PROBABILISTIC SAFETY ANALYSIS (PSA) Presented by: Jasbir Sidhu (Managing Director, CRA) James Cooke (Junior Consultant, CRA) 21 st November 2014
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
PROBABILISTIC SAFETY ANALYSIS (PSA) Presented by: Jasbir Sidhu (Managing Director, CRA) James Cooke (Junior Consultant, CRA) 21st November 2014
Introduction - Presentation Aim
Why do we do PSA?
2
Introduction - Presentation Aims
To provide an overview of:
• What a Probabilistic Safety Analysis (PSA) is;
• The main elements of a PSA;
• The basic concepts of fault tree and event tree modelling;
• PSA input data;
• PSA analyses and results;
• What some of the benefits and limitations of a PSA are;
• How PSA can be used to support station activities and risk inform safety case development.
3
Introduction Advanced Gas-cooled Reactor (AGR) Basics
Essential Safety Functions following a fault:
• Reactor Trip
• Reactor Shutdown
• Post-trip cooling to remove decay heat
4
Introduction - Reactor Trip & Shutdown
• When a fault is detected a reactor trip is initiated, either automatically via protection systems or manually by the operators in the control room. The reactor ‘trip’ sends signals to initiate the reactor shutdown systems (boron steel rods or boric acid injection into the primary circuit).
• When a Nuclear reactor is shutdown the thermal power and therefore heat generated by the fission reaction immediately reduces to approximately 6% of that prior to the shutdown.
5
Introduction - Post Trip Cooling
• Even once the reactor has been successfully tripped and shutdown, significant heat continues to be produced due to beta decay of fission products.
• At approximately 6% immediately post trip, this decay heat could be as much as several hundred MW which is sufficient to melt the fuel cladding and cause an overpressure transient large enough to challenge the reactor pressure boundary and lead to an off site radiological release.
• Heat must therefore continue to be removed for many hours post trip to prevent fuel damage.
• This process is known as post trip cooling.
6
Deterministic and Probabilistic Approaches to Safety Key terminology used to ensure high reliability of safety functions
• Redundancy
Providing more identical ‘trains’ or plant items, each of which can perform the safety function.
• Diversity
Providing different types of systems or components to improve the reliability of a safety function.
• Separation
Physically separating systems or components to reduce vulnerability to single events. Most importantly, flood and fire barriers of individual redundant or diverse trains.
7
Deterministic and Probabilistic Approaches to Safety Deterministic approach
• Safety achieved by meeting some “black and white criteria”
e.g. 2 lines of cooling protection required
- forced gas circulation & natural circulation
• If you meet the criteria you are “safe”
Reality is there is no such thing as safe and unsafe, but rather a degree of risk – either acceptable or unacceptable.
8
Deterministic and Probabilistic Approaches to Safety Deterministic NSP 2.3: Single Line of Protection for Infrequent Fault
9
Deterministic and Probabilistic Approaches to Safety Deterministic NSP 2.3: Two Lines of Protection for a Frequent Fault
10
Fault Tree & Event Tree Modelling Basic Concepts
The Seven Main Elements of a PSA
1. Initiating Event (IE) Analysis
2. Accident Sequence Analysis – using Event Trees
3. Systems Analysis – using Fault Trees
4. Human Reliability Analysis (HRA)
5. Success Criteria
6. Data Analysis
7. Quantification
11
Fault Tree & Event Tree Modelling Basic Concepts
Systems Analysis using Fault Trees
1. Identify a system you wish to analyse. E.g. Emergency Feed System
2. Review system description and schematics/drawings to:
■ Identify what the objective / safety function of the system is E.g. Deliver emergency feed to the boilers
■ Identify system level success criteria E.g. How many pumps/trains required to achieve boiler feed requirement
■ Identify normal state of ‘active’ plant and components E.g. Valve/switch positions, pump status – s/by or running etc)
■ Perform Failure Modes and Effects Analysis (FMEA) I.e. Identify all applicable component failures, operator failures, timescales to commission, common cause failures etc.
12
Fault Tree & Event Tree Modelling Basic Concepts
Use of logic gates - AND and OR
• Which gate would you use to represent:
A. A four train system where only a single train is required to function (i.e. ALL 4 pumps need to fail to produce a system failure)?
B. A two pump system where both pumps are required for sufficient flow (i.e. AT LEAST ONE pump is required to fail to produce a system failure)?
