> enhanced flow configuration<br />
showed that makeup capacity to the reactor from the CRDH system is greater than<br />
that assumed in the PRA model based on the previous evaluations.<br />
73
74<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 1:30 PM - Magnolia<br />
Panel: Next Generation Rx Risk Metrics<br />
Session Chair: Mohammad Modarres<br />
1:30 PM<br />
Panel: Next Generation Rx Risk Metricsl<br />
Mohammad Modarres, Matt Warner (GEH), Biff Bradley, Victoria Anderson (NEI), Donald Dube (NRC), Ed Wallace, Jim Kinsey<br />
The issue of alternative risk metrics for new LWRs has been under consideration by the NRC <strong>and</strong> industry for the last two years. The central issue is, given the lower risk numerics<br />
(CDF, LRF) for new reactors compared to operating plants, how to assure that the level of enhanced safety believed to be achieved with new reactors will be maintained<br />
over the life of these reactors. The alternative risk metric focus to date has been on large, single-shaft LWRs. The purpose of this session is to address the alternative risk metric<br />
issue for advanced LWRs, considering such issues as the even lower risk numerics <strong>and</strong> multiple modules in SMRs.
Session Chair: Richard M Wachowiak<br />
1:30 PM<br />
Fire PRA Maintenance <strong>and</strong> Update<br />
Br<strong>and</strong>i T. Weaver<br />
Duke Energy, Charlotte, NC<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 1:30 PM - Salon A<br />
The fire PRA is a living document that must be in synch with the internal events PRA<br />
<strong>and</strong> the as-built configuration of the plant. As the Fire PRA changes the analyst, along<br />
with interested parties at the sites, need to take action to ensure that Fire Risk related<br />
NFPA 805 conclusions are not adversely impacted. This paper will detail Duke’s approach<br />
to meeting these requirements. (Presentation Only)<br />
1:55 PM<br />
Application of Fire PSA in Nuclear Reactors<br />
Fatemeh Karimi Dehcheshmeh (a), K. Sepanloo (b), M. Zohrehb<strong>and</strong>ian (c)<br />
a) School of industrial <strong>and</strong> mechanical engineering Qazvin Islamic Azad University, Iran, b) Atomic Energy<br />
Organization, Iran, c) karaj Islamic Azad University, Iran<br />
The occurrence of fire accident is among the most serious accidents which might<br />
happen in a nuclear (or nonnuclear) facility. Thus analysis of fire accident <strong>and</strong> determination<br />
of level of safety <strong>and</strong> reliability of systems <strong>and</strong> components provide valuable<br />
information for the designers <strong>and</strong> the operating organizations. Probabilistic safety assessment<br />
(PSA) of the fire accident or “fire PSA” is a method which quantitatively<br />
analyzes the systems <strong>and</strong> equipment <strong>and</strong> based on the input data <strong>and</strong> the fire propagation<br />
models assess the consequences of the fire <strong>and</strong> the amount of exposure of<br />
the operating personnel. To achieve the above goals, it is needed firstly to analyze<br />
the structures, systems <strong>and</strong> components <strong>and</strong> their inter links <strong>and</strong> secondly the event<br />
is modeled by the PSA technique (Event trees <strong>and</strong> Fault trees) to estimate the fire<br />
accident consequences. In this paper, probability that the fire ignited in the given fire<br />
compartment will burn long enough to cause the extent of damage defined by each<br />
fire scenario is calculated by means of detection-suppression event tree. As a part of<br />
detection-suppression event trees quantification, <strong>and</strong> also for generating the necessary<br />
input data for evaluating the frequency of core damage states by SAPHIRE 7.0 or<br />
Risk Spectrum, CFAST fire modeling software is applied. The results provide a probabilistic<br />
measure of the quality of existing fire protection systems in order to maintain a<br />
typical research reactor at a reasonable safety level.<br />
Fire PSA Methods - 7<br />
2:20 PM<br />
Underst<strong>and</strong>ing Plant Fire Risk <strong>and</strong> Visualizing a Safe Shutdown<br />
Strategy Using PRISM - a Case Study<br />
Mitchell A. Theisen<br />
EPM, Inc., Risk Solutions Division, Hudson, WI<br />
To successfully quantify risk impacts of a fire within a nuclear power plant, PRA analysts<br />
need to compile various drawings, flow diagrams, cable routing information, <strong>and</strong><br />
procedures along with a complete Fire PRA model. The evaluation process can be<br />
time consuming since the process needs to be performed for many possible fire scenarios.<br />
The Plant Risk Informed Systems Model (PRISM) can streamline this process.<br />
The development of PRISM has been used to lower plant risk <strong>and</strong> improve the safe<br />
shutdown strategy process that EPM has incorporated into various NFPA 805 Transitions<br />
projects. PRISM is being used to visually depict fire damage using electrical<br />
distribution <strong>and</strong> system diagrams. An analyst can quickly see where cable damage<br />
disrupts power supply alignments as well as alternate cross-ties.<br />
Once a plant-specific Fire PRA is complete, PRISM is still an effective tool that can be<br />
used by PRA Engineers, Safe Shutdown Engineers, <strong>and</strong> Plant Operations. The tool<br />
can be used to create ‘What-If’ scenarios, underst<strong>and</strong> impacts of plant modifications<br />
(such as new cable routings or electrical cabinets) to analyze risk insights for a fire in<br />
a new location, <strong>and</strong> underst<strong>and</strong> impacts of equipment that is out-of-service. PRISM<br />
has provided the guidance<br />
2:45 PM<br />
Cooper Nuclear Station Fire PRA Results, Insights <strong>and</strong> Challenges<br />
Ole Olson (a), Stephen P Meyer (b), Jim Chapman (c)<br />
a) Nebraska Public Power District, Cooper Nuclear Station, Brownsville, NE, b) Scientech, Curtiss Wright<br />
Flow Control, Madison, OH, c) Scientech, Curtiss Wright Flow Control, Lake Mary, FL<br />
Cooper Nuclear Station is a single unit BWR 4 with a Mark I containment. A Fire PRA<br />
was developed, using guidance from NUREG/CR-6850, Industry Frequently Asked<br />
Questions (FAQs) <strong>and</strong> recent EPRI technical evaluations, such as fire ignition frequency<br />
updates. The fire PRA was developed to support the NFPA 805 project <strong>and</strong><br />
other risk informed initiatives. Detailed fire modeling, cable <strong>and</strong> circuit analysis <strong>and</strong><br />
Human Reliability Analyses (HRA) were needed to achieve results which were not<br />
clearly extraordinarily conservative. The results achieved are estimated to be conservative<br />
by a factor of 5 to 10; <strong>and</strong> there are plans to further refine the results as Industry<br />
<strong>and</strong> NRC research <strong>and</strong> development programs provide improved methods <strong>and</strong> data<br />
in areas including fire frequency, fire development <strong>and</strong> propagation, heat release rate<br />
<strong>and</strong> detection <strong>and</strong> suppression.<br />
Even though the results are conservative, the insights obtained are being successfully<br />
used to evaluate variances from deterministic requirements (VFDRs) <strong>and</strong> support<br />
identification <strong>and</strong> evaluation of potential safety enhancements.<br />
The paper discusses the methods used, <strong>and</strong> the results obtained including significant<br />
fire damage states <strong>and</strong> area specific results. In addition the insights <strong>and</strong> sensitivity of<br />
results to alternative approaches are provided. Finally the challenges in conducting the<br />
analyses, including lessons learned are provided.<br />
75
76<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 1:30 PM - Salon B<br />
Panel: PRA St<strong>and</strong>ards Development, International Considerations<br />
Session Chair: Rick Grantom<br />
1:30 PM<br />
Panel: PRA St<strong>and</strong>ards Development, International Considerations<br />
Rick Grantom, Karl Fleming, Biff Bradley, Göran Hultqvist, Donnie Harrison (NRC)<br />
This panel discussion will examine the role <strong>and</strong> expectations of PSA st<strong>and</strong>ards used to support risk management programs <strong>and</strong> risk informed applications for nuclear facilities.<br />
PSA st<strong>and</strong>ards identify what the requirements are for an acceptable PSA; however, many risk informed applications require PSAs to go beyond what the typical st<strong>and</strong>ard’s<br />
requirements. PSA St<strong>and</strong>ards have evolved over the last decade <strong>and</strong> their scope has exp<strong>and</strong>ed. This panel will discuss this as well as items such as: How should st<strong>and</strong>ards be<br />
used for risk informed applications? What does it mean to “meet the st<strong>and</strong>ard”? How does regulatory endorsement impact the processing of risk informed applications? What<br />
are the international uses <strong>and</strong> expectations for PSA st<strong>and</strong>ards? Should st<strong>and</strong>ards go beyond PSA <strong>and</strong> address risk management methods? What metrics can be used to assess<br />
the effectiveness of a PSA St<strong>and</strong>ard, a risk informed application, a risk management method?
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 1:30 PM - Carolina<br />
Uncertainty Analysis & Methods - 1<br />
Session Chair: M.Pourgol-Mohammad<br />
1:30 PM<br />
Model Uncertainty of Empirical Metallic Fuel/Clad Eutectic<br />
Predictive Relationships<br />
M.R. Denman (a), M. Zucchetti (b)<br />
a) Department of Nuclear Science <strong>and</strong> Engineering, MIT, Cambridge, MA, b) Department of Radiation<br />
Protection, DENER - Politecnico di Torino, Turino, Italy<br />
Sodium-cooled Fast Reactors (SFRs) remain a strong contender amongst the Generation<br />
IV reactor concepts. Many U.S. SFR designs utilize binary or ternary metallic<br />
fuel with stainless steel cladding. At high temperatures, iron from the cladding will<br />
diffuse into the fuel, <strong>and</strong> uranium, plutonium <strong>and</strong> rare earth fission products from the<br />
fuel will diffuse into the cladding to form a low melting point fuel/clad eutectic. The erosion<br />
of the cladding due to this eutectic formation may accelerate creep rupture, thus<br />
allowing the radioactive fission products to escape into the sodium coolant. Accurate<br />
modeling of this phenomenon may be important to making the SFR more economically<br />
competitive, but currently the eutectic formation rate is predicted using only the<br />
temperature of the fuel/clad interface. This paper improves the modeling accuracy of<br />
eutectic formation through the application of a multivariable linear regression with a<br />
database of fuel/clad eutectic experimental results.<br />
1:55 PM<br />
Uncertainty Analysis <strong>and</strong> Sensitivity Calculations for Reliability<br />
Assessment of a Digital Feedwater Control System<br />
Meng Yue, Tsong-Lun Chu, Gerardo Martinez-Guridi, <strong>and</strong> John Lehner (a),<br />
Alan Kuritzky (b)<br />
a) Brookhaven National Laboratory, Upton, New York, b) Division of Risk Analysis, Office of Nuclear<br />
Regulatory Research, U. S. Nuclear Regulatory Commission, Washington, D. C.<br />
This paper provides an analysis of three types of uncertainties for a digital feedwater<br />
control system (DFWCS) reliability model; namely, parameter uncertainty, modeling<br />
uncertainty, <strong>and</strong> completeness uncertainty. Parameter uncertainty is directly addressed<br />
by propagating the parameter associated uncertainties throughout the reliability model<br />
<strong>and</strong> explicitly considering the state-of-knowledge-correlation (SOKC) in the parameter<br />
values. Important assumptions that contribute to the modeling <strong>and</strong> completeness uncertainties<br />
are identified <strong>and</strong> discussed. Software modeling was considered out of the<br />
scope of developing the DFWCS reliability model. Still, a placeholder was provided<br />
to account for the failure of the software in the model. The software contributes to all<br />
three types of uncertainty. Finally, sensitivity calculations are performed to evaluate<br />
the importance of different design features to the reliability of the DFWCS, which provides<br />
a practical means to evaluate the digital design features.<br />
2:20 PM<br />
Identification of Single Point Vulnerability Using a Blended<br />
Method<br />
Kwang Nam Lee <strong>and</strong> Jin Kyu Han (a), Moon Goo Chi <strong>and</strong> Eun Chan Lee (b)<br />
a) KEPCO Engineering & Construction Company, Inc., Gyeonggi-do, Korea, b) Korea Hydro & Nuclear<br />
Power Company, Limited, Daejeon, Korea<br />
A Single Point Vulnerability (SPV) may cause plant transients like reactor trip, turbine/<br />
generator trip, or derated power under 50% of full power. In order to improve plant<br />
reliability <strong>and</strong> performance by preventing unexpected plant transients, we, KHNP <strong>and</strong><br />
KEPCO E&C, are developing an SPV evaluation program. To have a better result of<br />
the SPV identification <strong>and</strong> evaluation, we used a blended method comprised of qualitative<br />
<strong>and</strong> quantitative approaches. This blended method <strong>and</strong> SPV evaluation program<br />
are described herein.<br />
2:45 PM<br />
An Integrated Methodology for Assessing Model Uncertainty<br />
in Fire Simulation Codes<br />
Victor Ontiveros <strong>and</strong> Mohammad Modarres<br />
University of Maryl<strong>and</strong>, Center for Risk <strong>and</strong> Reliability, Department of Mechanical Engineering<br />
The use of fire simulation models has increased with the growth of risk-informed <strong>and</strong><br />
performance-based approaches to regulatory decision-making for the fire protection<br />
of current <strong>and</strong> advanced light water reactors. These simulation codes (considered<br />
simulation fire models) rely on various sub-models such as correlations <strong>and</strong> empirical<br />
relations to describe the underlying phenomena <strong>and</strong> processes. Most fire Probabilistic<br />
Risk Assessments (PRAs) rely on the results of the simulation codes to estimate fireinduced<br />
core damage frequency. It is, therefore, imperative to properly account for<br />
uncertainties in the simulation code results <strong>and</strong> properly account for them in the fire<br />
PRAs. This paper will review an expansion of earlier research reported by the authors<br />
for characterizing the total code output uncertainty for applications to fire simulation<br />
codes (i.e., the research considered the simulation code as a closed “black-box”). In<br />
this paper the simulation code will be opened up <strong>and</strong> considered a “white-box”, in<br />
which the uncertainties associated with the code’s inner sub-models can be accounted<br />
for in the code outputs. With this information, a more complete determination of the fire<br />
risk can be obtained when using a fire simulation model. Results of this methodology<br />
will be demonstrated by an example using the plume mass flow rate sub-model in the<br />
fire simulation code CFAST. These results will be compared with the results obtained<br />
from an earlier uncertainty estimation approach.<br />
77
78<br />
Session Chair: Jeanne-Marie Lanore<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 15, 2011 - 3:45 PM - Azelea<br />
3:45 PM<br />
Development of an Integrated Program <strong>and</strong> Database System<br />
for the Estimation of CCF Probabilities<br />
J. C. Stiller, L. Gallner, H. Holtschmidt, A. Kreuser, M. Leberecht, C. Verstegen<br />
Gesellschaft für Anlagen- und Reaktorsicherheit (GRS) mbH, Köln, Germany<br />
In order to h<strong>and</strong>le the large amounts of information necessary to quantify common<br />
cause failure (CCF) probabilities for probabilistic risk assessments (PRA) efficiently,<br />
consistently <strong>and</strong> in a traceable way, GRS has developed the integrated program system<br />
POOL for carrying out the necessary steps in the CCF quantification process.<br />
Information is managed in a project structure, where a project corresponds to a specific<br />
PRA. The user is guided through different menus to create datasets <strong>and</strong> enter<br />
the necessary information on the component groups to be modeled. The possibility to<br />
copy <strong>and</strong> change datasets at different levels of hierarchy facilitates the reuse of information.<br />
Since each CCF event in the data bank is assessed by multiple experts, the<br />
group of experts whose assessments are to be used can be defined as well. The time<br />
interval for which operating experience shall be considered also can be selected. The<br />
CCF events that occurred in the chosen time interval are automatically selected <strong>and</strong><br />
the observation times are also calculated automatically. These features also facilitate<br />
carrying out trend analyses regarding CCF with very little effort. To actually calculate<br />
the CCF probabilities an interface to the program “PEAK” has been created. PEAK<br />
estimates the CCF probabilities using the coupling model [1][2]. Both the complete<br />
input data <strong>and</strong> the results are written to a project-specific database, which thus serves<br />
as documentation for the process of CCF quantification. Using the program POOL is<br />
much more efficient than the previous procedures which included significant manual<br />
data h<strong>and</strong>ling efforts, provides comprehensive documentation <strong>and</strong> – by extensive automation<br />
<strong>and</strong> user guidance – facilitates the quality assurance of the results [3].<br />
4:10 PM<br />
Investigations of Inter-System Common Cause Failures: An<br />
Update<br />
Marie Gallois, Dominique Vasseur, Philippe Nonclercq, Jean Primet (a),<br />
Stuart Lewis (b)<br />
Ia) Electricité de France Recherche & Développement, CLAMART, France, b) Electrical Power Research<br />
Institute, Knoxville, TN<br />
