SCAIS_TSD_2

Calle Tarrragona 30, Madrid Indizen Technologies

SCAIS-TSDSystem of Codes for an

Integrated Safety Assessment.Theory of Stimulated Dynamics

Iván FernándezIndizen Technologies S.L.

Javier Hortal Consejo de Seguridad Nuclear Justo Dorado 11, Madrid

Consejo de Seguridad Nuclear

2Indizen Technologies ®

Index.

1. ISA Methodology

1.History

2.Features

2. SCAIS

1.Overview

2.Path Analysis

3.Risk Assessment

3. TSD (Javier Hortal Presentation)

4. Conclusions


ISA. History.

The Spanish Nuclear Safety Council (CSN) started in 1974 a painful work of fast assimilation of transient and accident analysis methodologies for Nuclear Power Plants.

✔ Methods used by the nuclear industry to ensure safety of the Spanish nuclear plants that were under licensing at that time.

✔ Understand the overall approach through the available information.

✔ New frame that summarised CSN experience in licensing of transient analysis, Start-up Testing, Nuclear Operations as well as licensing of the operating crews.

✔ Methodologies were generated and software packages implementing the conceptual framework and provided great help to CSN licensing work.


✔ Specific approach for PSA implementation.

✔ Adapted to present engineering practices.

✔ Consistent theoretical inclusion of FT to APS.

✔ Study of probabilities at transient level.

ISA. Features


ISA. PSA comparative.

✔ Header Branches and Probability: ➔ In PSA event trees, header actuation is decided on the basis of generic

analyses and experts criteria.

➔ In ISA methodology, simulations result to Dynamic Event Trees (DET). Headers contain a system configuration probability that could depend on process variables.


ISA. PSA comparative.

✔ Stochastic Actions: ➔ In PSA an action is failed if it is not performed within a pre-specified time

interval (available time). ie. Human actions➔ In ISA methodology, delayed actions are allowed (uncertain times).

✔ End State:➔ PSA end state has two possible values: success or fail.➔ ISA end state sequence, is a random variable where each final state (damage

or success) has an associated probability.


ISA. Scheme.

A U T O M A T I C G E N E R A T I O N

O F P A T H S / S E Q U E N C E S

R I S K A S S E S S M E N T :

E X C E E D A N C EF R E Q U E N C Y

A N D I T S F A C T O R S

I N P U T D A T A R E S U L T S

F T / E T / A P E T :

S D T P D I N F O

C L A S S I C A LF R E Q U E N C Y

E S T I M A T E

P A T H A N A L Y S I S :

S U C C E S S C R I T E R I AT E C S P E C S

S O J O U R N T I M E A N A L Y S I SP L A N T D A M A G E S T A T E S


E T / F T F R E Q U E N C Y /

D E M A N D

D E M A N DP R O B A B I L I T Y

F R E Q U E N C Y W E I G H T E D

F R A C T I O N O FD A M A G E

P A T H S

S T I M U L IA C T I V A T I O N

F R E Q U E N C Y

S T I M U L IS T O C H A S T I C

D A T A

P S A F T / E T D A T A

I N I T I A T O RD A T A

P L A N T D Y N A M I C M O D E L

S I M U L A T O R D A T A

P L A N T P R O C E D U R E S








F T / E T / A P E T :

S D T P D I N F O


E S T I M A T E







D E M A N D


D E M A N D





P A T H S



P A T H S


F R E Q U E N C Y


F R E Q U E N C Y


D A T A








ISA. Scheme.







F T / E T / A P E T :

S D T P D I N F O


E S T I M A T E






D E M A N D




P A T H S


F R E Q U E N C Y


D A T A













F T / E T / A P E T :

S D T P D I N F O


E S T I M A T E







D E M A N D


D E M A N D





P A T H S



P A T H S


F R E Q U E N C Y


F R E Q U E N C Y


D A T A








ISA. Scheme.







F T / E T / A P E T :

S D T P D I N F O


E S T I M A T E






D E M A N D




P A T H S


F R E Q U E N C Y


D A T A













F T / E T / A P E T :

S D T P D I N F O


E S T I M A T E







D E M A N D


D E M A N D





P A T H S



P A T H S


F R E Q U E N C Y


F R E Q U E N C Y


D A T A








ISA. Scheme.