13
A B
Fault Tree & Event Tree Modelling Basic Concepts
An example Fault Tree
14
Fault Tree & Event Tree Modelling Basic Concepts Minimal Cutsets (MCS) and calculating system failure probability from the Fault Tree
MCS#1 (single order) {Emergency Feed system fails due to CCF} 0.1 MCS#2 (single order) {Valve 1 fails to open} 0.05 MCS#3 (single order) {Valve 2 spuriously closes} 0.01 MCS#4 (2nd order) {Pump A Fails} AND {Pump B Fails} 0.1 x 0.1 = 0.01 MCS#5 (2nd order) {Pump A Fails} AND {NRV B Fails to open} 0.1 x 0.001 = 0.0001 MCS#6 (2nd order) {NRV A Fails to open} AND {Pump B Fails} 0.001 x 0.1 = 0.0001 MCS#7 (2nd order) {NRV A Fails to open} AND {NRV B Fails to open} 0.001 x 0.001 = 0.000001 TOTAL FAILURE PROBABILITY OF THE ABOVE MCS = 0.1702
•The above single and combinations of failures are known as minimal cutsets (MCS) and are listed in descending MCS failure probability. •When the failure probabilities of each of the MCS are added together, we obtain the System Failure Probability.
•This is a very simple example - specialist software is used in practice!
15
Fault Tree & Event Tree Modelling Basic Concepts
Accident Sequence Analysis using Event Trees
• Accident sequence analysis is used to model the development and mitigation of faults or hazards, including the systems claimed to mitigate their effects.
• Ensures significant operator actions, mitigation systems and phenomena which affect accident sequences are identified.
• Examples include: ■ All control rods enter core following reactor trip ■ Automatic/Operator initiation of Emergency Boiler Feed within
3 hours ■ Operator reduces Emergency Boiler Feed flow rate within an
hour to conserve reserve feed water stocks. • Represented using Event Trees in the PSA model
16
Fault Tree & Event Tree Modelling Basic Concepts
Event Tree Sequence Frequency Calculation
17
Fault Tree & Event Tree Modelling Basic Concepts Event Tree in RiskSpectrum Software
18
PSA Input Data
The 4 Main Types of PSA Input Data
• Component Failure Data
Failure of plant items and components.
• Initiating Event Frequency (IEF)
Frequency of a fault or hazard that may cause reactor trip and requires safety systems to remove decay heat.
• Common Cause Failure (CCF)
Failure of multiple structures, systems or components due to a single specific event or cause.
• Human Error Probability (HEP)
Failure of an operator to carry out a claimed action.
• The use of good quality data is vital for a robust PSA
19
PSA Input Data
Data Terminology
Data input into a PSA is applied to Basic Events (BEs) using a variety of ‘parameters’ depending on application.
• Initiating Event Frequency:
Assigned to Initiating Events. Typically a value per year
• Failure Probability:
Assigned to standby components. Used to represent probability of failure on demand (PfD), e.g. standby pump fails to start.
• Failure Rate:
Number of Failures/Time. Assigned to components to generate a failure probability. Typically a value per hour.
20
PSA Input Data
Calculating an Initiating Event Frequency (IEF)
• Calculate IEFs for each fault, using judgement where no data exist or op ex failures may be discounted.
• IEF = no. of recorded events (faults)/no. of years of operation
Example: Spurious Reactor Trip fault
The NUPER database for a station records 175 failures of this type. The exposure period is calculated as 2 (reactors) x 31.75 (years of operation) = 63.5 reactor years
Therefore, the operating experience is presented as 175 failures in 63.5 reactor years.
175 failures/63.5 reactor years = IEF of 2.76 (2.76E+00) pry
21
PSA Input Data
Common Cause Failure (CCF)
• Nuclear power stations employ many safety systems with high levels of redundancy to increase system reliability.
• However, multiple redundant plant items, trains or systems may all simultaneously fail due to a common cause.
• Need to limit reliability of multiple redundant systems to account for failures due to common cause.
• Common Cause Failure (CCF) Probabilities included in system fault trees.
22
PSA Input Data
Common Cause Failure (CCF)
23
1E-02 x 1E-02 x 1E-02 = 1E-06/dem
CCF Example: • In an emergency feed system, 3 pumps are provided. • A single pump is required to start for successful cooling. • Probability of failure to start:
• However all three pumps could fail due to a common cause. • 1E-06/demand may be optimistic. • If a fourth pump were added, then 1E-08/demand is definitely optimistic!
PSA Input Data
Common Cause Failure (CCF)
24
• To overcome this, a basic event representing failure of all three pumps due to CCF is included in the fault tree model.