Intra-system common-cause failures (CCFs) are widely studied <strong>and</strong> addressed in existing<br />
PSA models, but the information <strong>and</strong> studies that incorporate the potential for<br />
inter-system CCFs are limited. However, the French Safety Authority has requested<br />
that EDF investigate the possibility of common-cause failure across system boundaries<br />
for Flamanville 3 (an EPR design). Also, the modeling of inter-system CCF, or the<br />
determination that their impact is negligible, would satisfy Capability Category III for<br />
one of the requirements in the ASME/ANS PRA st<strong>and</strong>ard in the U.S.<br />
EDF <strong>and</strong> EPRI have presented at PSA ‘08 the proposition of a method to assess when<br />
it is necessary to take into account inter-system CCF in a PSA model. This method is<br />
based both on the likelihood of inter-system CCF <strong>and</strong> on its demonstrated potential<br />
impact on core-damage frequency (CDF). This method had been applied for pumps in<br />
different systems using a PSA model for an operating plant.<br />
Since that application was completed, the method has been applied to address the<br />
potential for failure of motor-operated valves across different systems, using the same<br />
PSA model. More recently, this application has been extended to consider the highvoltage<br />
circuit breakers in a PSA model of Flamanville 3.<br />
This paper describes the results of these last two studies <strong>and</strong> shows how they helped<br />
in refining the methodology. All three studies have shown either that components in<br />
different equipment are not susceptible to common causes of failure, or that the potential<br />
for inter-system common-cause failure had a negligible impact on the overall risk.<br />
Common Cause - 2<br />
4:35 PM<br />
Ommon Cause Failure Data Exchange (ICDE) Project<br />
Albert Kreuser (a), Gunnar Johanson (b)<br />
a) GRS - Gesellschaft für Anlagen- und Reaktorsicherheit(GRS) mbH, Schwertnergasse, Köln, GER-<br />
MANY, b) ES-Konsult - ES konsult, Solna, SWEDEN<br />
The objective of this paper is to give generic information about the ICDE activities <strong>and</strong><br />
lessons learnt.<br />
Common-cause-failure (CCF) events can significantly impact the availability of safety<br />
systems of nuclear power plants. In recognition of this, CCF data are systematically<br />
being collected <strong>and</strong> analysed in most countries. A serious obstacle to the use of national<br />
qualitative <strong>and</strong> quantitative data collections by other countries is that the criteria<br />
<strong>and</strong> interpretations applied in the collection <strong>and</strong> analysis of events <strong>and</strong> data differ<br />
among the various countries. To overcome these obstacles, the preparation for the<br />
international common cause data exchange (ICDE) project was initiated in August of<br />
1994. Since April 1998, the OECD/NEA has formally operated the project. The objectives<br />
of the ICDE project are: to provide a framework for a multinational co-operation;<br />
to collect <strong>and</strong> analyze CCF events over the long term so as to better underst<strong>and</strong> such<br />
events, their causes, <strong>and</strong> their prevention; to generate qualitative insights into the root<br />
causes of CCF events which can then be used to derive approaches or mechanisms<br />
for their prevention or for mitigating their consequences; to establish a mechanism<br />
for the efficient feedback of experience gained in connection with CCF phenomena,<br />
including the development of defenses against their occurrence, such as indicators for<br />
risk based inspections; <strong>and</strong> to record event attributes to facilitate quantification of CCF<br />
frequencies when so decided by the member countries of the Project.<br />
5:00 PM<br />
Probabilistic Failure Analysis of a Residual Heat Removal Heat<br />
Exchanger During a Postulated Loss of Coolant Accident<br />
Zeaid Hasan <strong>and</strong> Matthew King (a), Jordan Green, Alan Lee, <strong>and</strong> Christopher<br />
Pannier (b)<br />
a) Mechanical Engineering Department, Texas A&M University, College Station, Texas, b) Nuclear Engineering<br />
Department, Texas A&M University, College Station, Texas<br />
The primary function of the residual heat removal system (RHRS) is to remove heat<br />
from the core <strong>and</strong> the reactor coolant system (RCS) during plant cooldown, safety<br />
grade cold shutdown, <strong>and</strong> refueling operations when reactor coolant temperature <strong>and</strong><br />
pressure are significantly lower than normal RCS operating conditions. During normal<br />
reactor operation, the RHRS is isolated from the RCS by two isolation valves in series.<br />
The RHRS consists of multiple independent trains, each with a pump, heat exchanger<br />
<strong>and</strong> associated piping, valves, <strong>and</strong> instrumentation. The RHR heat exchanger contains<br />
thous<strong>and</strong>s of U-bend pressure tubes which are periodically sampled <strong>and</strong> examined for<br />
cracks <strong>and</strong> flaws. Otherwise, such a cracking mechanism could lead to an unstable<br />
rupture of a pressure tube. This paper describes a means to quantify the conditions<br />
<strong>and</strong> probability of an RHRS heat exchanger failure given an interfacing system loss of<br />
coolant accident (ISLOCA) in which the RHR heat exchanger is exposed to normal operating<br />
RCS temperature <strong>and</strong> pressure by a failure of the two isolation valves between<br />
the systems. If the RHR heat exchanger fails such that flow enters the component<br />
cooling water (CCW) loop <strong>and</strong> exits containment, it could empty the refueling water<br />
storage tank (RWST) <strong>and</strong> cause core damage. It is advantageous to know the conditions<br />
that will cause RHR heat exchanger failure as well as the probability of such a<br />
failure. In the analysis, heat exchanger pressure tube failure probabilities are calculated<br />
using the Monte Carlo simulation. As a result of the analysis, failure probabilities<br />
are calculated <strong>and</strong> the flow rate resulting from the failure is quantified.
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 3:45 PM - Camellia/Dogwood<br />
Risk-Informed Decision Making - 4<br />
Session Chair: Robert Lutz<br />
3:45 PM<br />
Evolution of Canadian Reliability Requirements in a Risk-Informed<br />
Environment<br />
C. Morin<br />
Canadian Nuclear Safety Commission, Ottawa, Ontario, Canada<br />
This paper will discuss the evolution of design, safety <strong>and</strong> reliability requirements in<br />
Canada over the last fifty years. Specifically, we will discuss the recent advancement<br />
of reliability requirements in light of the progress in probabilistic safety analysis. The<br />
role of Safety Goals within the past <strong>and</strong> current regulatory framework will be discussed.<br />
The development of the Canadian nuclear power safety philosophy is traced<br />
from its early roots in the 1960s to the current development of more modern requirements<br />
in the risk <strong>and</strong> reliability area. The paper will link the traditional single <strong>and</strong> dual<br />
failure criteria for safety analysis which led to the reliability requirements for special<br />
safety systems, with the modern advances in probabilistic safety assessments that<br />
are contributing to the current reliability requirements. Within the last few years, the<br />
Canadian Nuclear Safety Commission (the nuclear regulator) has developed a new<br />
reliability program regulatory guide whereby the program would not only encompass<br />
the four traditional special safety systems, but a more comprehensive list of systems<br />
that are deemed important due to their contribution to safety as determined by the<br />
probabilistic safety analysis. Some details of the implementation of this new regulatory<br />
guide will be discussed.<br />
4:10 PM<br />
“How Safe Is Safe Enough?”: A PRA Perspective on GSI-191<br />
Robert Lutz, Heather Detar, Rachel Solano <strong>and</strong> David Teolis<br />
Westinghouse Electric Company, Cranberry Township, PA<br />
Probabilistic Risk Assessment (PRA) can be used to provide insights to the question<br />
of “How Safe is Safe Enough?” The three key traditional keystones of safety are<br />
compliance with regulatory requirements; ensuring that defense in depth for accident<br />
prevention <strong>and</strong> mitigation; <strong>and</strong> maintaining safety margins. The methods used to show<br />
compliance with regulatory requirements can significantly impact the design <strong>and</strong> operation<br />
of the plant, especially the conservatisms included in the analysis methods<br />
to address uncertainties in knowledge. The PRA can be used to show that, at some<br />
point the degree of conservatisms in the analysis methods does not increase safety<br />
as measured by the core damage frequency (CDF) <strong>and</strong> large early release frequency<br />
(LERF) risk metrics.<br />
A series of PRA analyses have been performed to show the sensitivity of the risk<br />
metrics to various key assumptions used to drive the design <strong>and</strong> operational features<br />
of long term core cooling using containment sump recirculation. This directly ties to<br />
the NRC acceptance of plant modifications to respond to Generic Issue 191 to ensure<br />
long term core cooling via sump recirculation. These sensitivity analyses show<br />
that wholesale insulation change-out <strong>and</strong> further containment sump re-design may<br />
not improve safety as measured by risk. Additional focus on other aspects of accident<br />
prevention <strong>and</strong> mitigation such as leak detection <strong>and</strong> containment water management<br />
strategies provide additional defense in depth <strong>and</strong> decrease overall risk metrics.<br />
Thus, the fundamental keystones of safety may not be optimized by only considering<br />
conservatisms in methods used for regulatory compliance. This paper describes the<br />
analyses <strong>and</strong> results along with recommendations for improving the probability of successful<br />
long term core cooling via sump recirculation <strong>and</strong> the NRC acceptance of the<br />
current plant modifications to address GSI-191.<br />
4:35 PM<br />
MSPI False Indication Probability Simulations<br />
Dana Kelly, Kurt Vedros, Robert Youngblood<br />
Idaho National Laboratory, Idaho Falls, ID<br />
This paper examines false indication probabilities in the context of the Mitigating System<br />
Performance Index (MSPI), in order to investigate the pros <strong>and</strong> cons of different<br />
approaches to resolving two coupled issues: (1) sensitivity to the prior distribution<br />
used in calculating the Bayesian-corrected unreliability contribution to the MSPI, <strong>and</strong><br />
(2) whether (in a particular plant configuration) to model the fuel oil transfer pump<br />
(FOTP) as a separate component, or integrally to its emergency diesel generator<br />
(EDG). False indication probabilities were calculated for the following situations: (1)<br />
all component reliability parameters at their baseline values, so that the true indication<br />
is green, meaning that an indication of white or above would be false positive; (2) one<br />
or more components degraded to the extent that the true indication would be (mid)<br />
white, <strong>and</strong> “false” would be green (negative) or yellow (negative) or red (negative). In<br />
key respects, this was the approach taken in NUREG-1753. The prior distributions examined<br />
in this paper are 1) the constrained noninformative (CNI) prior used currently<br />
by the MSPI, 2) a mixture of conjugate priors, 3) the Jeffreys noninformative prior, 4)<br />
a nonconjugate log(istic)-normal prior, <strong>and</strong> 5) the minimally informative prior investigated<br />
in [1]. Results are presented for a set of base case parameter values, <strong>and</strong> three<br />
sensitivity cases in which the number of FOTP dem<strong>and</strong>s was reduced, along with the<br />
Birnbaum importance of the FOTP.<br />
5:00 PM<br />
CCI or CCF incident at Forsmark NPP 25 of July 2006<br />
Göran Hultqvist<br />
Forsmark Nuclear power plant, Sweden<br />
On Tuesday the 25 of July a two phase short circuit occurred when a breaker was<br />
operated in the 400 kV switch gear that connects Forsmark units 1 <strong>and</strong> 2 with the outer<br />
grid. Unit 2 was at the occurrence shut down for annual maintenance. Unit 1 was operating<br />
on full power. Each unit has two turbines. As a consequence of the short circuit<br />
the unit 1 generator bus bar voltages dropped substantially whereupon the induced<br />
magnetization in the generator tried to compensate for this. At the same time the 400<br />
kV unit breakers was opened due to under- voltage. This resulted in a voltage peek of<br />
about 120% during approximately 1 second on the generator bus bars. The voltage<br />
transient resulted in the failure of two out of four UPS, sub divisions A <strong>and</strong> B. Both the<br />
rectifier <strong>and</strong> the inverter in the UPS tripped because of over-voltage. Normally the<br />
rectifiers shall trip before the inverters but in this case the voltage changed in such an<br />
unfortunate way that transient was let through the rectifiers <strong>and</strong> caused also the inverters<br />
to trip. UPS for sub division C <strong>and</strong> D functioned as expected. Unit 1 then went into<br />
house turbine operation but both turbines tripped within approximately 30 seconds. As<br />
the turbine speed decreased the voltage <strong>and</strong> frequency of the generator fell.When the<br />
frequency reached 47 Hz the circuit breakers for the 500 V bus bars opened resulting<br />
in a loss of power for sub divisions A <strong>and</strong> B because of the failure of UPS. As a result<br />
of the power loss in two sub divisions the reactor protection system initiated a reactor<br />
scram <strong>and</strong> isolation of the containment. Two out of four electrically operated pressure<br />
relief valves opened <strong>and</strong> two out of four high pressure emergency core cooling pumps<br />
started. The diesel generators for all four sub divisions started but in sub divisions<br />
A <strong>and</strong> B the diesel generators were not connected to the 500 V bus bars because<br />
of loss of information about the motor speed. The information was missing because<br />
of the failure of the two UPS. In the control room many alarms <strong>and</strong> other information<br />
from trains A <strong>and</strong> B was missing because of the loss of power in these two trains.<br />
Approximately 22 minutes after the initial incident the power for the 500 V bus bars<br />
in all four sub divisions was restored manually by connecting the station to the 70 kV<br />
grid. Two protections that should have prevented/restricted the effects of the incident<br />
did not work as expected due to inappropriate parameter settings (UPS) <strong>and</strong> incorrect<br />
installations (under frequency relays) performed when the plant electrical systems was<br />
modernized in 2005. The incident has led to a number of changes <strong>and</strong> adjustments in<br />
order to prevent that a similar event has the same consequences in the future. A comprehensive<br />
corrective action plan was developed <strong>and</strong> approved by the management<br />
<strong>and</strong> the authority. The plan includes actions <strong>and</strong> improvements in the following areas:<br />
- Improvements in the management decision making process - Improvements in the<br />
plant modification/modernization process <strong>and</strong> in the maintenance process. - Improved<br />
safety culture - A sixty item hardware improvement action plan, including e.g. improvements<br />
in the Human-Machine interface in the main control room.<br />
79
80<br />
Session Chair: William Burchill<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 3:45 PM - Magnolia<br />
3:45 PM<br />
Investigation of Probabilistic Risk Assessment for Safeguards<br />
Inspection Verification<br />
Brent R<strong>and</strong>all Beatty, Man-Sung Yim (a), Michael D Zentner (b), George F<br />
Flanagan, Michael David Muhlheim (c)<br />
a) NCSU, North Carolina State University, Raleigh, NC, b) PNNL - Pacific Northwest National Laboratory,<br />
Richl<strong>and</strong>, WA, c) ORNL - Oak Ridge National Laboratory, Oak Ridge, TN<br />
Since the IAEA experiences in Iraq <strong>and</strong> DPRK highlighted the limitations of the Comprehensive<br />
Safeguards Agreement (CSA) implementation, a major shift of focus in<br />
safeguards inspections has been made. The implementation of safeguards for states<br />
with CSA’s are focused on verifying the nuclear material <strong>and</strong> activities which are declared.<br />
However, this ‘nuclear material accountancy’, which is similar to financial accounting,<br />
lacks the structure necessary to quickly <strong>and</strong> consistently provide assurance<br />
of facility capability <strong>and</strong> purpose with regard to undeclared material processing <strong>and</strong><br />
production. With more facilities coming under safeguards every day without a correlating<br />
increase in the number of inspectors or the inspection capacity by domestic<br />
entities or the IAEA, it has become necessary for the inspections themselves to become<br />
more efficient. Despite the addition of targeted training for the complexities of<br />
Complimentary Access, the inspection is very dependent on the knowledge base <strong>and</strong><br />
proclivities of the individual inspectors. The current inspection process relies heavily<br />
on the individual inspector’s experience <strong>and</strong> wisdom to identify areas of risk. It is<br />
necessary to require consistency in the application of different mix of skills of various<br />
inspection teams to consistently identify the same major risk area.<br />
The objective of this research work is to investigate the use of probabilistic risk assessment<br />
