Conference Schedule - 2015 International Topical Meeting on

Transcription

American Nuclear Society
Nuclear Installation
Safety Division
PSA 2015 International Topical Meeting on Probabilistic Safety Assessment and Analysis
April 26-30, 2015
FOREWORD
Dear colleagues,
Welcome to Sun Valley, Idaho, and the Sun Valley Resort, the venue for the 2015 International Topical Meeting
on Probabilistic Safety Assessment and Analysis (PSA 2015). This is the fourteenth installment of the series of
topical meetings on probabilistic safety assessment (PSA), sponsored by the Nuclear Installation Safety Division
of the American Nuclear Society. The Idaho Section of the American Nuclear Society is proud to serve as host for
the premiere PSA meeting in 2015.
Our theme for this meeting is “A Forum for Learning.” Please consider yourself a student of PSA, no matter how
many years you have been working in the field. Take the opportunity to learn from the presentations and peer-reviewed papers, and engage in meaningful and constructive dialog. We hope to see many “nontraditional students”
among our ranks.
At the same time, please take the opportunity to share your knowledge with others, whether you are a seasoned
veteran of PSA or new to the field. To keep PSA moving forward and remaining relevant, new ideas and perspectives are needed. The energy and vitality of young professionals is a key element of successfully keeping PSA
fresh and on the forefront of assuring the safety and long-term sustainability of nuclear power.
We especially would like to direct your attention to the discussion group sessions on various topics scattered
throughout the PSA 2015 conference. These sessions are intentionally informal in nature and are an attempt to
bring the advantages of sidebar discussions and break time conversations to a wider audience. Unlike the typical
panel sessions, which can sometimes turn into paper sessions without the papers, the intention of the discussion
groups is to provide opportunities for experts on selected topics to have very loosely moderated discussions with
back-and-forth interactions, much like a group of colleagues going to lunch and “talking shop”—the only difference being that there will be a large number of people eavesdropping in on the conversation!
Last, consistent with both a relaxed atmosphere for learning and the informality of the great outdoors of Idaho,
please make yourself comfortable. We hope to see more backpacks and jeans than briefcases and suits. Please be
comfortable asking tough questions. Be comfortable making new friends; if you see someone you don’t know,
introduce yourself. Be comfortable learning something new; attend a session on a topic you wouldn’t normally
attend.
If there is anything we can do to make your PSA 2015 experience better, please let us know.
Marty Sattison
General Chair
Mike Calley
Technical Program Chair
1
April 26-30, 2015
ACKNOWLEDGMENT
The 2015 International Topical Meeting on Probabilistic Safety Assessment and Analysis (PSA 2015) organizing
committee wishes to express our gratitude to the many people and organizations that have contributed to this conference. The Nuclear Installation Safety Division and the Idaho Section of the American Nuclear Society (ANS)
provided volunteers that organized, managed, and facilitated PSA 2015.
Conferences like PSA 2015 cannot exist without, and are no better than, the technical papers that are submitted.
We would like to thank each and every author for their technical contributions. Each paper and presentation is the
culmination of a significant effort, often representing years of scientific and engineering research and application.
We would also like to acknowledge the tremendous efforts of the technical program committee (TPC). Every abstract and every full paper underwent a two-party independent peer review to assure the highest technical quality
for PSA 2015. Please take a moment to scan through the list of members of the TPC. Their professionalism and
dedication to the advancement of the field of probabilistic safety assessment is exceptional and is greatly appreciated.
Without the support of our sponsors, many of the delightful amenities of PSA 2015 would not have been possible.
Special thanks to our Platinum sponsors: Jensen Hughes, for making our opening reception an event to remember; RSC Engineers, for the fantastic Western barbeque conference banquet; Maracor (a division of Enercon), for
Tuesday’s lunch and ice cream social; and Idaho National Laboratory, for general financial support and providing
the conference papers and program media. We thank our Gold sponsors, ERIN Engineering and Research and
Westinghouse Electric Company, for providing lunch on Monday and Wednesday, respectively. We also thank our
Silver sponsors, Atkins, Engineering Planning and Management, Inc., FDS Team, and Areva for their support.
The management and organization of PSA 2015 was made possible by the volunteer efforts and dedication of the
following: Marty Sattison, Mike Calley, Danielle Perez, Bob Skinner, Cindie Jensen, Laura Cox, and Desiree Reagan. A special, well-deserved thank-you goes out to Teri Ehresman. She has been instrumental in every aspect of
putting PSA 2015 together, from the application to host the meeting, to obtaining the meeting venue, to making all
the logistics happen. She has done it all. In the middle of it all she retired from her full-time job, but worked even
harder to make PSA 2015 a great success. Thanks, Teri!