• This logic reflects that either: All 3 pumps fail to start independently or
All three pumps fail due to a common cause
• This limits the overall reliability of the system to the CCF failure probability.
PSA Input Data
Causes of CCF
What are some of the ways multiple plant items can fail due to CCF?
■ Hazards – Fires, Seismic, Flooding or dropped load in the turbine hall etc.
■ Poor maintenance – operator error, valves left in the wrong position, wrong lube oil used etc.
■ External factors e.g. contaminated tanker of diesel fuel
■ Loss of supporting plant/systems – loss of power or control supplies, loss of cooling water etc.
■ Manufacturing or design defects.
■ Mechanical failures of common/support structures
25
PSA Input Data
Human Error Probability
• Human Reliability Analysis (HRA) is a process used to calculate Human Error Probabilities (HEPs) for operator actions identified as significant to nuclear risk
• Different types of operator action basic events are considered in the PSA:
Pre-trip (latent errors)
Trip
Post-trip
Recovery
26
PSA Input Data
Input required for HEP assessment
• Human Reliability Analysis (HRA) is informed by the Human Factors Assessment (HFA), which includes:
Review of available operating procedures
Plant walk downs
Speaking to station operators and staff
Task analysis
Fault simulation
• HRA is performed using different methods including:
Nuclear Action Reliability Assessment (NARA)
Human Error And Reduction Technique (HEART)
Technique for Human Error Rate Prediction (THERP)
27
PSA Analysis and Results
The Different Types of PSA Analyses
Once the PSA has been constructed, many different analyses are possible:
• Fault tree analysis for calculating overall system failure probability;
• Event tree sequence analysis for calculating frequency of each event tree sequence;
• Consequence analysis for calculating the overall frequency of a consequence assigned to several event tree sequences (usually a dose band release or core damage);
• Additional sensitivity studies.
28
PSA Analysis and Results
Consequence Analysis
The PSA software identifies all event tree sequences assigned a given consequence and
performs further analysis to obtain a consequence frequency.
Very powerful and used extensively worldwide
29
PSA Analysis and Results
Types of PSA Results Output
• Several different forms of results output generated from the analyses, including:
Values (e.g. system failure probabilities, consequence frequencies);
Minimal Cut Sets (MCS, i.e. Initiating Event + basic event combinations which lead to a consequence);
Importance and sensitivity listings (e.g. effect on consequence frequency of a factor 10 increase in a component’s failure probability).
• Further processing of results to produce:
Results tables and graphs;
ALARP staircase.
30
PSA Analysis and Results
ALARP staircase
31
• ALARP – As Low As Reasonably Practicable
• Regulatory requirement
• Dose Bands
• Frequency of each dose band consequence
Benefits and Limitations of a PSA
Benefits of PSA
• Quantitative / numerical indication of risk
• Allows identification of important faults, components, systems and operator actions
• Identified shortfalls in deterministic safety case
• Can be used to inform safety cases and justify continued operation
• Can be used to support ALARP arguments
• Can be used to support station activities
32
Benefits and Limitations of a PSA
Limitations of PSA
• Labour intensive/costly
• Requires specialist skills/Suitably Qualified and Experienced People (SQEPs)
• The PSA does not model everything
• The PSA can be conservative
• Uncertainty in models and results
• Easy for people unfamiliar with PSA to make mistakes
33
Uses of a PSA Model
Using the PSA to support station activities
• Planning maintenance;
• Highlighting the requirement for or informing plant modifications to reduce risk in specific plant, systems or activities;
• Grading importance of safety systems, components, operator actions and testing/inspection;
• Work optimisation to minimise integral risk and flatten risk profile;
• Operator training optimisation;
• Updating and refining procedures and operating instructions;
• Risk Informing Tech Spec limits;
• Improving and helping to visualise a Risk Culture at Stations;
• Providing input into development of a risk monitor at Stations;
34
Uses of a PSA Model
Risk Monitors
• The PSA model provides an input into risk monitors at NPPs
• What is a Risk Monitor? On-line ‘real time’ calculation of risk in the NPP control room
Risk Profile for consequences and plant status – Red, Amber, Green
User friendly interface
Used to plan on-line maintenance
Used at the majority of NPPs
35
36
What have you learnt about PSA today?
Related Documents
![PSA [Conclusion]](https://static.cupdf.com/doc/110x72/554fb5f0b4c9057b298b53ec/psa-conclusion.jpg)