to help safeguards inspectors underst<strong>and</strong> <strong>and</strong> analyze the complexity of a<br />
nuclear facility for investigatory inspection. Development of such tool will be through<br />
the application of probabilistic risk assessment (PRA) technique. The proposed application<br />
will provide the ability to identify the potential high risk areas <strong>and</strong> evaluate the<br />
sensitivity to characteristic perturbations in the analysis in order to identify which areas<br />
of the facility would have the greatest impact on the proliferation risk if they deviated<br />
from the declared design.<br />
The Graphite Reactor at the ORNL site is chosen for the application of PRA for safeguards<br />
inspections in this study. The choice was due to its accessibility, potential<br />
proliferation vulnerabilities, <strong>and</strong> potential for an immediate applicability of the results.<br />
Graphite reactors are particularly at risk for proliferation because they don’t require<br />
enriched uranium. Implementation of the PRA methodology, results of the analysis,<br />
<strong>and</strong> implications of the results will be discussed.. (Presentation Only)<br />
4:10 PM<br />
An Assessment of the Terrorists Attack Risk for a BWR Nuclear<br />
Power Plant Using Monte Carlo Simulation<br />
Min Lee <strong>and</strong> Yi-Chang Tian<br />
Institute of Nuclear Engineering <strong>and</strong> Science, Nation Tsing Hua University, Hsin Chu, Taiwan<br />
The risk of operating a nuclear power plant associated with the terrorist attack risk<br />
can be quantified as the summation of the risk of each individual region within the vital<br />
area of the plant. The risk of each individual region can be viewed as the product of<br />
five factors. These factors are the frequency of terrorist attack, the probability that the<br />
terrorist can break into vital area of the plant, the probability of a specific area within<br />
the vital area becomes the target of the attack, the probability that terrorist can reach<br />
the area successfully, <strong>and</strong> the conditional core damage probability (CCDP) of the specific<br />
area once the terrorists reach the area. In the present study, a mathematical<br />
model is developed to quantify the probability of a specific region within the vital area<br />
of the plant becomes the target of the attack. It is assumed that the terrorists’ acts in<br />
the plant are purely r<strong>and</strong>om, i.e. their behavior can be simulated using Monte Carlo<br />
method with assumed probability distribution functions. The Monte Carlo simulations<br />
are performed separately for each important floor of almost all the buildings within the<br />
vital area. The probability of invaders leave the floor through a particular entrance or<br />
exit can also be determined in the simulations. Another set of Monte Carlo simulation<br />
based on these probabilities is performed to determine the probability that a particular<br />
floor <strong>and</strong> building will become the target of the attack. The surrogate plant used in the<br />
present study is Kuoshen Nuclear Power Station of Taiwan Power Company. The station<br />
employs a General Electric designed BWR VI (Boiling Water Reactor) reactor with<br />
Mark III containment. The model has identified the specific regions within the vital area<br />
of the plant that have higher risk <strong>and</strong> also the regions with higher probability that terrorist<br />
will appear. The latter regions are also the areas that the security force can arrest<br />
the invaders. The results demonstrate that the risk of terrorist attack is dominated by<br />
the CCDP of the specific area. The results of the present study can used to enhance<br />
the security of the plant.<br />
Proliferation Risk - 2<br />
4:35 PM<br />
Simiting Future Proliferation <strong>and</strong> Security Risk<br />
Robert A. Bari<br />
Brookhaven National Laboratory, Upton, NY<br />
A major new technical tool for evaluation of proliferation <strong>and</strong> security risks has<br />
emerged over the past decade as part the activities of the Generation IV International<br />
Forum. The tool has been developed by a consensus group from participating<br />
countries <strong>and</strong> organizations <strong>and</strong> is termed the Proliferation Resistance <strong>and</strong> Physical<br />
Protection (PR&PP) Evaluation Methodology. The methodology defines a set of challenges,<br />
analyzes system response to these challenges, <strong>and</strong> assesses outcomes. The<br />
challenges are the threats posed by potential actors (proliferant states or sub-national<br />
adversaries). It is of paramount importance in an evaluation to establish the objectives,<br />
capabilities, resources, <strong>and</strong> strategies of the adversary as well as the design <strong>and</strong> protection<br />
contexts. Technical <strong>and</strong> institutional characteristics are both used to evaluate<br />
the response of the system <strong>and</strong> to determine its resistance against proliferation threats<br />
<strong>and</strong> robustness against sabotage <strong>and</strong> terrorism threats. The outcomes of the system<br />
response are expressed in terms of a set of measures, which thereby define the<br />
PR&PP characteristics of the system. This paper summarizes results of applications of<br />
the methodology to nuclear energy systems including reprocessing facilities <strong>and</strong> large<br />
<strong>and</strong> small modular reactors. The use of the methodology in the design phase a facility<br />
will be discussed as it applies to future safeguards concepts.<br />
5:00 PM<br />
Security System Designs Via Games of Imperfect Information<br />
<strong>and</strong> Multi-Objective Genetic Algorithms<br />
Isis Didier Lins (a), Le<strong>and</strong>ro Chaves Rêgo (b), Márcio das Chagas Moura<br />
<strong>and</strong> Enrique López Droguett (a)<br />
a) Departamento de Engenharia de Produção, Centro de Estudos e Ensaios em Risco e Modelagem Ambiental,<br />
Universidade Federal de Pernambuco, Recife, PE, Brasil, b) Departamento de Estatística, Centro<br />
de Ciências Exatas e da Natureza, Universidade Federal de Pernambuco, Recife, PE, Brasil<br />
The investments in security systems are of great importance to protect industrial plants<br />
from intentional attacks. An exhaustive analysis of the security resources’ allocation<br />
is sometimes prohibitive given its combinatorial complexity when there are several<br />
subsystems to protect <strong>and</strong> various potential security alternatives with different characteristics<br />
of reliability <strong>and</strong> cost. Alternatively, a multi-objective genetic algorithm is used<br />
to determine the optimal security system’s configurations representing the tradeoff<br />
between the probability of a successful defense <strong>and</strong> the acquisition <strong>and</strong> operational<br />
costs. Games with imperfect information are considered, in which the attacker has<br />
limited knowledge about the actual security system. The types of security alternatives<br />
are readily observable, but the number of redundancies actually implemented in each<br />
security subsystem is not known. In this way, this work analyzes the strategic interaction<br />
between a defender <strong>and</strong> an intelligent attacker by means of a game <strong>and</strong> reliability<br />
framework involving a multi-objective approach <strong>and</strong> imperfect information so as to<br />
support decision-makers in choosing efficiently designed security systems. The game<br />
equilibria are obtained via a backward induction procedure <strong>and</strong> a criterion for a single<br />
equilibrium selection is adopted. The proposed methodology is applied to an illustrative<br />
example considering power transmission lines in the Northeast of Brazil, which are<br />
often targets for attackers who aims at selling the aluminum conductors. The empirical<br />
results show that the framework succeeds in h<strong>and</strong>ling this kind of strategic interaction<br />
between defender <strong>and</strong> attacker.
Session Chair: Doug True<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 3:45 PM - Salon A<br />
Panel: Fire PSA Improvements<br />
3:45 PM<br />
Roadmap for Attaining Realism in Fire PRAs<br />
Brent Doug True (a), Ken Canavan (b), Rick Wachowiak (c), Jim Chapman (d)<br />
a) ERIN Engineering <strong>and</strong> Research, Inc., Walnut Creek, CA, b) EPRI, Charlotte, NC, c) EPRI, Thor, IA, d) Curtiss-Wright Flow Control, Boxborough, MA<br />
Over the past several years, U.S. nuclear power industry has undertaken a large number of plant-specific Fire Probabilistic Risk Assessment (FPRAs). Many of these FPRAs<br />
are based on NUREG/CR-6850 <strong>and</strong> have been performed in support of a transition to the risk-informed, performance-based fire protection requirements under 10 CFR 50.48(c).<br />
As these fire PRAs have moved toward completion, it has become evident to the industry practitioners that:<br />
• The manner in which fire are characterized does not appear to conform with operating experience,<br />
• The level of quantified risk appears to be overstated, as compared to operating experience, <strong>and</strong><br />
• There appears to be an unevenness in the level of conservatism in the results that may mask key risk insights <strong>and</strong> result in inappropriate decision-making.<br />
The need for realistic FPRAs is one that should be felt by both the NRC <strong>and</strong> licencees. Conservatively-biased PRAs do not support good decision-making:<br />
• Conservatisms in the results can mask important risk contributors<br />
• Conservatisms in the characterization of fire damage can mask the significance of plant changes<br />
• Conservatisms can lead to improper decision-making by misleading decision-makers<br />
This paper summarizes work performed by EPRI to identify the specific areas where the current methods are departing from realism <strong>and</strong> provide a roadmap for a 3 year research<br />
<strong>and</strong> development effort in this area.<br />
The panel <strong>and</strong> audience will discuss the issues associated with Fire PSA methods, <strong>and</strong> proposed improvements, if planned.<br />
81
82<br />
Session Chair: Louis Chu<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 3:45 PM - Salon B<br />
3:45 PM<br />
A Dynamic Flowgraph Methodology Approach Based on Binary<br />
Decision Diagrams<br />
Kim Björkman <strong>and</strong> Ilkka Karanta<br />
VTT Technical Research Centre of Finl<strong>and</strong> , VTT, Finl<strong>and</strong><br />
The dynamic flowgraph methodology (DFM) is an approach to model <strong>and</strong> analyze<br />
the behavior of dynamic systems for reliability assessment. The methodology can<br />
be utilized to identify how certain postulated top events may occur in a system. The<br />
result is a set of prime implicants which represent system faults resulting from diverse<br />
combinations of software logic errors, hardware failures, human errors, <strong>and</strong> adverse<br />
environmental conditions. A binary decision diagram (BDD) is a data structure used to<br />
represent Boolean functions applied, e.g., in fault tree analysis <strong>and</strong> model checking.<br />
This paper presents an alternative DFM approach based on BDD called YADRAT.<br />
The objective of a YADRAT model analysis is to find the root causes of the query<br />
(top event) of interest, similarly to traditional fault tree analysis. The main difference<br />
of YADRAT compared to the existing DFM approach is that YADRAT employs a BDD<br />
to represent a DFM model. Two different approaches to solving a BDD model have<br />
been implemented for exact computation of prime implicants. These approaches have<br />
previously been applied in static failure tree analysis. In this work the ideas for prime<br />
implicant calculation are adapted to a dynamic reliability approach combined with the<br />
multi-valued logic of DFM. In this paper the basic concepts <strong>and</strong> algorithms of YADRAT<br />
<strong>and</strong> the identified strengths <strong>and</strong> limitations of the employed approach are discussed.<br />
Also a case study illustrating the usage of YADRAT <strong>and</strong> a comparison of computational<br />
effort between two BDD implementations is presented.<br />
4:10 PM<br />
Use of Advanced Cutset Upper Bound Estimator (ACUBE)<br />
Software to Avoid Limitations Due to Use of Non-Rare<br />
Events<br />
V.M. Andersen, E.T. Burns <strong>and</strong> J.R. Stender<br />
ERIN Engineering <strong>and</strong> Research, Inc., Campbell, CA<br />
Probabilistic Safety Assessment (PSA) software, such as the CAFTA suite of codes,<br />
uses approximation algorithms (such as the Minimum Cut Upper Bound (MCUB), as<br />
well as other alternative approximations) to calculate the frequency results. These<br />
approximations are acceptably accurate when the constituent probabilities in the<br />
model are small. However, when the PSA model contains a significant number of<br />
comparatively high probability (i.e., 0.1 to 1.0) basic events, such as in Level 2 PSAs,<br />
seismic PSAs, or fire PSAs, the approximation algorithms can produce unacceptable<br />
over-counting of Core Damage Frequency (CDF) or Large Early Release Frequency<br />
(LERF) results. For example, it is not uncommon for Level 2 PSAs to over-predict<br />
LERF results by 10-25%; fire PSAs to over predict CDF results by 50%, <strong>and</strong> for seismic<br />
PSAs to over predict CDF by factors of 2-10 depending upon the modeling approach<br />
used. The Advanced Cutset Upper Bound Estimator (ACUBE) software can be<br />
used to reduce this overcounting. ACUBE processes cutsets using a binary decision<br />
diagram (BDD) algorithm to return a refined cutset result. This paper provides lessons<br />
learned <strong>and</strong> insights into the use of ACUBE to address over-counting in Level 1 PSAs,<br />
Level 2 PSAs, fire PSAs, <strong>and</strong> seismic PSAs. Practical examples from actual PSA applications<br />
are presented.<br />
Computer Methods - 1<br />
4:35 PM<br />
Data for Equipment <strong>and</strong> System Reliability (DESREL)<br />
Derek S. Mullin (a), Dan Morehouse (b)<br />
a) New Brunswick Power Corporation Point Lepreau Generating Station, Lepreau, NB, Canada, b) Syntact<br />
Consulting Inc., Saint John, NB, Canada<br />
Since Point Lepreau Generating Station (PLGS), a CANDU 600 MWe nuclear facility<br />
owned <strong>and</strong> operated by New Brunswick Power (NBP) in eastern Canada, began<br />
first power operation, information pertaining to experienced component failures, system<br />
unavailability <strong>and</strong> the equipment that comprised the site reliability program was<br />
stored on a VAX mainframe <strong>and</strong> in MSAccess databases. The program requirement<br />
was to quantify fault tree analyses on an annual basis to incorporate up-to-date component<br />
failure rates, update system probability of failure estimates for comparison to<br />
prescribed targets, <strong>and</strong> to adjust surveillance programs as necessary or raise other<br />
corrective actions to resolve emerging issues. This became a labor-intensive effort. In<br />
2001 NBP began development of a full-scope Level 2 Probabilistic Safety Assessment<br />
(PSA) to meet the requirements of Canadian Regulatory St<strong>and</strong>ard S-294, “Probabilistic<br />
Safety Assessment for Nuclear Power Plants.” To manage both the PSA <strong>and</strong> site reliability<br />
program, efficiency in the generation of plant-specific failure rates was needed<br />
to reduce that effort <strong>and</strong> to enhance capabilities. Consequently, NBP has developed a<br />
new intranet-based software system called Data for Equipment <strong>and</strong> System Reliability<br />
(DESRel), to support both the PSA <strong>and</strong> reliability programs using the C# programming<br />
language with a .NET framework. The software is scalable, developed in a modular<br />
fashion, has been validated <strong>and</strong> allows failure rates to be generated for user-defined<br />
type code patterns required by the EPRI Risk & Reliability Workstation (i.e. CAFTA).<br />
This paper describes how the DESRel system integrates with the PSA <strong>and</strong> reliability<br />
program at NBP, its features <strong>and</strong> capabilities, <strong>and</strong> identifies possible enhancements<br />
for the future.<br />
5:00 PM<br />
Quantifying Truncation Errors <strong>and</strong> Approximation Errors in<br />
PSA Quantification<br />
Jongsoo Choi<br />
Korea Institute of Nuclear Safety, Daejeon, Korea<br />
The quantification of Probabilistic Safety Assessment (PSA) of Nuclear Power Plants<br />
(NPPs) is a complicated process <strong>and</strong> always has the following two limitations: (1)<br />
Truncation Errors (TEs) in deleting low-probability cut sets <strong>and</strong> (2) Approximation Errors<br />
(AEs) in quantifying Minimal Cut Sets (MCSs). In practice, it has been impossible<br />
to quantify NPP PSA models without TEs <strong>and</strong> AEs. The purpose of this study is to<br />
develop a practical method which can exactly quantify the risk measures of NPP PSAs<br />
through evaluating TEs <strong>and</strong> AEs. Firstly, in order to deal with the TEs, the iterative<br />
process of reducing cutoff values <strong>and</strong> proving the convergence of risk measures is<br />
chosen. Using the plot of risk increment vs. cutoff value <strong>and</strong> the exponential fitting of<br />
risk increments caused by successive reductions in cutoff value, we can evaluate the<br />
truncation error. Secondly, the approach chosen here to deal with the AEs is “Semi-<br />
SDP method” which provides a practical solution to time-consuming SDP algorithms.<br />
Similarly to the cutoff value in MCS generation, Semi-SDP method also uses a parameter<br />
CBA related to accuracy <strong>and</strong> computing time. Under a sufficient low CBA values,<br />
Semi-SDP method provides a good estimate of MCS quantification within a reasonable<br />
time. This paper shows that this proposed approach is successfully applied to<br />
Level 1 PSAs for internal events of NPPs.