We would like to acknowledge the patience, understanding, and untiring support of Ellen Leitschuh in the ANS
Department of Scientific Publications. She held our hands and walked us through the ANS electronic paper
submission and review and publication processes, making the production of the technical program as smooth and
easy as possible.
Last, we would like to thank each and every one of you for attending PSA 2015.
2
April 26-30, 2015
ORGANIZING COMMITTEE
General Chair:
Marty Sattison
Idaho National Laboratory/Idaho American Nuclear Society
Assistant General Chair:
Teri Ehresman
Assistant General Chair:
Danielle Perez
Technical Program Chair:
Mike Calley
Idaho National Laboratory
Technical Program
Co-Chair (Asia):
Kohei (Kevin)
Hisamochi
Hitachi-GE, Japan
Technical Program
Co-Chair (Europe): Vinh Dang
Paul Scherrer Institute
Financial Chair: Robert Skinner Idaho American Nuclear Society
Publications Chair:
Marty Sattison
Local Arrangements Chair:
Teri Ehresman
Idaho American Nuclear Society
Assistant
Local Arrangements Chair:
Danielle Perez Idaho National Laboratory/Idaho American Nuclear Society
Sponsors/Fundraising
Chair: Teri Ehresman
Guest Events Chair:
Cindie Jensen
Student Coordination Chair: Danielle Perez
Assistant Student
Coordination Chair: Russell Gardner
Banquet Chair:
Teri Ehresman
Webmaster:
Desiree Reagan
3
April 26-30, 2015
ORGANIZING COMMITTEE
Martin Sattison
General Chair
Teri Ehrsman
Assistant General Chair
Danielle Perez
Assistant General Chair
Michael Calley
TPC Chair
Vinh Dang
TPC Co-Chair
Kohei Hisamochi
TPC Co-Chair
Robert Skinner
Financial Chair
4
Cindie Jensen
Guest Events Chair
Russell Gardner
Assistant Student
Coordination Chair
Desiree Reagan
Webmaster
April 26-30, 2015
TECHNICAL PROGRAM COMMITTEE
Technical Program Chair: Technical Program Co-Chair: Technical Program Co-Chair: Mike Calley, Idaho National Laboratory
Vinh Dang, Paul Scherrer Institute
Kohei Hisamochi, Hitachi-GE
Technical Program Committee Members:
Amir Afzali, Southern Nuclear Operating Co.
Paul Amico, Jensen Hughes
Ali Azarm, IEES
Gina Banaseanu, CNSC
Pedro Diaz Bayona, UPC
Heinz-Peter Berg, BfS
Harold Blackman, Boise State University
James Boatright, Westinghouse
Ron Boring, INL
Hans Brinkman, NRG Consultancy and Services
Robert Budnitz, LBNL
Andreas Bye, Halden Reactor Project
Lee Cadwallader, INL
Kaushik Chatterjee, FM Global
Susan Cooper, NRC
Kevin Coyne, NRC
Gary Demoss, PSEG Nuclear
Matt Denman, SNL
Rich Denning, Ohio State University
Matt Dennis, SNL
Heather Detar, Westinghouse
Cheryl Eddy, RSCE
Steve Eide, Scientech
Fernando Ferrante, NRC
Mike Frank, URS Corp
Ray Gallucci, NRC
Susie Go, NASA
Donnie Harrison, NRC
Dennis Henneke, GE Hitachi
Mohamed Hibti, EdF R&D
Risto Himanen, TVO
Jodine Jansen Vehec, RSCE
Hongbing Jiang, TVA
Young Jo, Southern Co.