F T / E T / A P E T :

S D T P D I N F O


E S T I M A T E






D E M A N D




P A T H S


F R E Q U E N C Y


D A T A













F T / E T / A P E T :

S D T P D I N F O


E S T I M A T E







D E M A N D


D E M A N D





P A T H S



P A T H S


F R E Q U E N C Y


F R E Q U E N C Y


D A T A








SCAIS

TRACE

MAAP

RELAP5

Dendros

PVM

Babieca

SIMPROC

Path Analysis and Risk Assessment

SCAIS. Overview.


SCAIS. The Platform


SCAIS. Babieca Motivation.

Probabilistic Safety Assessment (PSA) is a widespread technique used during design and operating stages of a Nuclear Plant.

✔ Acquiring an in-depth understanding of the facility and collecting a large volume of related information.

✔ Identifying initiating events and states of plant damage.

✔ Modeling the main plant systems using event and fault trees.

✔ Relationships between events and human actions.

✔ Specific plant systems and components DB.

The results of these analysis can therefore identify not only the weaknesses but also the strengths regarding to the plant safety.


Event scheduler (DENDROS), drives the dynamic simulation of the different sequences in the generation of the Dynamic Event Tree.

✔ Stimulus. A stimulus is generated when the simulation of a sequence crosses a

defined condition (activation event). It has to be previously defined in the Event Tree as a header, and it is the cause of the creation of branching points.

✔ Branch Opening.

When a dynamic simulation finds events, it generates nodes with associated restarts that stand as points in the sequence that may lead to the opening of a new branch. The nodes have associated two probabilistic parameters that are the probability for branch opening and the temporal delays.

SCAIS. Dendros


Any code allowing time step concept can be adapted to SCAIS general calculus flow.

SCAIS. Code Coupling


Stochastic Stimulus are managed almost naturally during the dynamic simulation by SCAIS.

Current developments are focused in;

✔ Distinct techniques to minimize the number of simulations finding the damage domain.✔ System configurations without success criteria.

SCAIS. Path Analysis and Sequence Generation


✔ Uncertain Parameters. A new SCAIS module is currently under development using DAKOTA tool as an input generator.

✔ Sensitivity Studies. DAKOTA is also being studied to perform the output studies, but also in house developments will be carried out.

SCAIS. Path Analysis and Sequence Generation


✔ The Risk Assessment module calculates frequency density of each path following the Theory of Stimulated Dynamics (TSD).

✔ Future developments will integrate every damage path of a sequence to find the damage exceedance frequency of a sequence.

SCAIS. Risk Assessment

`pk TSD Background

• Last year, an overview of TSD was presented at the 1st. IDPSAworkshop in Espoo.

• TSD can be seen as a path and sequence solution ofnon-homogeneous, continuous time Markov systems.

• A sequence is an ordered set of discrete states j. A path(also called transient) is an instance of a sequence wheretransitions between states j occur at specified times.

• Discrete states j are composed by system states (connected ornot) and phenomenon states (occuring or not).

• Each discrete state j is bi-univocally associated to a dynamicstate (i.e., a set of dynamic equations) that determines theevolution of process variables.

• Transitions j → k between discrete states are produced bydynamic events. In general, they are stochastic andcharacterized by occurrence rates pj→k(~x) which arefunctions of the process variables.

IDPSA Workshop. Stockholm, Sweeden 19-20 November 2012 1

`pk TSD Background

• The stimulus of a dynamic event is a condition that makesthe occurrence rate of that event different from zero.

• In a sequence, the event occurrence times can be seen as aspace where each point is a path of the sequence. Thesequence frequency gets distributed over this space.

• Each path of the sequence has a frequency density that canbe calculated with the TSD equations.

• The sequence sub-space composed by paths ending in adamage condition is the Damage Domain of the sequence.

• The contribution of a sequence to the damage frequencyresults from integrating the frequency density over thedamage domain.


`pk TSD ongoing developments

Multiple outcome events. System events

• Very often, a dynamic event may produce different outcomes,i.e., it may result in different transitions.

• In this case, transition rates are given by the eventoccurrence rate times the outcome probability.

• An important case is that of plant systems that may work indifferent modes (e.g., different number of working trains in amulti-train system).

• Each working mode results from a different systemconfiguration.

• The start-up of a stand-by multi-mode system is a dynamicevent whose dynamic impact on the plant depends on theworking mode, i.e., on the system configuration.