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Wednesday March 16, 2011 - 3:45 PM - Salon Carolina<br />
Uncertainty Analysis & Methods - 2<br />
Session Chair: Göran Hultqvist<br />
3:45 PM<br />
Probability of Events with Failing Control Rods<br />
Göran Hultqvist<br />
Forsmark Nuclear Power Plant, Sweden<br />
Within the NPSAG group several projects have been performed to position the risk for<br />
failing control rod insertion in BWR-reactors.<br />
In a separate project 3D- thermo hydraulic code have been developed <strong>and</strong> validated<br />
for assessing the effects of failing control rods in scram scenarios. Scrams ending<br />
in hot st<strong>and</strong>by or in cold shut down <strong>and</strong> even in scenarios with slowly decreasing<br />
pressure have been assessed. The changes of reactivity, water level, power, heat<br />
transfer to the condensation pool have been assessed by 2 different methods. The<br />
codes have been adjusted after assessing <strong>and</strong> comparing results from the 2 different<br />
methods. Based on verified 3D-codes the calculations have been performed to assess<br />
the consequences of<br />
- 7 , 15, 30, 64, 128 failing adjacent control rods<br />
- Failing control rods in 2 of 4 trains <strong>and</strong> in 3 of 4 trains<br />
Based on this knowledge specific cases for needs of Boron system in PSA can be<br />
specified as<br />
- No boron needed<br />
- Boron needed after 30 minutes<br />
- Boron needed within 30 minutes<br />
The output from this indicates that many rods can be failing without large consequences.<br />
Therefore it was needed to develop methods to specify the risk for having many<br />
rods failing<br />
- as adjacent rods<br />
- as spread out rods<br />
ICDE data collected for failures in scram system <strong>and</strong> in control rod screw insertion<br />
functions have been assessed for the Nordic plant. Detailed assessments of the root<br />
cause of the failures have been developed. Based on this knowledge the independence<br />
between the two different systems has been assessed. Failure data for each<br />
function <strong>and</strong> for combined functions of these systems for insertion of control rods have<br />
been specified.. The data have also been assessed concerning risk for CCF <strong>and</strong> the<br />
degree of (incipient) CCF in each event. Based on this the CCF-factors have been<br />
developed for these functions. A specific project has been performed to develop such<br />
data including the effects of CCF. This study has been based on the ICDE-data study<br />
performed earlier.<br />
4:10 PM<br />
A Simplified Methodology to Generate MGL-Parameter Uncertainty<br />
Distributions Using Alpha-Parameter Data from<br />
NUREG/CR-5497<br />
Joshua M. Reinert<br />
AREVA NP Inc., Marlborough, MA<br />
This paper describes a simplified methodology to convert uncertainty in commoncause<br />
failure (CCF) data in alpha-parameter format from NUREG/CR-5497 into<br />
MGL-parameter data uncertainty. A simplified methodology is proposed that assumes<br />
a large amount of uncertainty in the beta parameter <strong>and</strong> none in the remaining MGLparameters.<br />
This leads to overestimation of the uncertainty for CCF of two-out-of-four<br />
redundant components <strong>and</strong> a more realistic estimate of uncertainty in CCF of more<br />
redundant components, with the most realistic level of uncertainty estimated for CCF<br />
of all redundant components. Since PRA results are generally dominated by CCF of all<br />
redundant components, this proposed methodology has the advantage of producing<br />
the most realistic estimate of uncertainty for the failure mode of concern. This work<br />
describes the use of different types of uncertainty distributions. The adequacy of this<br />
approach is evaluated using simulation of a four-train system <strong>and</strong> various system<br />
success criteria.<br />
4:35 PM<br />
Parameter <strong>and</strong> Model Uncertainty Analysis using Dempster-<br />
Shafer Theory in Nuclear Probabilistic Risk Assessment.<br />
Tu Duong Le Duy, Dominique Vasseur, Mathieu Couplet (a), Laurence<br />
Dieulle, Christophe Bérenguer (b)<br />
a) Risk Management Department, Electricity of France R&D, Clamart cedex, France, b) University of<br />
Technology of Troyes, UMR STMR, Institut Charles Delaunay/LM2S, Troyes Cedex, France<br />
In Nuclear Power Plants, Probabilistic Risk Assessment (PRA) insights contribute to<br />
achieve a safe design <strong>and</strong> operation. In this context, decision making process must be<br />
robust <strong>and</strong> uncertainties must be taken into account <strong>and</strong> controlled. In the current PRA<br />
practice, the model uncertainty due to different alternative assumptions made in logical<br />
structures of event or fault trees may be neglected or addressed only through sensibility<br />
studies. In this paper, two approaches for dealing with the model uncertainty:<br />
the weighted mixing approach <strong>and</strong> the enveloping approach will be presented in the<br />
Dempster-Shafer Theory framework which is used to take account of parameter uncertainty<br />
at the same time. The weighted mixing approach is recognized to be suitable<br />
only to cases where the experts have sufficient information to express their degrees of<br />
belief in terms of probabilities with regard to alternative models. On the contrary, the<br />
enveloping approach will be more appropriate to apply when no information is available.<br />
This approach will be illustrated through a practical example in the context of<br />
level 1 PRA application at EDF.<br />
83
84<br />
Robert J. Budnitz<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Thursday March 17, 2011 - 8:00 AM - Gr<strong>and</strong> Ballroom<br />
Plenary Session IV<br />
Dr. Robert J. Budnitz has been involved with nuclear-reactor safety <strong>and</strong> radioactive-waste<br />
safety for many years. Bob earned a Ph.D. in experimental physics from Harvard in 1968.<br />
Dr. Budnitz is on the scientific staff at the University of California’s Lawrence Berkeley National<br />
Laboratory (LLNL), where he works on nuclear power safety, security <strong>and</strong> radioactivewaste<br />
management. From 2002 to 2007 he was at UC’s Lawrence Livermore National<br />
Laboratory, during which period he worked on a two-year special assignment (late 2002 to<br />
late 2004) in Washington to assist the Director of DOE’s Office of Civilian Radioactive Waste<br />
Management to develop a new Science & Technology Program.<br />
Prior to joining LLNL in 2002, Dr. Budnitz ran a one-person consulting practice in Berkeley CA<br />
for over two decades. In 1978-1980, he was a senior officer on the staff of the U.S. Nuclear<br />
Regulatory Commission, serving as Deputy Director <strong>and</strong> then Director of the NRC Office of<br />
Nuclear Regulatory Research.<br />
Cheri Collins<br />
Cheri Collins is general manager of external alliances in Southern Nuclear’s Nuclear Development<br />
organization.<br />
She is responsible for establishing <strong>and</strong> maintaining relationships with companies building<br />
AP-1000’s including the plants in China. Additionally, she is a primary spokesperson for new<br />
nuclear development <strong>and</strong> is responsible for developing <strong>and</strong> sustaining key alliances that benefit<br />
Southern Company’s nuclear operations.<br />
Prior to her current position, Collins served as Plant Manager at the Joseph M. Farley Nuclear<br />
Plant in southeast Alabama where she oversaw all aspects of plant operations. Collins began<br />
her career with Southern Company in 1978 as a summer intern in Alabama Power’s Clanton<br />
District office. In 1982, she accepted a full-time position as a junior engineer in the safety,<br />
audit <strong>and</strong> engineering review department at Plant Farley. In 1987, Collins earned a senior reactor<br />
operator license from the Nuclear Regulatory Commission <strong>and</strong> was promoted to operations<br />
shift foreman. Collins progressed through positions of increasing responsibility at Plant<br />
Farley including licensing supervisor <strong>and</strong> shift supervisor. From 1993 to 1994 she served as a loaned employee to the<br />
Institute of Nuclear Power Operations (INPO) where she had the opportunity to observe nuclear plant operations across<br />
the country. After serving as a loaned employee to INPO, Collins’ responsibility continued to increase at Plant Farley. In<br />
1995, she became operations support superintendent <strong>and</strong> in 1999 she was promoted to operations manager. In 2002 she<br />
became plant support assistant general manager responsible for engineering, security <strong>and</strong> training. In 2004 Collins left<br />
Plant Farley to assume the position of general manager of nuclear support at the Southern Nuclear corporate offices in<br />
Birmingham. As a general manager, she traveled to Germany to visit two nuclear plants. In 2005, while still in Birmingham,<br />
she served as Human Resources director for Southern Company Generation. In 2006, Collins was named general manager<br />
of Southern Nuclear’s supply chain organization.<br />
Collins holds a bachelors of science degree in structural engineering from the University of Alabama at Birmingham. She<br />
is regularly asked to speak at industry conferences addressing various aspects of leadership. In 2001, she was a keynote<br />
speaker at the annual CEO conference of INPO. She is a member of the Women in Nuclear Organization (WIN) <strong>and</strong> has<br />
spoken at a number of the organization’s conferences.<br />
Collins calls Eufaula, Alabama home. Her hobbies include reading <strong>and</strong> golf.
Session Chair: Kyle Metzroth<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Thursday March 17, 2011 - 9:00 AM - Azalea<br />
9:00 AM<br />
Applications Guidance Document for the MAAP4 Accident<br />
Analysis Code<br />
Barbara J. Schlenger-Faber<br />
ERIN Engineering <strong>and</strong> Research, Inc., West Chester, PA<br />
The Modular Accident Analysis Program Version 4 (MAAP4) is a computer code used<br />
by nuclear utilities <strong>and</strong> research organizations to predict the progression of LWR accidents.<br />
The code simultaneously models the dominant thermal-hydraulic <strong>and</strong> fission<br />
product phenomena in both the primary system <strong>and</strong> the containment. The MAAP4 Applications<br />
Guide provides detailed information to enable code users to optimize their<br />
efforts <strong>and</strong> generate high-quality Level 1 analyses for probabilistic risk assessments<br />
(PRAs). The guide also contains a compilation of summary information on the benchmarking<br />
of MAAP4 models <strong>and</strong> an assessment of the code’s ability to adequately<br />
predict significant Level 1 PRA phenomena. In addition, it specifies the code’s range of<br />
applicability <strong>and</strong> provides a comprehensive list of limitations, precautions <strong>and</strong> recommendations.<br />
The portions of the guide related to best practices for performing analyses<br />
<strong>and</strong> addressing uncertainties <strong>and</strong> sensitivities were presented at the PSA 2008<br />
conference. The current paper contains representative highlights <strong>and</strong> insights from the<br />
portions that focus on specific guidance for BWR <strong>and</strong> PWR analyses. It describes the<br />
process <strong>and</strong> summarizes the conclusions of the review of more than 30 benchmarks<br />
by a team of MAAP4 experts. It also discusses the portion of the guide that delineates<br />
the applicability of the code, its limitations, <strong>and</strong> recommended precautions as a function<br />
of sequence type <strong>and</strong> plant feature.<br />
Computer Methods - 2<br />
9:25 AM<br />
Conversion of Fault Tree <strong>and</strong> Event Tree Models for PSA<br />
Johan Sörman <strong>and</strong> Ola Bäckström<br />
Sc<strong>and</strong>power - Lloyds Register, Sundbyberg, Sweden<br />
There are today 5 computer codes that are used by a majority of the world´s Nuclear<br />
Power Plant´s for Fault Tree <strong>and</strong> Event Tree modeling <strong>and</strong> PSA. The computer codes<br />
display differences in the way fault trees <strong>and</strong> event trees are realized, but in particular<br />
they include many advanced features that have been implemented based on different<br />
philosophies.<br />
In a transition from one code to another it is therefore important to have knowledge<br />
about each codes special <strong>and</strong> advanced features to best translate them, making optimal<br />
use of the advanced features in the code you are moving to.<br />
Most nuclear power plants continue to use the PSA software code they started using<br />
when first developing their PSA, but in some occasions transitions from one code to<br />
another is done including a conversion of the fault tree <strong>and</strong> event tree models. National<br />
regulatory authorities may have to be able to convert from one fault tree <strong>and</strong> event<br />
tree model in one software to another, because they have chosen to use one of them<br />
for their regulatory process <strong>and</strong> the fault tree <strong>and</strong> event tree models they receive are<br />
made in different PSA software.<br />
This paper discusses technical issues moving a fault tree <strong>and</strong> event tree model from<br />
one software to another. What are the similarities <strong>and</strong> what are the differences in the<br />
fault tree <strong>and</strong> event tree model software of today?<br />
85
86<br />
Session Chair: Karl Fleming<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Thursday March 17, 2011 - 9:00 AM - Camellia/Dogwood<br />
9:00 AM<br />
Development of Core Damage Frequency Evaluation Code<br />
for NPP Due to Components Aging Degradation<br />
Masajiro Sugawara, Hitoshi Muta <strong>and</strong> Haruo Fujimoto<br />
Japan Nuclear Energy Safety Organization (JNES), Tokyo, JAPAN<br />
A part of accidents has the potential to be induced by the age-degradation of components.<br />
The feature of failure rate of components has bathtub curve, i.e., initial failure<br />
rate (decreasing rate in time), r<strong>and</strong>om failure rate (constant rate in time) <strong>and</strong> wear-out<br />
failure rate (increasing rate in time). However, in many probabilistic safety assessments<br />
(PSAs), core damage frequency (CDF), containment failure frequency (CFF)<br />
<strong>and</strong> large early release frequency (LERF) are estimated using only component’s r<strong>and</strong>om<br />
failure rate. This is because of difficulty of treating aging-effect directly into the<br />
ordinary fault trees. In this situation, CDF, CFF <strong>and</strong> LERF have cyclic feature <strong>and</strong><br />
never grows its value even in the end of nuclear power plant (NPP) life time.<br />
This paper shows the development of analysis model, computer code <strong>and</strong> sample<br />
calculation of aging-effects for PSA use.<br />
Aging in PSA - 1<br />
9:25 AM<br />
Inclusion of Passive Failures in a PRA System for Long Term<br />
Operation Considerations<br />
L. L. Genutis, B. R. Baron, S. A. Nass (a), D. M. Tirsun (b)<br />
a) Westinghouse Electric Company LLC, Cranberry, PA, b) Westinghouse Electric Company LLC, Comanche<br />
Peak Nuclear Power Plant, Glen Rose, TX<br />
Passive failures, such as pipe failures in mitigating <strong>and</strong> support systems, are not typically<br />
explicitly included in a Probabilistic Risk Assessment (PRA) model; however,<br />
passive failures are considered for aging management decisions <strong>and</strong> evaluations. As<br />
utilities begin to consider plant life extension beyond 60 years, it is useful to include<br />
PRA as potential input to plant decision making related to aging management <strong>and</strong> long<br />
term operation. One way to jointly consider PRA <strong>and</strong> aging management is to evaluate<br />
the sensitivity of PRA results to the addition of passive failures that are not typically included<br />
in the PRA but could impact aging management decisions. This paper presents<br />
a study of the risk impact of passive failures in the Station Service Water (SW) support<br />
system for the Comanche Peak Nuclear Power Plant (CPNPP) PRA model. Piping<br />
segments within the current CPNPP PRA model’s SW flowpath were added to the CP-<br />
NPP PRA model of record to create a base Aging Management model. Core Damage<br />
Frequency (CDF), SW Initiating Event Frequency, <strong>and</strong> impact on failure probability of<br />
the Auxiliary Feedwater System (AFW) (SW is AFW’s backup supply) were quantified<br />
using the Aging Management model. Sensitivity studies were then performed.<br />
The results demonstrated that the addition of new failures shows a measurable increase<br />
in results. This is expected because the SW System provides cooling to a<br />
number of mitigating systems including the Emergency Core Cooling System, Diesel<br />
Generator, <strong>and</strong> Auxiliary Feedwater.