Jeffrey Joe, INL
Prasad Kadambi, NRMCC
Sinda Kahia, NRG Consultancy and Services
Gurgen Kanetsyan, NRSC
Mardy Kazarians, Kazarians & Assoc
John Kim, KAERI
Gerry Kindred, TVA
Ken Kiper, Westinghouse
Jim Knudsen, INL
Zoltan Kovacs, Relko LTD
Greg Krueger, Exelon
Chip Lagdon, DOE
John Lai, NRC
Stanley Levinson, Areva
Stuart Lewis, EPRI
Yazhou Li, China Academy of Science
Zhegang Ma, INL
Andrea Maioli, Westinghouse
Diego Mandelli, INL
Donovan Mathias, NASA
Chris Mattenberger, NASA
Jeff Miller, RSCE
Allen Moldenhauer, Dominion
Tom Morgan, Maracor
Mike Muhlheim, ORNL
Pamela Nelson, UNAM
Steve O’Dell, Westinghouse
Kevin O’Kula, URS
Shahen Poghosyan, NRSC
Marina Roewekamp, GRS
Cassandra Ruch, RSCE
Valentin Rychkov, EdF R&D
Marty Sattison, INL
Jeff Shackelford, DNFSB
Nathan Siu, NRC
Barry Sloane, ERIN
Curtis Smith, INL
Shawn St. Germain, INL
Jan Stiller, GRS
Ricky Summitt, RSCE
Kent Sutton, INGRID
David Teolis, Westinghouse
Boback Torkian, Enercom
Larry Twisdale, ARA/Risk
Dominique Vasseur, EdF
Andrija Volkanovski, Josef Stefan Institute
Tim Wheeler, SNL
Vincent (Tom) Young, RSCE
Valerie Barnes, NRC
Roger Boyer, NASA
Tsong Lun Chu, BNL
Justin Coleman, INL
Ray Fine, FENOC
George Flanagan, ORNL
David Grabaskas, ANL
Rick Grantom, CRG LLC
Stephen Hess, EPRI
James Lin, ABS Consulting
Mohammad Modarres, University of Maryland
John Nakoski, NRC
Donald Wakefield, ABS Consulting
5
April 26-30, 2015
GENERAL INFORMATION
Registration
Registration is required for all attendees and presenters. Badges are required for admission to all events.
Meeting Registration Desk
In the Limelight Promenade
Full Conference Registration Fee includes: Sunday
Evening Reception, all technical sessions, lunch
(Monday through Wednesday), morning and afternoon breaks, Tuesday afternoon ice cream social, the
Wednesday Evening Western Barbeque Banquet, the
complete registration package and the proceedings’
flash drive.
Sunday
8:00 a.m. – 9:00 a.m.
(Workshop registration)
2:00 p.m. – 6:30 p.m.
(PSA 2015 registration)
Monday
7:00 a.m. – 3:00 p.m.
Tuesday
7:30 a.m. – 4:00 p.m.
Wednesday
7:30 a.m. – 4:00 p.m.
Thursday
7:30 a.m. – 9:00 a.m.
1 Day Registration Fee includes: All technical sessions, lunch, morning and afternoon breaks, complete
registration package, proceedings’ flash drive and the
evening event for that day.
Student Registration Fee includes: Same as full registration.
Emeritus Registration Fee includes: Same as full
registration.
Workshops. Workshop registration is separate from
PSA 2015 registration and the fees vary. They do
not include any of the PSA events Sunday evening
through Thursday.
Guests. There is no guest registration. Guests may
purchase individual tickets for the following:
• Sunday Evening Opening Reception
• Lunch by the day
• Wednesday Evening Western Barbeque Banquet
• Guest Program events
INL Technical Tour. This tour will visit the Experimental Breeder Reactor-I Atomic Museum and the
Idaho National Laboratory’s Advanced Test Reactor
Area. Due to security reasons, all registrations were
due by March 30, there is no on-site registration for
this tour. The tour will depart from the Limelight
Promenade at 09:00 on Thursday and will return at
approximately 18:00. Lunch is included.
6
Guidelines for Speakers
On the day of presentation, each speaker should attend the Speakers’ breakfast (Ram Restaurant, 7:00
a.m.) to meet with the chair of their session. Here
the Session Chair will confirm that you will be giving
your presentation and will ask for information to be
used when introducing your presentation.
Each session is 90 minutes long and will have three
or four presentations. Presentations will be 22 minutes or 30 minutes, respectively, including time for
introduction and questions.
The rooms will be equipped with a laptop, a projector
and a laser pointer. Microsoft Windows, PowerPoint
2010, and the latest Adobe Acrobat Reader will be
installed on the computers.
All presenters should report to the Session Chair in
the assigned room 15 minutes before the start of the
session. Presentations should be loaded and tested on
the computer in the assigned room during the break
prior to the session. Presentations may also be tested
on similar equipment in the Speakers’ Preparation
Room (Camas Room).
April 26-30, 2015
SPECIAL EVENTS
Sunday
6 p.m. – 8 p.m.
PSA 2015 Opening Reception at River Run Ski Lodge and Sun Valley Resort tram ride to Roundhouse viewing
area. Sponsored by Jensen Hughes, Inc. (Shuttles will make a continuous loop from Sun Valley Inn to River Run
Lodge and back during reception hours)
Monday
10:00 a.m. – 12:30 p.m.