• In this case, the outcome probability is the conditionalprobability of the system configuration.


`pk TSD ongoing developments

Configuration probability

• There are multiple dependences among system configurations.Calculation of configuration probabilities is a complex task.

• When considering multiple outcome events, discrete states jshould be extended to include system configurations.

• The plant configuration is composed by all the systemconfigurations.

• The TSD equations are also extended to include the plantconfiguration probability. Consistency with current PSAtechnology must be carefully taken into account.

• Due to the complexity of system dependences, the use of faulttree models and PSA quantification tools is highlyrecommendable.

• Configuration fault trees are embedded in existing PSA faulttrees but in most cases they cannot be easily extracted.


`pk Algorithms and Strategies for TSD

Implementation

Integration algorithm for sequences of protectiveactions

• A frequent case in a PSA-1 context is that dynamic eventsconsist of protective actions stimulated by deterministicconditions.

• Deterministic stimuli means:

Event occurrence rates are a direct result of the simulation.They are non-null only while the corresponding stimulus isactivated.

• Protective actions means:

The more delay in the event occurrence, the closer thesituation to a damage condition.



Implementation

Parents and children sequences/transients

• A sequence is an ordered set of dynamic events. A transient isan instance of a sequence where the event occurrence timesare specified. (Let us consider single outcome events for the shake ofsimplicity)

• If a new event is added at the end of a previous sequence, theresulting sequence is a child of the previous one.

• A transient of the child sequence is a child of a transient ofthe parent sequence if the common events occur at thesame times.

• Damage domains of parent/child sequences are related. Forprotective action events:A non-damage transient cannot have damage children.Among the children of a damage transient there is alwaysa non-empty set of damage transients.



Implementation

Integration of the TSD equations

• Let us think of an accident scenario with two possible protectiveactions, A and B whose occurrence times are τA and τB.

• Taking apart the initiating event, the possible dynamicsequences are (), (A), (B), (A,B) and (B,A).

• Note that both (A) and (B) are children of (), (A,B) is a childof (A) and (B,A) is a child of (B).

• The conditional damage probability (given the initiating event)should be calculated as:

pdam = p() +∫D(A)

fA(τA)dτA +∫D(B)

fB(τB)dτB + (1)

+∫∫

D(A,B)

fA,B(τA, τB)dτAdτB +∫∫

D(B,A)

fB,A(τB, τA)dτBdτA



Implementation

Application of parental relationships• Due to parental relationships, integration limits of differentintegrals become related.

• For the occurrence time of an event, integration limits are:The upper limit is the damage time in the parenttransient.The lower limit is the maximum of:∗ Activation of the event stimulus.∗ The occurrence time of the previous event.∗ The border of the damage domain.

• All this information but the border of the damage domain canbe taken from the corresponding parent transient.

• When a transient has been calculated, the set of its childrencan be integrated.

• The border of the damage domain can be found during theintegration process.



Implementation

Recursive integration algorithmWith these considerations, equation (1) can be rewritten as:

pdam = p() +

+∫ TD()

τminA

[fA(τA) +

∫ TD(A)(τA)

τminB

(τA)

fA,B(τA, τB)dτB

]dτA + (2)

+∫ TD()

τminB

[fB(τB) +

∫ TD(B)(τB)

τminA

(τB)

fB.A(τB, τA)dτA

]dτB

Note that:• Equation (2) represents a recursive algorithm that can beextended to any number of dimensions.

• All the integrals in (2) are one-dimensional and can beoptimized in an independent way.

• The adequate discretization strategy for calculating (2) is totake occurence times in decreasing order.


`pk CONCLUSIONS

• ISA is a mature Methodology to implement an IDPSA analysis.

• SCAIS Platform developed to perform ISA Methodology, but theplatform is broad enough to implement other IDPSAMethodologies, including non-nuclear industries using PSA.

• Some SCAIS developments and applications are needed toachieve an advanced platform able to perform full IDPSAstudies.

• Consistent incorporation of configuration fault trees is needed.Extensions of the theoretical framework are being developed tothis aim.

• Computational algorithms should be optimized to reduce theamount of required resources. To this aim, an efficientrecursive algorithm has been developed for sequences ofprotective actions.


SCAIS_TSD_2

Documents

SCAIS_TSD_2