Session Chair: Mike Yau<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Thursday March 17, 2011 - 9:00 AM - Magnolia<br />
9:00 AM<br />
Effect of Testing Coverage on Software Reliability - An Experimental<br />
Investigation<br />
Sergiy Vilkomir<br />
East Carolina University, Greenville, NC<br />
Logical expressions are often used to formalize software specifications of safety-critical<br />
systems. These logical expressions can be tested using software testing methods<br />
(criteria) that include Decision Coverage (DC), Condition Coverage (CC), Decision/<br />
Condition (D/CC), <strong>and</strong> Modified Condition/Decision Coverage (MC/DC). Selection of<br />
the appropriate testing method is an important practical task. A significant characteristic<br />
for this selection process is underst<strong>and</strong>ing the effect of testing methods on software<br />
reliability, specifically their ability to reveal faults. This paper provides experimental<br />
results for determining the probabilistic characteristics of effectiveness of testing criteria.<br />
A logical expression, which is typical for nuclear reactor protection system logic,<br />
is used as a case study for this research. Probabilities for a test set to reveal a fault in<br />
the logical expression are evaluated for DC, CC, D/CC, <strong>and</strong> MC/DC. Our experimental<br />
results show that, when compared with r<strong>and</strong>om testing, using DC, CC, or D/CC criteria<br />
do not provide significant benefits. At the same time, the results confirm that MC/DC is<br />
a reasonable <strong>and</strong> effective technique to test logical expressions in software.<br />
Software Reliability<br />
9:25 AM<br />
Review of Quantitative Software Reliability Methods<br />
Tsong-Lun Chu, Meng Yue, Gerardo Martinez-Guridi, <strong>and</strong> John Lehner<br />
Brookhaven National Laboratory, Upton, New York<br />
For several years, Brookhaven National Laboratory (BNL) has worked on Nuclear<br />
Regulatory Commission (NRC) projects to investigate methods <strong>and</strong> tools for the probabilistic<br />
modeling of digital systems. However, the scope of this research principally<br />
focused on hardware failures, with limited reviews of software failure experience <strong>and</strong><br />
software reliability methods. An important identified research need is to establish a<br />
commonly accepted basis for incorporating the behavior of software into digital instrumentation<br />
<strong>and</strong> control (I&C) system reliability models for use in PRAs. To address this<br />
need, BNL is exploring the inclusion of software failures into the reliability models of<br />
digital I&C systems, such that their contribution to the risk of the associated nuclear<br />
power plant (NPP) can be assessed. Two tasks were undertaken towards this objective:<br />
(1) establishment of a philosophical basis for incorporating software failures into<br />
digital system reliability models for use in PRAs <strong>and</strong> (2) review of quantitative software<br />
reliability methods (QSRMs).<br />
The objective of this paper is to summarize the work accomplished under the second<br />
task <strong>and</strong> documented in a BNL report. The objective of reviewing the QSRMs was to<br />
gain comprehensive knowledge of available methods, especially those emphasizing<br />
the quantification of software failure rates <strong>and</strong> probabilities that might be employed<br />
in reliability models of digital systems used in NPP PRAs. The review was built upon<br />
BNL‟s previous reviews of software reliability methods, <strong>and</strong> on leveraging earlier work<br />
sponsored by the NRC <strong>and</strong> by the National Aeronautics <strong>and</strong> Space Administration<br />
(NASA).<br />
87
88<br />
Session Chair: Br<strong>and</strong>i T Weaver<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Thursday March 17, 2011 - 9:00 AM - Salon A<br />
9:00 AM<br />
A Holistic Approach for Performing Level 1 Fire PRA<br />
Marina Röwekamp <strong>and</strong> Michael Türschmann (a), Heinz-Peter Berg (b)<br />
a) Gesellschaft für Anlagen- und Reaktorsicherheit (GRS) mbH, Köln, Germany, b) Department of Nuclear<br />
Engineering, Bundesamt für Strahlenschutz (BfS), Salzgitter, Germany<br />
For performing a state-of-the-art Fire PRA it is essential to establish <strong>and</strong> apply a<br />
comprehensive database in a well-structured <strong>and</strong> easily traceable manner. Such a<br />
database structure has been developed <strong>and</strong> the compilation of data <strong>and</strong> information<br />
needed has been demonstrated for performing a Level 1 Fire PRA for full power states<br />
to a German nuclear power plant with boiling water reactor (BWR). To achieve a holistic<br />
approach this database has been enhanced such that it can also be used to derive<br />
a Level 1 Fire PRA for low power <strong>and</strong> shutdown states. For an easier application by<br />
external users, the user interface of the database has also been improved.<br />
A thoroughly investigated database provides a suitable tool to assist the Fire PRA analyst<br />
by means of its implemented functions such as data examination <strong>and</strong> preparation,<br />
analysis <strong>and</strong> application as well as in the review of a Fire PRA.<br />
It is demonstrated that the general methodology for performing Fire PRA as described<br />
in the German Probabilistic Safety Analysis Guide can be applied both for full power<br />
as well as for low power <strong>and</strong> shutdown plant operational states. However, some differences<br />
in the data (e.g., unavailability of systems, transient fire loads, <strong>and</strong> hot work)<br />
must carefully be regarded. In the contribution, the structure <strong>and</strong> use of the fire database<br />
established is explained in detail. Two aspects are particularly emphasized. First,<br />
it is outlined how the database is used to provide the input data for PRA modeling<br />
software in case of screening analyses in a systematic <strong>and</strong> mainly automatic manner.<br />
This is compared to the preparation of input data for calculating the conditional core<br />
damage frequency for selected fire sources in the detailed analyses. Secondly, the<br />
stepwise process of determining fire occurrence frequencies during screening <strong>and</strong><br />
detailed analyses is depicted <strong>and</strong> the support which can be provided by a comprehensive,<br />
traceable <strong>and</strong> integral database is described.<br />
Fire PSA Methods - 8<br />
9:25 AM<br />
Calculation of Fire Severity Factors <strong>and</strong> Fire Non-Suppression<br />
Probabilities for a DOE Facility Fire PRA<br />
Tom Elicson (a), Jim Bouchard <strong>and</strong> Heather Lucek (b), Bentley Harwood (c)<br />
a) WorleyParsons Polestar, Inc., Hudson, OH, b) WorleyParsons Polestar, Inc., Idaho Falls, ID, d) Idaho<br />
National Laboratory, Battelle Energy Alliance, LLC, Idaho Falls, ID<br />
Over a 12 month period, a fire PRA was developed for a DOE facility using the NUREG/<br />
CR-6850 EPRI/NRC fire PRA methodology. The fire PRA modeling included calculation<br />
of fire severity factors (SFs) <strong>and</strong> fire non-suppression probabilities (PNS) for each<br />
safe shutdown (SSD) component considered in the fire PRA model. The SFs were<br />
developed by performing detailed fire modeling through a combination of CFAST fire<br />
zone model calculations <strong>and</strong> Latin Hypercube Sampling (LHS). Component damage<br />
times <strong>and</strong> automatic fire suppression system actuation times calculated in the CFAST<br />
LHS analyses were then input to a time-dependent model of fire non-suppression<br />
probability. The fire non-suppression probability model is based on the modeling approach<br />
outlined in NUREG/CR-6850 <strong>and</strong> is supplemented with plant specific data.<br />
This paper presents the methodology used in the DOE facility fire PRA for modeling<br />
fire-induced SSD component failures <strong>and</strong> includes discussions of modeling techniques<br />
for:<br />
• Development of time-dependent fire heat release rate profiles (required as input to<br />
CFAST),<br />
• Calculation of fire severity factors based on CFAST detailed fire modeling, <strong>and</strong><br />
• Calculation of fire non-suppression probabilities.
Session Chair: Paul Boneham<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Thursday March 17, 2011 - 9:00 AM - Salon B<br />
9:00 AM<br />
Dealing with System Recoveries in Event Trees<br />
Mohamed Hibti <strong>and</strong> Anne Dutfoy<br />
EDF R&D, cedex Clamart, France<br />
PSA models are generally supported by a classical event tree approach. For level 2<br />
applications, there is a need to integrate system recoeveries to reduce conservatism<br />
<strong>and</strong> allow consideration of some dynamic phenomena. In this paper, we propose an<br />
apprach to model system recoveries in event tree sequences such that automated<br />
treatment can be done for quantication issues without post-treatments which may be<br />
very convenient for models that are dedicated to uncertainty <strong>and</strong> sensitivity analysis.<br />
Three methods are proposed : the rst is based on integration of recovery events for<br />
some signicant components, the second consider what we call functional groups, <strong>and</strong><br />
the third is based on the combination of the event tree approach with a dynamic framework.<br />
In the last approach, to model recovery, sequences, obtained from a Boolean<br />
driven Markov processes quantication, are integrated in the form of trees representing<br />
their minimal content.<br />
9:25 AM<br />
The Plant Damage States Analysis for CPR1000 at Power Operation<br />
PENG Changhong <strong>and</strong> ZHANG Ning<br />
China Nuclear Power Technology Research Institute, Shenzhen, China<br />
In PSA model, the quantification of Level 2 consists of two distinctive stages: 1) propagation<br />
of Level 1 core damage sequences to plant damage states (PDS) <strong>and</strong> 2) mapping<br />
of PDS to Level 2 release categories. The Level 1 PSA identifies a large number<br />
of accident sequences which lead to core damage. Accident sequences should be<br />
grouped together into plant damage states (PDS) so that all accidents within a given<br />
PDS can be treated in the same way for the purposes of the Level 2 PSA. The first<br />
stage is performed by means of interfacing event trees or, so called, bridge trees. The<br />
PDS analysis <strong>and</strong> bridge tree for CPR1000 at power operation should consider the<br />
following attribution: Status of RCS at onset of core damage; Status of Emergency<br />
Core Cooling system (ECCS); Status of Containment Spray Injection <strong>and</strong> Recirculation;<br />
heat removal <strong>and</strong> status of the Steam Generators; Status of AC Power <strong>and</strong> Accumulator.<br />
For each of these sequences with frequency of at least 1E-10 /yr in which<br />
not all the attribution can be indentified in Level 1 model, a specific bridge tree should<br />
be developed. The end states of bridge tree or Level 1 model sequences represent<br />
plant damage states (PDS). The PDS with similar accident progression can be binned<br />
into a same group, PSDG. At last, the frequency <strong>and</strong> attribution of top five PDSG can<br />
be provided.<br />
Level II/III PSA - 1<br />
9:50 AM<br />
A Monte Carlo Approach for Categorizing LERF Scenarios in<br />
Loss of Decay Heat Removal Accident Sequences<br />
Donald E. Vanover <strong>and</strong> Robert J. Wolfgang<br />
ERIN Engineering <strong>and</strong> Research, Inc., West Chester, PA<br />
Recent Emergency Planning (EP) inputs have indicated that guidance is now provided<br />
to not to call for a General Emergency (GE) until multiple barriers are determined to<br />
be lost (unless there is a scenario specific alternative, e.g., Station Blackout). If these<br />
recent EP interpretations of the Emergency Action Levels (EALs) are used <strong>and</strong> applied<br />
to the Class II long term severe accident sequences, then the LERF risk metric would<br />
increase significantly for most BWRs. Alternatively, credit for the ERO, the state, the<br />
NRC, <strong>and</strong> vendor inputs into the decision making process can be anticipated <strong>and</strong><br />
legitimately integrated into the LERF assessment process. Additional considerations<br />
regarding the potential variability of evacuation times with respect to variations in the<br />
magnitude of the releases <strong>and</strong> when they become a c<strong>and</strong>idate for a large release can<br />
also be integrated into the LERF assessment process.<br />
The intent of this paper is to describe an approach that was developed to assess the<br />
various inputs that go into the determination of a “Large” <strong>and</strong> “Early” release for long<br />
term loss of decay heat removal scenarios. Once these inputs are assessed, each of<br />
the inputs are integrated using a Monte Carlo approach factoring in the uncertainty associated<br />
with each key input to determine the overall probability that a large <strong>and</strong> early<br />
release occurs in these scenarios.<br />
89
90<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Thursday March 17, 2011 - 9:00 AM - Carolina<br />
Uncertainty Analysis & Methods - 3<br />
Session Chair: Gabriel Georgescu<br />
9:00 AM<br />
Approaches for Addressing Parametric <strong>and</strong> Modeling Uncertainties<br />
in a Refernce PWR PRA<br />
Young G. Jo <strong>and</strong> Beomhee Jeong<br />
Southern Nuclear Operating Company, Birmingham AL<br />
In this paper, approaches used in a reference PWR PRA for addressing parametric<br />
<strong>and</strong> modeling uncertainties were discussed. A challenge in performing parametric<br />
uncertainty analysis is to properly treat the state-of-knowledge correlations among<br />
basic event probabilities. An approach was developed <strong>and</strong> applied successfully for<br />
treating the state-of- knowledge correlations effectively in CAFTA <strong>and</strong> UNCERT codes<br />
environment. The basic strategy for reducing modeling uncertainties in the reference<br />
PWR PRA was to perform accident analysis as many as possible using MAAP code<br />
from the early stage of the PRA modeling <strong>and</strong> use the results <strong>and</strong> insights from such<br />
MAAP analyses in PRA modeling , especially in determining success criteria, event<br />
progresses, timings for operator actions, <strong>and</strong> timings for recoveries. In some cases,<br />
sensitivity studies were performed to address uncertainties. Insights from uncertainty<br />
analyses included a potentially significant under estimation of interfacing system loss<br />
of coolant accident risk if the-state-of-knowledge correlations are ignored, significant<br />
difference in plant responses to a different break sizes in a same loss of coolant accident<br />
category or steam generator tube rupture initiating event, <strong>and</strong> the significant<br />
impacts of steam generator tube condition on large early release frequency. Since<br />
steam generator tube condition affects large early release frequency significantly, it is<br />
needed to re-evaluate the steam generator tube condition during the future updates of<br />
the reference PWR PRA to reflect such impacts properly. Also, even though much efforts<br />
had been made beforeh<strong>and</strong> to reduce modeling uncertainties, when it is required<br />
to evaluate the risk associated with a very specific case, like a loss of coolant accident<br />
with a known break size, it may be desirable to perform additional case specific accident<br />
analysis <strong>and</strong> PRA modeling in order to evaluate the associated risk more accurately<br />
<strong>and</strong> to support a proper risk informed decision making.<br />
9:25 AM<br />
Uncertainty Assessment Methodology for Probabilistic Risk<br />
Assessment (PRA); Data, Methods, Models, <strong>and</strong> Inputs<br />
Mohammad Pourgol-Mohammad (a), Seyed Mohsen Hosseini (b)<br />
a) FM Global, Norwood, MA, b) Science <strong>and</strong> Research Branch, Islamic Azad University, Tehran, Iran<br />
Uncertainty analysis is a crucial step in process of probabilistic risk assessment (PRA)<br />
for better management <strong>and</strong> decision making purposes. This paper reviews the process<br />
of uncertainty analysis <strong>and</strong> methodologies for characterization of the uncertainties <strong>and</strong><br />
their treatment in probabilistic risk assessment (PRA). This research is limited to Fault<br />
Tree (FT) <strong>and</strong> Event Tree (ET) methodologies only <strong>and</strong> deals with all uncertainties in<br />
process of PRA level I. A literature review was conducted on the subject to evaluate<br />
the state of the art on the topic. Uncertainty taxonomy is reviewed in this research to<br />
better address different sources of uncertainty. A hybrid method of maximum Entropy<br />
approach supported by Bayesian Updating is proposed to quantify the parameters’<br />
uncertainties effectively by using all relative <strong>and</strong> partially relative data <strong>and</strong> information.<br />
Bayesian approach is utilized for the inference of the parameter uncertainties.<br />
Examples from applications are provided for greater clarification of the proposed uncertainty<br />
analysis techniques.
