Risk Assessment and Probabilistic Risk Assessment (PRA) Mario. H. Fontana PhD.,PE Research Professor Arthur E. Ruggles PhD Professor The University of Tennessee 1
Dec 26, 2015
Risk Assessment and Probabilistic Risk Assessment
(PRA)
Mario. H. Fontana PhD.,PE
Research Professor
Arthur E. Ruggles PhD
Professor
The University of Tennessee
1
Definition of Risk
• Risk = Probability of occurrence x consequences. We will focus on Core Damage, or Large Early Release as consequences.
• PRA models are normally consequence specific.
2
Total Risk = Σpici
Total risk would include releases, core damage, and others.
3
Probability
• Probability is a way to predict stochastic events
• Common events: probability fairly well known. (e.g., MOCV failure rate, lots of data)
• Rare events: Less well known. Much less data.
• New Systems and Components: No data…
4
Consequences
• Conseqences from nuclear reactor accidents could be – damage to plant– Impact to environment– Loss of land use– Cost of evacuations, sheltering, etc– Health (morbidity) effects– Life threatening effects
5
Fault Trees
• Fault trees are used to determine the probability of a “top event” (e.g., core damage).
• Top event defines the failure or success of a system or component
• Fault tees use a structure of logical operations to calculate the probability of the top event as a result of “basic events” inputs
6
Fault Trees (2)
• The undesired event is stated at the top of the tree
• The fault tree gates specify logical combinations of basic events that lead to the top event
• Fault trees can be used to identify system weaknesses
7
Fault Trees (3)
• Fault trees can help recognize interrelationships between fault events
• Fault trees consist of logic gates and basic events as inputs to the logic gates
• Logic Gates: Boolean operations (union or intersection) of the input events
• Basic Events: Faults such as a hardware failure, human error, or adverse condition
8
AND Gate• Event 6 and event 7 must occur to “pass” the
gate. P(Q) =P(A)*P(B)
9
Amplifier Failure Mode Probabilities, NUREG 0492
10
Probabilities add for the OR gate, since either input, or both, willpass failure through. P(Q)=P(A)+P(B)
11
Basic event
• Basic events provide input to the fault tree, such as failure of a component or system, expressed as a probability. The circle indicates that no further development is necssary
1.000E-2
EVENT-1
1.000E-2
EVENT-2
Basic event2
Basic event1
BASIC-EVENT - Basic event 2007/09/18 Page 5
12
Additional Gates (SAPHIRE)
2 3GATE-7-0
EVENT-7-1
--E--
EVENT-7-1
8
TRANS-7-2
--E--
EVENT-7-3
--E--
EVENT-7-4
N/M Gate (2 out of 3) INHIBIT Gate TRANSFER Gate HOUSE Event UNDEVELOPED Event
ADDITIONAL GATES
ADDNL-GATES-&-SYMBOLS - Additional gates & symbols 2007/09/19 Page 7
13
Steps to building a fault tree
• Identify a top event as a failure to perform a function (system, component, or human failure, for example)
• Identify events that could contribute to failure of the top event (usually logic gates)
• Identify further “lower level” events that could contribute to the intermediate event
14
Steps to building a fault tree (2)
• Continue until reach basic events, which comprise inputs (such as component failures) to the tree
• Saphire then will perform the calculations
15
Outputs from Saphire calculations
• Calculate failure probability of top event• Calculate failure probability of intermediate
events• Identify cut sets
– Cut set is a sequence of events that proceed from the basic event to the top event in an unbroken sequence
– Minimal cut sets are cut sets that contain minimal number of events that are not contained in other cut sets.
16
Outputs from Saphire calculation (2)
• Provide importance factors that indicate relative importance of Basic events
• e.g, RIR, Risk increase ratio: Ratio of top event failure probability with a given Basic event failure probability set to 1 (“guaranteed failure”) and the rest remaining at their baseline value.
• There are several other measures that will be discussed later(See Saphire)
17
Outputs from Saphire calculation (3)
• Calculate uncertainty of top event failure probability given uncertainty distributions of the basic events.
• Usually calculations are done with point probability values (no distribution) but others can be done with different inputs– Normal, log normal, uniform, histogram, many
others
18
Cut Sets
• A cut set is the path by which one or more basic events lead to the top event.
• For example, – a one element cut set identifies where failure of one
basic event causes failure of the top event– a two element cut set shows how failure of two basic
events cause failure of the top event
• Obviously, one element cut sets should be avoided. (Like one bolt holding on a wing of an airplane – one failure causes one disaster.)