Session Chair: Dana Kelly<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Thursday March 17, 2011 - 10:15 AM - Azalea<br />
10:15 AM<br />
Experiences from Implementation of Updated Reliability Data<br />
for Piping Components Using the R-Book<br />
Anders Olsson <strong>and</strong> Vidar Hedtjärn Swaling (a), Bengt Lydell (b)<br />
a) Sc<strong>and</strong>power-Lloyd’s Register, Sundbyberg, Sweden, b) Sc<strong>and</strong>power-Lloyd’s Register, Houston,<br />
Texas<br />
The Nordic PSA Group (NPSAG) has undertaken to develop a piping reliability parameter<br />
h<strong>and</strong>book – the so-called R-Book – for use in risk-informed applications. The<br />
scope of R-Book is to establish high quality reliability parameters that account for the<br />
Nordic <strong>and</strong> Worldwide service experience with safety-related <strong>and</strong> non-safety-related<br />
piping systems in a consistent <strong>and</strong> realistic manner. The first version of R-Book was<br />
released at the beginning of 2010 <strong>and</strong> covers ASME Code Class 1 or 2 piping components.<br />
This paper presents the whole process from start to finish: (1) The derivation of application-specific<br />
event populations <strong>and</strong> corresponding exposure terms, as input to<br />
R-Book. (2) The methodology for deriving rupture/leakage frequencies from raw data<br />
<strong>and</strong> some examples of results. (3) The first experiences gained from using R-Book<br />
data for assessment of LOCA frequencies in Swedish PSA’s.<br />
10:40 AM<br />
Component Failure Rate Refinement Using RADS/EPIX/IEDB<br />
for Prairie Isl<strong>and</strong> PRA<br />
S. Eide (a), A. Peterman, D. Malek, <strong>and</strong> J. Ritter (b)<br />
a) Scientech, A Curtiss-Wright Flow Control Company, Idaho Falls, ID, b) Xcel Energy, Welch, MN<br />
The RG 1.200 probabilistic risk assessment (PRA) upgrade project for the Prairie<br />
Isl<strong>and</strong> Nuclear Generating Plant (PINGP) included the use of NUREG/CR-6928 as the<br />
main source for industry-average component failure rates. Plant-specific data were<br />
collected for significant events to use in Bayesian updates of the industry-average<br />
priors. Preliminary quantification results indicated that several component type codes<br />
were dominating the results. For those cases, both the applicability of the prior <strong>and</strong><br />
the plant-specific data (if available) were reviewed. This paper deals with refinements<br />
of the prior distributions using more specific searches of the Equipment Performance<br />
<strong>and</strong> Information Exchange (EPIX) data <strong>and</strong> the Initiating Event Database (IEDB) using<br />
the Reliability <strong>and</strong> Availability Data System (RADS) software. For each of seven component<br />
failure modes, a RADS/EPIX or RADS/IEDB search was conducted to obtain a<br />
more specific or applicable prior distribution. The search in some cases also included<br />
a review of the failure events identified in the search to eliminate events that were not<br />
applicable. Also, in one case the trend over 1988 – 2007 was significant so only data<br />
over 2003 – 2007 were used. The result of this effort was a greater than 50% reduction<br />
in the internal event core damage frequency.<br />
PSA Data Analysis<br />
11:05 AM<br />
PSA Generic Component Failure Rate Database Update Methodology<br />
Aaron M. Lee<br />
Reliability <strong>and</strong> Safety Consulting Engineers, Inc., Knoxville, TN<br />
There are many methods of combining different types of data while updating the data<br />
with new sources of data recently made available. This paper presents the methodology<br />
used for combining multiple sources of generic data with multiple sources of historical<br />
data while simultaneously updating the data with the most current data available<br />
from NUREG/CR-6928. Also, the methodology provides a way of reconciling some of<br />
the NUREG/CR-6928 data with how the data is presented in previous generic sources.<br />
An example of this is the addition of “running” <strong>and</strong> “st<strong>and</strong>by” component failure rates in<br />
the NUREG/CR-6928 report. The NUREG/CR-6928 also came with the added benefit<br />
of adding many new components <strong>and</strong> failure modes to the database while the other<br />
generic databases <strong>and</strong> plant experience included components <strong>and</strong> failure modes that<br />
were not included in NUREG/CR-6928. The overall results of the work show that after<br />
changing methodology <strong>and</strong> inclusion of NUREG/CR-6928 data that the estimate for<br />
the rate of failure of each failure mode is relatively unchanged when compared to the<br />
original values. or example, a motor-operated valve fails to open or close failure in<br />
the previous version of the database had a failure rate of 3.00E-3/dem<strong>and</strong>. After the<br />
update, it had a value of 3.89E-3/dem<strong>and</strong>. However, the added benefit of having additional<br />
components <strong>and</strong> component failure modes to include in the database makes<br />
updating a database with NUREG/CR-6928 data in it worthwhile.<br />
11:30 AM<br />
Use of RADS/IEDB To Refine Initiating Event Prior Distributions<br />
for the Calvert Cliffs PRA<br />
R. Marlow <strong>and</strong> S. Eide (a), J. Stone <strong>and</strong> J. L<strong>and</strong>ale (b)<br />
a) Scientech, A Curtiss-Wright Flow Control Company, Idaho Falls, ID, b) Constellation Energy Nuclear<br />
Group (CENG), Lusby, MD<br />
The RG 1.200 probabilistic risk assessment (PRA) upgrade project for the Calvert<br />
Cliffs Nuclear Power Plant (CCNPP) included a large number of initiating events (IEs)<br />
<strong>and</strong> the use of NUREG/CR-6928 as the main source of industry-average frequency<br />
distributions. Those IE frequency distributions can be used as prior distributions in<br />
Bayesian updates incorporating plantspecific data as the evidence. Many of the IE<br />
distributions in NUREG/CR-6928 were generated using the Reliability <strong>and</strong> Availability<br />
Data System (RADS) <strong>and</strong> the Initiating Event Database (IEDB). However, the IE categories<br />
in NUREG/CR-6928 are general in scope <strong>and</strong> do not include the more specific<br />
IEs often modeled in current industry PRAs. This paper describes the additional<br />
RADS/IEDB analyses performed to develop priors for the detailed IE categories used<br />
in the CCNPP PRA. Methods in NUREG/CR-6928 were used to determine the appropriate<br />
periods to use for CCNPP-specific IE data when trends existed. Finally, the<br />
method used to determine whether the prior distributions developed were consistent<br />
with the CCNPP data is explained.<br />
91
92<br />
Session Chair: Hitoshi MUTA<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Thursday March 17, 2011 - 10:15 AM - Camellia/Dogwood<br />
10:15 AM<br />
Investigation of Ageing Impact on Safety Systems’ Reliability<br />
Sh. Poghosyan <strong>and</strong> A. Amirjanyan<br />
Nuclear <strong>and</strong> Radiation Safety Center, Yerevan, Armenia<br />
Safety performance of nuclear installations mostly depends on risk-significant safety<br />
systems’ reliability. PSA studies show that final results are very sensitive to the reliability<br />
parameters of safety-related components. So factors influencing reliability of<br />
particular components could also have significant impact on plant risk <strong>and</strong> play important<br />
role in riskinformed decision making process. One of the main factors which<br />
could affect component reliability is ageing process. Ageing issue is becoming more<br />
important as average age of operating nuclear plants is about 25 years. This paper is<br />
devoted to the numerical evaluation of ageing impact on safety-related components<br />
reliability. Time-dependent reliability models have been used to investigate behavior<br />
of safety systems’ reliability.<br />
10:40 AM<br />
Multi-State Physics Models of Aging Passive Components in<br />
Probabilistic Risk Assessment<br />
Stephen D. Unwin, Peter P. Lowry, Robert F. Layton, Jr., Patrick G. Heasler,<br />
<strong>and</strong> Mychailo B. Toloczko<br />
Pacific Northwest National Laboratory, Richl<strong>and</strong>, WA<br />
Underst<strong>and</strong>ing the long-term reliability performance of passive components <strong>and</strong> the<br />
extent to which safety margins are preserved will be critical to decisions on reactor<br />
life extension. Multi-state Markov modeling has proved to be a promising approach<br />
to estimating the reliability of passives - particularly metallic pipe components - in the<br />
context of probabilistic risk assessment (PRA). These models consider the progressive<br />
degradation of a component through a series of observable discrete states, such<br />
as detectable flaw, leak <strong>and</strong> rupture. Service data then generally provides the basis<br />
for estimating the state transition rates. Research in materials science is producing a<br />
growing underst<strong>and</strong>ing of the physical phenomena that govern the aging degradation<br />
of passive pipe components. As a result, there is an emerging opportunity to incorporate<br />
these insights into PRA. In this paper a state transition model is described that<br />
addresses aging behavior associated with stress corrosion cracking in ASME Class<br />
1 dissimilar metal welds – a component type relevant to LOCA analysis. The state<br />
transition rate estimates are based on physics models of weld degradation rather than<br />
service data. The resultant model is found to be non-Markov in that the transition rates<br />
are time-inhomogeneous <strong>and</strong> stochastic. Numerical solutions to the model provide<br />
insight into the effect of aging on component reliability.<br />
Aging in PSA - 2<br />
11:05 AM<br />
Evaluation Of Pipe Rupture Frequency For NPP Goesgen Using<br />
Markov Models<br />
Kozlik, T., Klügel, J.-U. (a), Dinu, I.P. (b)<br />
a) NPP Goesgen-Daeniken, Switzerl<strong>and</strong>, b) CNE Cernavoda, Romania<br />
Based on information from the International OPDE pipe failure database <strong>and</strong> from<br />
plant specific information, a Markov model was developed for estimating pipe rupture<br />
frequency to support PSA LOCA <strong>and</strong> internal flood analysis. The main purpose of<br />
the model is to obtain more realistic pipe rupture frequencies based on plant-specific<br />
information including ageing effects. The model was applied to evaluate LOCA frequencies<br />
<strong>and</strong> pipe rupture frequencies for ASME class 1 piping. The results obtained<br />
were compared with results derived from traditional Bayesian approaches. Significant<br />
conservatism of current LOCA frequency estimation methods was demonstrated. The<br />
model was also used to study alternate In-Service-Inspection practices for ASME class<br />
I piping. The method is intended to be used for estimating pipe rupture frequency of<br />
high pressure piping located in the secondary containment of the plant that have a<br />
potential to cause internal floods <strong>and</strong> harmful environmental conditions. The paper<br />
presents the essential step of model development <strong>and</strong> the results of its application.<br />
The paper presented is a contribution of NNP Goesgen-Daeniken to the Ageing PSA<br />
research network of the European Union.
Session Chair: Tom Morgan<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Thursday March 17, 2011 - 10:15 AM - Magnolia<br />
10:15 AM<br />
Psa <strong>and</strong> Risk Monitor for the Electrical Grid<br />
Zoltan Kovacs <strong>and</strong> Pavol Hlavac<br />
RELKO Ltd, Bratislava, Slovakia<br />
The deregulated power market has already contributed to conditions that challenge<br />
the stability of the grid. Restructuring of power systems to promote market-based dispatch<br />
was designed, in part, to increase utilization of existing assets. It has resulted in<br />
greater power transfers over longer distances. This has increased the loading of the<br />
transmission grid <strong>and</strong> also made local reliability more dependent on distant events.<br />
On the other side, the customer expectations of reliability are increasing <strong>and</strong> the consequences<br />
of power outages have never been greater. Even small weak points in the<br />
power transmission system, if undetected <strong>and</strong> uncorrected, might eventually lead to<br />
costly outages or trigger cascading failures that affect large regions. The traditional<br />
approach to electrical grid reliability is based on deterministic analyses for congestion<br />
<strong>and</strong> transient response under normal conditions or a condition that satisfies a<br />
single failure criterion. However, under the changed conditions this approach is not<br />
enough. The probabilistic approach should be used which can help to identify <strong>and</strong> correct<br />
potential weak points in the power system long before they trigger costly failures.<br />
Powerful reliability methods (PSA) have been developed over the past three decades,<br />
which can be tailored for use in evaluating the reliability of the existing <strong>and</strong> the future<br />
electrical grid system. Given a PSA model of the grid constructed, the risk monitor can<br />
be developed. This is a specific real-time analysis tool of the grid which can be used<br />
to determine the instantaneous risk based on the actual status of its systems <strong>and</strong><br />
components. At any given time, the risk monitor reflects the current grid configuration<br />
in terms of the known status of the various systems <strong>and</strong> components. For example,<br />
whether there are any components out of service for maintenance or tests. The risk<br />
monitor is based on the PSA model. It can be used by the staff in support of operational<br />
decisions. PSA <strong>and</strong> risk monitor is being developed for the Slovak transmission<br />
grid within a project supported by the Slovak Research <strong>and</strong> Developing Agency. This<br />
paper describes the preliminary results of this project.<br />
10:40 AM<br />
Development of the Risk Monitoring System “COSMOS” <strong>and</strong><br />
Application for the Risk Evaluation During <strong>Online</strong> Maintenance<br />
Hirohisa TANAKA (a), Junji NYUUI (b), Akira HASHIMOTO <strong>and</strong> Takahiro<br />
KURAMOTO (c)<br />
a) The Kansai Electric Power Company, (Currently belong to International Atomic Energy Agency), b) The<br />
Kansai Electric Power Company, Fukui, JAPAN, c) Nuclear Engineering, Ltd., Osaka, JAPAN<br />
The Japanese utilities have been applying risk monitoring system. It was first intended<br />
to introduce risk monitoring system for outage work planning. In addition, the utilities<br />
are considering the possibility of applying risk monitoring system to on-line maintenance<br />
(OLM) in the near future, <strong>and</strong> making necessary preparations in a steady manner.<br />
The Kansai Electric Power Company (KANSAI) <strong>and</strong> Nuclear Engineering Ltd.<br />
(NEL) are jointly working to develop the risk monitoring system “COSMOS” aiming<br />
at the utilization of the system to optimize nuclear power plant (NPP) operation <strong>and</strong><br />
maintenance activities. COSMOS, which is intended for level 1 PSA at power <strong>and</strong><br />
during shutdown, has the complete linkage with the comprehensive PSA tool, RISK-<br />
MAN, which is widely adopted by NPPs at home <strong>and</strong> abroad. This paper explains how<br />
KANSAI <strong>and</strong> NEL are working on the application of risk monitoring system in planning<br />
the outage work <strong>and</strong> on-line maintenance activities. Regarding the outage work planning,<br />
KANSAI’ s plants are conducting Level 1 shutdown PSA by using a simplified<br />
risk monitoring system now, <strong>and</strong> planning to introduce COSMOS for the future outage<br />
work planning. In planning OLM activities, it is necessary to evaluate the risk levels<br />
of individual configurations in advance in which specific systems <strong>and</strong> components are<br />
placed out-of-service according to the predetermined scope of isolation. It is planned<br />
to apply COSMOS to the evaluation of risk levels. We will make a continuous effort to<br />
extend COSMOS functions considering experience with the actual application of risk<br />
monitoring system in OLM <strong>and</strong> outage work planning.<br />
Risk Monitors<br />
11:05 AM<br />
Development of OLM Configuration Risk Management Actions<br />
for Potential Use by Japanese Utilities<br />
Hidetaka Imai, Ken-ichi B<strong>and</strong>o, Koichi Miyata<br />
Tokyo Electric Power Company, Tokyo, Japan<br />
In Japan, an overarching objective of nuclear power plant (NPP) operators is to<br />
achieve enhanced operational performance. One significant component of meeting<br />
this objective is to initiate the performance of on-line maintenance (OLM) throughout<br />
the fleet of commercial NPPs in Japan. Because Japanese NPPs currently do not perform<br />
voluntary maintenance activities that remove plant safety systems from service,<br />
the development, approval <strong>and</strong> implementation of this strategy is a complex evolution<br />
requiring the participation of the nuclear operating companies <strong>and</strong> the Japanese<br />
regulatory authority. Implementing a strategy that will safely <strong>and</strong> effectively permit the<br />
conduct of OLM requires a comprehensive <strong>and</strong> coordinated effort among all Japanese<br />
NPP operators. To achieve this objective, the Japanese Federation of Electric Power<br />
Companies formed a task force that consists of members from each nuclear operating<br />
company in Japan to develop the requirements for performing OLM. In this paper,<br />
we describe the development of a process to evaluate <strong>and</strong> manage configuration risk<br />
during the conduct of OLM at Japanese NPPs. The proposed approach was initially<br />
modeled based on the approach utilized by many NPP operators in the United States.<br />
However, there are numerous significant cultural <strong>and</strong> regulatory differences between<br />
Japan <strong>and</strong> the US (for example, there is no regulation in Japan comparable to the<br />
Maintenance Rule). As a result, the initial requirements have evolved to address the<br />
unique circumstances associated with application of OLM within the Japanese context.<br />
In this paper we describe the approach <strong>and</strong> requirements for OLM configuration<br />
risk management that have been developed for application in Japan.<br />
11:30 AM<br />
Implementation of Risk Monitoring Technology at Russian<br />
Federation VVER-1000 Reactors With Risk Watcher<br />
Francisco Osorio, Carlos López <strong>and</strong> Alfonso Sánchez<br />
Iberdrola Ingeniería y Construcción, Madrid, SPAIN<br />
Risk monitoring technology has been widely used both to determine the instantaneous<br />
risk depending on the availability of the plant components, <strong>and</strong> to help on plant safety<br />
manage over the time. This is the first Risk Monitor developed in Russia according to<br />
international St<strong>and</strong>ards. In order to implement this technology, three main phases has<br />
been developed. Phase 1: Improving the PSA quality to achieve IAEA St<strong>and</strong>ards for<br />
this kind of application. Phase 2: Developing the risk monitor model using Risk Watcher<br />
software. Phase 3: Transfer the know-how on risk monitoring technology. Balakovo<br />
NPP has been selected by the Russian utility Rosenergoatom as the pilot plant, <strong>and</strong><br />
Risk Watcher (Sc<strong>and</strong>Power risk monitor software) as the software toolbox.<br />
93
94<br />
Session Chair: Dennis Henneke<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Thursday March 17, 2011 - 10:15 AM - Salon A<br />
10:15 AM<br />
Examination of the Efficacy of the NFPA-805 “Fire Modeling”<br />
Approach (Comparison Between “Maximum Expected” <strong>and</strong><br />
“Limiting” Fire Scenarios)<br />
Raymond HV Gallucci<br />
U.S. Nuclear Regulatory Commission (NRC), Washington, D.C.<br />
National Fire Protection Association St<strong>and</strong>ard 805 permits the use of fire modeling<br />
to quantify the fire risk <strong>and</strong> margin of safety when using the performance-based approach<br />
to demonstrate compliance, provided that there is a “sufficiently large” margin<br />
between the “maximum expected” <strong>and</strong> “limiting” fire scenarios. This paper attempts to<br />
develop quantitative insight to determine what might constitute this “sufficiently large”<br />
margin based on heat release rates (HRRs) typical of ignition sources (combustibles)<br />
at nuclear power plants. The results indicate that this comparative approach may be<br />
practical only for “low” HRRs (say on the order of 100 kW), for which there is relatively<br />
small uncertainty (narrow variability) in the HRR distribution. In general the efficacy of<br />
this comparative approach increases as the uncertainty in the HRR decreases <strong>and</strong> the<br />
magnitude of the “limiting” HRR relative to the “maximum expected” HRR increases.<br />
10:40 AM<br />
Failure Mode <strong>and</strong> Effect Analysis of Cable Failures in The<br />
Context of a Fire PSA<br />
Joachim Herb <strong>and</strong> Ewgenij Piljugin<br />
Gesellschaft für Anlagen- und Reaktorsicherheit (GRS) mbH, München, Germany<br />
A computer aided methodology based on the principles of FMEA (failure mode <strong>and</strong><br />
effect analysis) has been developed to systematically assess the effects of cable failures<br />
caused by fire in a nuclear power plant. It is intended to use this method as an<br />
integral part of Level 1 Fire PSA in Germany. The main purpose of the methodology<br />
<strong>and</strong> its supporting tools is to improve the comprehensibility <strong>and</strong> completeness of cable<br />
failure analysis within the context of Fire PSA. The main objective of the presented<br />
methodology is the st<strong>and</strong>ardization of the FMEA for similar components of affected<br />
electrical circuits. Cable FMEA (CaFEA) consists of two phases of analysis: In the first<br />
phase an analysis of generic cable failures of st<strong>and</strong>ardized electrical circuits of the<br />
nuclear power plant is performed. In the second phase for each cable those generic<br />
failure modes are identified which could affect safety relevant components. The specific<br />
effects identified in the second phase of the FMEA are mapped to basic events<br />
used as initiating events <strong>and</strong>/or component failures in the Fire PSA. The suitability<br />
of the presented methodology has been already successfully demonstrated by an<br />
exemplary application for the cables within a selected fire compartment of a nuclear<br />
power plant.<br />
Fire PSA Methods - 9<br />
11:05 AM<br />
Thermal Hydraulic Parametric Studies of Multiple Spurious<br />
Operations Using MAAP<br />
John R. Olvera<br />
EPM, Inc., Risk Solutions Division, Hudson, WI<br />
The potential for fire-induced multiple spurious operations (MSOs) of equipment is<br />
included as part of the Fire PRA analysis. MSOs could result in a number of adverse<br />
conditions including various loss of reactor coolant events, loss of reactor coolant system<br />
pressure control, <strong>and</strong> loss of decay heat sink. Although not all of these scenarios<br />
result in a risk significant outcome, it is instructive to determine the bounding limits<br />
of the reactor coolant system <strong>and</strong> associated emergency cooling systems in order to<br />
provide guidance for the fire PRA <strong>and</strong> human reliability analysts.<br />
The MAAP code is used to analyze various combinations of MSOs in order to provide<br />
bounding information on system capability <strong>and</strong> operator action timing. The MSOs that<br />
are studied that affect the primary system at a pressurized water reactor include the<br />
spurious opening of a pressurizer power operated relief valves, letdown valves, <strong>and</strong><br />
reactor vessel <strong>and</strong> pressurizer head vents. In combination with these types of MSOs,<br />
studies also include the impact of excessive reactor coolant pump seal leakage. Finally,<br />
the spurious operation of the primary system pressure control systems is also<br />
examined.<br />
These studies provide useful information regarding the feasibility of recovering from<br />
various MSO combinations, <strong>and</strong> the related timing to prevent escalation to more challenging<br />
transients up to <strong>and</strong> including core damage. The results demonstrate the degree<br />
of importance of potential MSO scenarios to the Fire PRA.<br />
11:30 AM<br />
Evaluation of Heat Release Rates of Vertical Electrical Cabinet<br />
Fires<br />
Pierre Macheret <strong>and</strong> Paul J. Amico<br />
Science Applications International Corporation, Las Vegas, NV<br />
Two models calculating the peak heat release rate (HRR) in vertical cabinet fires were<br />
developed, based on existing fire test data published in the literature. The first model<br />
establishes proportionality between the peak HRR <strong>and</strong> the energy released through<br />
combustion when there is no limitation on oxygen availability, <strong>and</strong> further relates this<br />
energy to the initial fuel loading of the cabinet. The effect of IEEE-383-type cable qualification<br />
on the HRR is taken into account. Dependencies between r<strong>and</strong>om parameters<br />
are captured via a hierarchical Bayes model, which is run using Markov Chain Monte<br />
Carlo sampling. The model is used to produce scoping HRR values, which are found<br />
to be compatible with predictions of an alternative model published in the literature.<br />
Taking the cabinet volume as a proxy for fuel loading, the model is used to produce<br />
HRR values based on overall cabinet dimensions. The second model modifies existing<br />
analytical formulations of the peak HRR under ventilation-restricted conditions, by<br />
probabilistically accounting for r<strong>and</strong>om variables such as variations in the vent area<br />
due to the formation of gaps from cabinet door warping by thermal stress. With this<br />
model, scoping HRR values are calculable based on simple cabinet geometry parameters<br />
including information on inlet <strong>and</strong> outlet vent areas. Limitations to the model<br />
validity are explored. The scoping HRR values of both models are viewed as refining<br />
those given in Table G-1 of NUREG/CR-6850-EPRI 1011989.
Session Chair: Glen Seeman<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Thursday March 17, 2011 - 10:15 AM - Salon B<br />
10:15 AM<br />
Examination Deterministic Analysis of Severe Accidents to<br />
Support Design Certification of the Nuscale PWR<br />
Jason Pottorf, Kent Welter, Wendell Wagner (a), Mark Leonard (b)<br />
a) NuScale Power, Inc., Corvallis, OR, b) dycoda, LLC, Los Lunas, NM<br />
The analysis of accidents that result in physical damage to the reactor core is an essential<br />
element of the design certification process for the NuScale PWR. The type <strong>and</strong><br />
frequency of such accidents is determined by Probabilistic Risk Assessment (PRA).<br />
The physical <strong>and</strong> temporal progression of damage to the reactor core, as well as the<br />
quantitative assessment of fission product release <strong>and</strong> transport away from fuel, is calculated<br />
in an integrated computational model developed with the MELCOR computer<br />
code. MELCOR provides a convenient framework for modeling the innovative design<br />
features of NuScale due to the modular “building block” architecture of the code. An<br />
overview of the NuScale MELCOR model is provided, which highlights the technical<br />
challenges <strong>and</strong> progress made to validate the important features of calculated results.<br />
Foremost among these features is retention <strong>and</strong> cooling of debris within the lower<br />
head of the reactor pressure vessel (RPV). The physical configuration of the steel<br />
containment pressure vessel, which is fully-submerged in a large reactor cooling pool,<br />
ensures an adequate source of water for RPV lower head heat transfer <strong>and</strong> passively<br />
cooled surfaces for condensation of resulting steam. Another unique <strong>and</strong> important<br />
feature of the NuScale design is enhanced in-vessel retention of fission products via<br />
efficient deposition on twin helical coil steam generators that are mounted within the<br />
RPV. The manner in which these design features are modeled is discussed, <strong>and</strong> their<br />
impact on radiological source terms is quantified.<br />
10:40 AM<br />
A Methodology for the Characterization of Severe Accident<br />
Consequences <strong>and</strong> the Results Presentation in Level 2 Probabilistic<br />
Safety Assessment<br />
N. Rahni, Y. Guigueno, E. Raimond, J. Denis, M. Baichi, T. Durin, B. Laurent<br />
Institut de Radioprotection et de Sûreté Nucléaire, Fontenay-aux-Roses - France<br />
To provide a better underst<strong>and</strong>ing of the results of its L2 PSA <strong>and</strong> to facilitate their<br />
adoption for decision making, IRSN has developed a methodology for the characterization<br />
of the severe accident risks identified in the L2 PSA. A dedicated very fast<br />
running code has been developed for the calculation of radioactive releases, while radiological<br />
consequences assuming st<strong>and</strong>ard meteorological conditions are estimated<br />
using software originally developed for crisis management. These tools are integrated<br />
within the L2 PSA APET (Accident Progression Event Tree) through the KANT probabilistic<br />
software. The global L2 PSAs results now offer many keys for the risk analysis<br />
<strong>and</strong> help IRSN to formalize positions in the field of severe accident NPP robustness.<br />
Level II/III PSA - 2<br />
11:05 AM<br />
Application of Regional Environmental Code HARP in the<br />
Field of Off-Site Consequence Assessment<br />
R. Hofman <strong>and</strong> P. Pecha<br />
Institute of Information Theory <strong>and</strong> Automation of the ASCR, Prague 8, Czech Republic<br />
The environmental code HARP (HAzardous Radioactivity Propagation) estimates consequences<br />
of accidental radioactivity releases from a nuclear facility <strong>and</strong> on basis of<br />
simulation of dispersion in atmosphere, deposition of radionuclides on the ground <strong>and</strong><br />
further propagation through the food chains towards human body. Classical Gaussian<br />
approach in the form of hybrid puff-plume segmented model SGPM is introduced<br />
for simulation of pollution dissemination in the atmosphere. The ingestion pathway is<br />
modeled dynamically. The system architecture consists of the inner kernel designated<br />
for deterministic calculations <strong>and</strong> outer probabilistic shell, which ensures application<br />
of probabilistic approach in the consequence assessment. Propagation of uncertainties<br />
through the model towards the output values of interest is realized through the<br />
multiple recalling procedure of the inner kernel, which is optimized for such intensive<br />
Monte Carlo (MC) computations. The HARP code is primarily designed for application<br />
of advanced statistical data assimilation techniques based on sequential MC methods<br />
(SMCM) allowing an improvement of model predictions using real measurements incoming<br />
from terrain. In this paper we shall demonstrate two additional specific applications<br />
of the HARP code based on the repeated sampling. Firstly, a partial PSA-Level3<br />
study of ecological risk assessment is accomplished taking into account variability of<br />
meteorological inputs represented by historical long sequences of archived values<br />
(for each hour in the years 2008 <strong>and</strong> 2009). Output radiological quantities are then<br />
processed statistically. Secondly, a long term release of radioactive material is simulated<br />
through the superposition of a large number of one-hour fractional release rates.<br />
The procedure is applied on annual radioactivity releases from a nuclear power plant<br />
(NPP) during its routine normal operation when each partial hourly release is driven by<br />
the real meteorology archived at that time.<br />
11:30 AM<br />
An Updated Economic Model for Level-3 PRA Consequence<br />
Analysis Using MACCS21<br />
Pierre Vanessa N. Vargas, Nathan E. Bixler, Alex<strong>and</strong>er V. Outkin, Verne W.<br />