19
Cut sets (2)
• Minimal cut sets are the smallest set of events that can cause failure of the top event. Cut sets that contain events already contained in a smaller set are discarded. What’s left are minimal cut sets.
20
Larger Model
CLASS-DEMO
GATE-F.1
1.000E-2
EVENT-F.4
1.000E-2
EVENT-F.7 GATE-F.2
1.000E-2
EVENT-IG.1 GATE-F.3
1.000E-2
EVENT-F.5
1.000E-2
EVENT-F.6
GATE-IG-1
1.000E-2
EVENT-IG.1
1.000E-2
EVENT-IG.22 4
GATE-1G.2
1.000E-2
EVENT-IG-5
1.000E-2
EVENT-IG.3
1.000E-2
EVENT-IG.4
1.000E-2
EVENT-IG.6
GATE-S.1
1.000E-2
EVENT-IG.1
1.000E-2
EVENT-S.1
Starter inoperable
Fuel injectorsfouled
Spark plugswires or plugs
failed
Fuel injectionfailure
Fuel supplyfails
Ignition fails
Engine failsto start
Starter failsNo gas in tank
Gasoline filterfailed
Gasoline notfree of gunk
Spark plug wireno 4 fails
Spark plug wireno 3 fails
Spark plug wireno 2 fails
Internal fuelpump damage
Spark plug wire1 fails
Distributorsystem fails
Battery fails
Battery fails Battery fails
CLASS-DEMO - Demonstration for class 2007/09/24 Page 1
21
Cut sets
CLASS-DEMO
GATE-F.1
1.000E-2
EVENT-F.4
1.000E-2
EVENT-F.7 GATE-F.2
1.000E-2
EVENT-IG.1 GATE-F.3
1.000E-2
EVENT-F.5
1.000E-2
EVENT-F.6
GATE-IG-1
1.000E-2
EVENT-IG.1
1.000E-2
EVENT-IG.22 4
GATE-1G.2
1.000E-2
EVENT-IG-5
1.000E-2
EVENT-IG.3
1.000E-2
EVENT-IG.4
1.000E-2
EVENT-IG.6
GATE-S.1
1.000E-2
EVENT-IG.1
1.000E-2
EVENT-S.1
Starter inoperable
Fuel injectorsfouled
Spark plugswires or plugs
failed
Fuel injectionfailure
Fuel supplyfails
Ignition fails
Engine failsto start
Starter failsNo gas in tank
Gasoline filterfailed
Gasoline notfree of gunk
Spark plug wireno 4 fails
Spark plug wireno 3 fails
Spark plug wireno 2 fails
Internal fuelpump damage
Spark plug wire1 fails
Distributorsystem fails
Battery fails
Battery fails Battery fails
CLASS-DEMO - Demonstration for class 2007/09/24 Page 1
22
EVENT TREES
• Event trees start with an initiating event, branch to the right as various safety functions are questioned for success (up) or failure (down) (ref Saphire manual)
• Event trees– Identify accident sequences– Identify safety system functions– Quantify sequence frequencies
23
EVENT TREE DEVELOPMENT
Plant familiarization
Define safety functions and success criteria
Select initiating events
Determine plant response
Define accident sequences & plant damage states
Identify system failure criteria
Develop fault trees & link to event tree
24
EVENT TREE TERMINOLOGY
• Initiating event• Top event – Safety systems intented to respond
to the initiating event• Branching – Underneath a top event – Up=
success, Down= failure• Pass – No branch beneath a top event• Sequence – Branching path, initiating event to
end state• End states – consequences and probabilities
25
Event tree- Reactor Loss of Offsite Power
CCS
Containment system
ECCS
Emergency corecooling system
LOSP
Loss of offsitepower initiating
# END-STATE-NAMES
1 OK-NO-RELEASE
2 SOME-LATE-RELEASE
3 MEDIUM-LATE-RELEASE
4 LARGE-EARLY-RELEASE
EVENT TREE LOSP - 2007/10/07 Page 2
26
Emergency Core Cooling System Fault Tree (ECCS)
ECCS
1.000E-2
EVENT-ECCS-1
1.000E-2
EVENT-ECCS-2
1.000E-2
EVENT-ECCS-3
Emergency corecooling system
Loss of watersource
Loss of dieselpower
Loss of heatsink
ECCS - Emergency core cooling system 2007/10/09 Page 127
Summary
• Risk assessment is a powerful tool for– Forcing disciplined approach to analysis of safety
issues– Forcing understanding of the system being evaluated– Providing methods for estimating modes of failures– Providing methods for estimating probabilities of
failures – Identifying areas where more information is needed– Identifying acceptability and/or areas needing
improvement
28