Loose, Prabuddha Sanyal, <strong>and</strong> Shirley Starks<br />
S<strong>and</strong>ia National Laboratories, Albuquerque, NM<br />
This paper presents the preliminary findings for updating the estimation of economic<br />
consequences in MACCS2. The objective of this effort is to include a more representative<br />
set of costs in the MACCS2 economic model. The original model included the<br />
losses associated with evacuating <strong>and</strong> relocating the public, interdiction <strong>and</strong> decontamination,<br />
loss of use of property, loss of crops, <strong>and</strong>, potentially, permanent loss of<br />
property. The new economic model is intended to include those costs, but to extend<br />
them by capturing the effect of an accident on the gross domestic product (GDP) produced<br />
in the affected area to create a more comprehensive picture of the economic<br />
impacts. The team determined the GDP reductions by using the REAcct analysis tool<br />
developed at S<strong>and</strong>ia National Laboratories. This paper outlines the motivation for the<br />
proposed improvements; the economic methodology used, including a description of<br />
the REAcct tool; <strong>and</strong> an implementation outline.<br />
95
96<br />
Session Chair: Jonathan Li<br />
PSA 2011 - International Topical Meeting on Probabilistic Safety Assessment <strong>and</strong> Analysis<br />
Thursday March 17, 2011 - 10:15 AM - Carolina<br />
10:15 AM<br />
Outage PRA METHODOLOGY for Multi-Unit C<strong>and</strong>u Generating<br />
Stations<br />
Krist Papadopoulos, Ben Hryciw <strong>and</strong> Steve Kaasalainen (a), Ian Beith (b),<br />
Rob McLean (c)<br />
a) AMEC NSS Ltd., Toronto, Ontario, Canada, b) Ontario Power Generation, Pickering, Ontario, Canada,<br />
c) Bruce Power, Tiverton, Ontario, Canada<br />
A Level 1 Internal Events Outage Probabilistic Risk Assessment (PRA) methodology<br />
was developed by AMEC NSS Ltd. for multi-unit Canadian Deuterium Uranium<br />
(CANDU) nuclear generation stations. The methodology was developed in cooperation<br />
with utilities, Ontario Power Generation <strong>and</strong> Bruce Power, owners <strong>and</strong> operators<br />
of multi-unit CANDU stations in Ontario, Canada. The methodology provides a generic<br />
framework that examines the plant operating states (POSs) where one unit is shutdown<br />
<strong>and</strong> placed in a guaranteed shutdown state (GSS) for outage maintenance while<br />
at least one adjacent unit is operating. The POS, initiating event, event tree, fault tree,<br />
reliability data <strong>and</strong> human reliability analyses methodologies are defined with the aim<br />
of determining the risk of core damage resulting from internal events occurring at the<br />
outage unit while in GSS.<br />
The scope of the analysis is limited to internal events, e.g. process <strong>and</strong> human interaction<br />
related events, for the outage unit in GSS <strong>and</strong> the adjacent units. Events originating<br />
in the adjacent units can be analyzed for their impact on the risk of core damage<br />
for the outage unit in GSS. The methodology is applicable to different CANDU designs<br />
<strong>and</strong> outage configurations, allowing each station to develop a comprehensive <strong>and</strong><br />
detailed PRA for plant outage maintenance operation in GSS. This PRA can then be<br />
used to provide support for maintaining station Safety Goals, risk informed decision<br />
making <strong>and</strong> outage maintenance planning.<br />
This paper gives an overview of the methodology.<br />
10:40 AM<br />
Dominion Experience in Shutdown Risk Analysis<br />
Ross C. Anderson (a), Robert W. Fosdick (b)<br />
a) Virginia Commonwealth University, Richmond, VA, b) R&B Nuclear LLC, Maidens, VA<br />
Between 2004-2007, Dominion used a shutdown PRA model to support compliance<br />
with the requirements of 10 CFR 50.65(a)(4) at the Surry Power Station. Dominion did<br />
so in order to cultivate experience with shutdown PRA, <strong>and</strong> because the available,<br />
deterministic methods tended to be excessively conservative <strong>and</strong> limited in providing<br />
risk insights. At that time several risk profiles at the “sister” North Anna plant were also<br />
analyzed, with similar results.<br />
During this time, the Dominion staff observed that all refueling outages exhibited the<br />
same basic risk profile. There were only minor variations from one cycle to the next.<br />
A significant risk plateau occurred after the unit cooled below 200oF (Mode 5 in the<br />
Westinghouse St<strong>and</strong>ard Technical Specification convention), until the refueling cavity<br />
was flooded for fuel offload. Afterward, risk dropped to an almost negligibly low level<br />
until restart.<br />
Shutdown risk was dominated by diversion LOCA events <strong>and</strong>, to a lesser extent, loss<br />
of RHR. Potential human error was significant because of the unavailability of automatic<br />
safety injection (SI).<br />
Another major insight from the analysis is that the majority of excess risk is incurred<br />
during the time between SI deactivation <strong>and</strong> cavity flood-up. (After the cavity is flooded,<br />
the long time to boil-off reduces the Core Damage Frequency by about an order<br />
of magnitude.) Risk could be reduced by decreasing the time until cavity flood occurs.<br />
However, Technical Specifications require a minimum of four days for decay heat reduction<br />
before fuel may be moved. While TS compliance normally provides a measure<br />
of risk reduction, in this case, it added additional risk by delaying cavity flood.<br />
Previously, the site had used a deterministic method for shutdown risk assessment. In<br />
comparison, the deterministic method was extremely conservative, resulting in most of<br />
the outages being classified as “non-green” approximately three quarters of the time.<br />
As a result, the plant staff tended to be desensitized to “non-green” conditions during<br />
shutdown. Further, the assessment tended to mask the actual period of legitimately<br />
elevated risk. This “masking” can divert focus from the genuinely risk significant evolutions.<br />
It should also be noted that the NRC staff has reasonably commented, in informal discussions,<br />
that they would be less likely to challenge a probabilistic shutdown analysis<br />
than a deterministic one.<br />
Shutdown PSA - 2<br />
11:05 AM<br />
Transition Risk Model for PWR<br />
Zoulis, A<br />
U.S. Nuclear Regulatory Commission, Washington, DC<br />
Low-Power <strong>and</strong> shutdown risk analyses, in addition to the at-power risk models, of<br />
commercial pressurized light-water reactors (PWRs) in the United States have been<br />
performed in the past. However, the risk associated with the transition between lowpower<br />
<strong>and</strong> full power has been more challenging in terms of modeling <strong>and</strong> quantification.<br />
This paper documents the transitional risk model developed to quantify the risk<br />
associated with transitioning from lowpower to full-power operations of a 4-loop PWR<br />
commonly operated in the US as part of the US Nuclear Regulatory Commission’s<br />
(NRC) Significance Determination Process. Potential initiators for all modes were evaluated<br />
while the plant transitions between different operational states. Through this approach,<br />
each mode is divided into specific plant operating states to account for specific<br />
plant conditions, equipment availability, <strong>and</strong> plant response, which change as the transition<br />
between full-power, low-power, <strong>and</strong> shutdown configurations occur. The analysis<br />
was performed using the St<strong>and</strong>ardized Plant Analysis Risk (SPAR) Model used by the<br />
Nuclear Regulatory Commission (NRC), <strong>and</strong> developed <strong>and</strong> maintained by the Idaho<br />
National Laboratory (INL). The existing at-power SPAR model was modified to develop<br />
the transitional model used for this analysis. This paper presents the results observed<br />
as the core damage frequency changes as a function of the plant progression between<br />
the different operational modes from shutdown to fullpower conditions.
PSA 2011 Program/Proceedings CD-ROM<br />
About this CD-ROM<br />
The material in this CD-ROM was published using Adobe© technology.<br />
Included on the CD-ROM are versions of Acrobat Reader for Microsoft© Windows TM , Apple© Macintosh TM (Mac OS X), <strong>and</strong> Unix©<br />
Installation<br />
To view files on this CD-ROM you must have Adobe Reader installed on your hard drive. Installation instructions can be found in the<br />
README.TXT file.<br />
Getting Started<br />
Windows users: Software included in this CD-ROM should automatically launch the proceedings. You can always start viewing the<br />
content by opening the Start.pdf file provided Adobe Reader has been installed on your hard drive.<br />
MacOS X <strong>and</strong> Unix users: To start open the Start.pdf file.<br />
Copyright © 2011<br />
American Nuclear Society - ANS<br />
Program Book, CD-ROM, WebSite, <strong>Online</strong> Paper Submission <strong>and</strong> Review, <strong>and</strong> <strong>Online</strong> Registration are<br />
services/products of Techno-Info Comprehensive Solutions.<br />
http://techno-info.com
SUNDAY<br />
PSA 2011 Program<br />
Azalea Camellia/Dogwood Magnolia Salon A Salon B Carolina<br />
1:00 pm-‐ 5:00 pm WORKSHOP Dynamic PSA Tunc Aldemir DeRosset<br />
6:00-8:00 PM<br />
MONDAY<br />
7:00 – 8:00 AM Continental Breakfast - Gr<strong>and</strong> Concourse<br />
8:00-9:45 AM Plenary Session I<br />
Ed Halpin, CEO STPNOC<br />
9:45-10:00 AM Coffee Break<br />
10:00-11:45 Digital I&C in PSA - 1 Next Generation Rx PSA - 1 Other External Events Fire PSA Methods - 1 PSA Knowledge Management - 1 Human Reliability Analysis - 1<br />
Session Chair: Session Chair: Session Chair: Session Chair: Session Chair: Session Chair:<br />
Carol Smidts Donald Helton Michael Golay Eric Jorgensen Nathan Siu Dave Gertman<br />
11:45 - 1:30 PM Lunch Break<br />
1:30 - 3:15 PM Digital I&C in PSA - 2 Next Generation Rx PSA - 2 Configuration Risk Management -<br />
1:<br />
Seismic PSA - 1 Safety Culture Flooding PSA - 1<br />
Session Chair: Session Chair: Session Chair: Session Chair: Session Chair: Session Chair:<br />
Sergio Guarro Karl Fleming Gerry Kindred Andrea Maioli David Johnson Ray Dremel<br />
3:15 - 3:45 PM Coffee Break<br />
3:45 - 5:30 PM Passive Reliability - 1 Non-Reactor PSA - 1 Configuration Risk Management -<br />
2<br />
Seismic PSA - 2 PSA Knowledge Management - 2 Flooding PSA - 2<br />
Session Chair: Session Chair: Session Chair: Session Chair: Session Chair: Session Chair:<br />
Enrico Zio Jim Young Tom Morgan Robert Budnitz Mike Lloyd Richard Turcotte<br />
6:00 - 8:00 PM<br />
TUESDAY<br />
7:00 – 8:00 AM Continental Breakfast - Gr<strong>and</strong> Concourse<br />
8:00-9:00 AM Plenary Session II<br />
George Apostolakis - US NRC Commissioner<br />
9:00 - 9:50 AM Passive Reliability - 2 Non-Reactor PSA - 2 Configuration Risk Management -<br />
3<br />
Fire PSA Methods - 2 History of Nuclear PSA Human Reliability Analysis - 2<br />
Session Chair: Session Chair: Session Chair: Session Chair: Session Chairs: Session Chair:<br />
William Burchill Paul Amico Ross Anderson Raymond H Gallucci Earl <strong>Page</strong>, Ian Wall Parviz Moieni<br />
9:50-10:05 AM Coffee Break<br />
10:05-11:45 Dynamic PSA - 1 Next Generation Reactor PSA - 3 Generation Risk Assessment Fire PSA Methods - 3 PSA Knowledge Management - 3 Human Reliability Analysis - 3<br />
Session Chair: Session Chair: Session Chair: Session Chair: Session Chair: Session Chair:<br />
Bulent Alpay Matthew Warner James Liming Marina L Roewekamp Doug True Luca Podolfillini<br />
11:45 - 1:30 PM Lunch Break<br />
1:30 - 3:15 PM Dynamic PSA - 2 Next Generation Rx PSA - 4 Grid Reliability Fire PSA Methods - 4 Risk-Informed Safety Margins Human Reliability Analysis - 4<br />
Session Chair: Session Chair: Session Chair: Session Chair: Session Chair: Session Chair:<br />
Pierre-Etienne LABEAU Johnathan Li Shan Chien David N Miskiewicz Dominique Vasseur Gareth Parry<br />
3:15 - 3:45 PM Coffee Break<br />
3:45 - 5:30 PM Dynamic PSA - 3 Risk-Informed Decision Making - 1 Fire PSA Methods - 5 Seismic PSA - 3 PSA St<strong>and</strong>ards - 1 Fault Tree Initiating Events<br />
6:30 - 9:00 PM<br />
WEDNESDAY<br />
Session Chair: Session Chair: Session Chair: Session Chair: Session Chair: Session Chair:<br />
Tunc Aldemir Stanley Levinson Robert Ladd Kohei Hisamochi Barry Sloane Mike Lloyd<br />
Azalea Camellia/Dogwood Magnolia Salon A Salon B Carolina<br />
7:00 – 8:00 AM Continental Breakfast - Gr<strong>and</strong> Concourse<br />
8:00-9:00 AM Plenary Session III<br />
John Kelly, DOE Deputy Assistant Secretary for Nuclear Energy<br />
9:00 - 9:50 AM Dynamic PSA - 4 Risk-Informed Decision Making - 2 Proliferation Risk - 1 Fire PSA Methods - 6 Significance Determination Process Shutdown PSA - 1<br />
Session Chair: Session Chair: Session Chair: Session Chair: Session Chair: Session Chair:<br />
Martina Kloos Dana Kelly Bill Burchill Pedro Fern<strong>and</strong>ez Greg Krueger Robert Budnitz<br />
9:50-10:05 AM Coffee Break<br />
10:05-11:45 Advanced PSA Methods Risk-Informed Technical<br />
Space/Aircraft PSA Seismic PSA - 4 PSA St<strong>and</strong>ards - 2 Panel - Joint EPRI/NRC-RES Fire<br />
Specifications<br />
HRA Guidelines<br />
Session Chair: Session Chair: Session Chair: Session Chair: Session Chair: Session Chair:<br />
Jeff Riley Mike Snoderly Steve Farminham Andrea Maioli Jim Chapman Susan Cooper<br />
11:45 - 1:30 PM Student Awards Luncheon - Cape Fear Ballroom<br />
1:30 - 3:15 PM Common Cause - 1 Risk-Informed Decision Making - 3 Panel: Next Generation Rx Risk Fire PSA Methods - 7 Panel: PRA St<strong>and</strong>ards<br />
Uncertainty Analysis & Methods - 1<br />
Metrics<br />
Development, International<br />
Considerations<br />
Session Chair: Session Chair: Session Chair: Session Chair: Session Chair: Session Chair:<br />
Gareth Parry Marty Sattison Mohammad Modarres Richard M Wachowiak Rick Grantom M.Pourgol-Mohammad<br />
3:15 - 3:45 PM Coffee Break<br />
3:45 - 5:30 PM Common Cause - 2 Risk-Informed Decision Making - 4 Proliferation Risk - 2 Panel: Fire PSA Improvements Computer Methods - 1 Uncertainty Analysis & Methods - 2<br />
THURSDAY<br />
Session Chair: Session Chair: Session Chair: Session Chair: Session Chair: Session Chair:<br />
Jeanne-Marie Lanore Bob Lutz William Burchill Doug True Louis Chu Goran Hultqvist<br />
7:00 – 8:00 AM Continental Breakfast - Gr<strong>and</strong> Concourse<br />
8:00-9:00 AM Plenary Session IV<br />
Speakers: Robert Budnitz <strong>and</strong> Cheri Collins<br />
9:00 - 10:00 AM Computer Methods - 2 Aging in PSA - 1 Software Reliability Fire PSA Methods - 8 Level II/III PSA - 1 Uncertainty Analysis & Methods - 3<br />
Session Chair: Session Chair: Session Chair: Session Chair: Session Chair: Session Chair:<br />
Kyle Metzroth Karl Fleming Mike Yau Br<strong>and</strong>i T Weaver Paul Boneham Gabriel Georgescu<br />
10:00 - 10:15 AM Coffee Break<br />
10:15-12:00 PSA Data Analysis Aging in PSA - 2 Risk Monitors Fire PSA Methods - 9 Level II/III PSA - 2 Shutdown PSA - 2<br />
1:00 PM<br />
Session Chair: Session Chair: Session Chair: Session Chair: Session Chair: Session Chair:<br />
Dana Kelly Hitoshi MUTA Tom Morgan Dennis Henneke Glen Seeman Jonathan Li<br />
1:00 pm - 5:00 pm WORKSHOP Risk Phenomenology, TMI & Accident Management Insights Robert Henry Dudley<br />
1:00 pm - 5:00 pm WORKSHOP Level 3 Consequence Evaluations - MACCS2 Nathan Bixler DeRosset<br />
FRIDAY<br />
Registration Starting at 2:00 next to the Gr<strong>and</strong> Ballroom<br />
Welcome Reception 6:00-8:00 - Gr<strong>and</strong> Ballroom<br />
Registration Starting at 7:00 next to the Gr<strong>and</strong> Ballroom<br />
NETWORKING RECEPTION - Gr<strong>and</strong> Concourse<br />
Registration Starting at 7:00 next to the Gr<strong>and</strong> Ballroom<br />
Banquet - Speaker Kevin Walsh<br />
Registration Starting at 7:00 next to the Gr<strong>and</strong> Ballroom<br />
Registration Starting at 7:00 next to the Gr<strong>and</strong> Ballroom<br />
Global Nuclear Fuels Tour<br />
Gr<strong>and</strong> Ballroom Cape Fear Ballroom<br />
Gr<strong>and</strong> Ballroom Cape Fear Ballroom<br />
8:00 am - 12:00 pmWORKSHOP Level 3 Consequence Evaluations - MACCS2 Nathan Bixler DeRosset