Guest Program: Pottery Class at Local Color Ceramics Studio. Cost: $20, pay at the Studio.
Meet at the Registration Desk.
12:00 p.m. – 1:30 p.m.
Limelight B
Lunch Buffet - Sponsored by Erin Engineering and Research, Inc.
Tuesday
10:00 a.m. – 1:30 p.m.
Guest Program: Gallery Walk/Shopping Tour and Lunch in Downtown Ketchum. Cost: $12 for lunch.
12:00 p.m. – 1:30 p.m.
Limelight B
Lunch Buffet - Sponsored by Maracor, A Division of ENERCON Services, Inc.
12:45 p.m. – 1:15 p.m.
Limelight B
Lunch Speaker: Laura Hermann, Potomac Communications Group, Inc.
3:00 p.m. – 3:30 p.m.
Continental Room
Ice Cream Social - Sponsored by Maracor, a Division of ENERCON Services, Inc.
Wednesday
12:00 p.m. – 1:30 p.m.
Limelight B
Lunch Buffet - Sponsored by Westinghouse Electric Company
12:30 p.m. – 5:00 p.m.
Guest Program: Guided Mountain Bike Trail Tour of Sun Valley. Cost: $60 (includes tour guide and bike rental).
6:00 p.m. – 9:00 p.m.
Limelight B
PSA 2015 Banquet: Western Barbeque Sponsored by RSC Engineers, Inc.
Thursday
8:30 a.m. – 6:00 p.m. Technical Tour of Experimental Breeder Reactor- I
Atomic Museum and Idaho National Laboratory (pre-registration required).
7
April 26-30, 2015
WORKSHOPS
INMM Workshop on Safety-Security Risk-Informed Decision-Making
Sunday, April 26, 2015, 8:00 a.m. – 5:30 p.m.
Limelight C
Over the last several years, the US Nuclear Regulatory Commission (NRC) has been trying to identify ways to
better risk inform its security regulatory process. As part of this effort, the NRC has supported the conduct of two
technical workshops on risk informing security. The first workshop was hosted by Sandia National Laboratories
in September 2010 with about 50 participants. The second workshop was hosted by the Institute of Nuclear Materials Management in February 2014 with about 60 participants.
Both workshops identified a number of areas where risk insights could better inform nuclear security. A recurring discussion at both workshops regarded the need to promote collaboration between technical people working
in the safety and security communities. There is a need to bring these two technical disciplines together to enable
a cross-fertilization of the technical approaches. These approaches have many similarities, which are not often
recognized. There are also many distinct differences. As a simple example, the safety and security communities have different definitions of the term “risk.” As a more complex example, the two communities differ on the
meaningfulness of security analyses that rely on the assumption that initiating events are random occurrences.
Security risk analysis cannot take advantage of this assumption.
Bringing the two communities together for a direct discussion of issues will help to bring down barriers between
them. It will help to foster an understanding of the terminology used by both disciplines and may lead to more
consistent terminology. It may identify modeling frameworks, approaches, and /techniques that can be shared
between the disciplines.
This one-day workshop is intended to bring safety and security technical experts together to begin continue this
necessary dialogue. As an outcome of the workshop, specific topics may be identified that warrant further interaction to enable improvement in both safety and security risk analysis.
RAVEN Workshop
Sunday, April 26, 2015, 9:00 a.m. - 5:00 p.m.
Limelight A
RAVEN is a software tool to characterize the probabilistic behavior of complex systems. It might be used for risk
analysis, reliability analysis, uncertainty quantification and code validation. In most cases, RAVEN employs a
“black box” approach with respect to the external code representing the physical systems (more advanced options like dynamic event trees are also available) and provides sampling strategies to effectively explore the input
space. Standard statistical post-processing capabilities are provided to compute mean, variance, etc. of selected
figures of merit of the output space. RAVEN relies heavily on artificial intelligence algorithms to construct surrogate models of complex physical systems to perform reliability analysis (limit state surface), uncertainty quantification and parametric studies.
The first objective of the workshop is to acquire a general understanding of the RAVEN package and its main
capabilities. Secondly, a series of practical examples are going to be provided, in ascending level of complexity,
starting from the simplest statistical analysis to the generation of the complex surrogate models and their utilization in reliability analysis. Users that already have access to the code will be able to run the examples directly
on their laptops. Those that do not have access to the software yet, will receive a copy of the example inputs in
electronic format.
8
April 26-30, 2015
OPENING PLENARY SESSION
Monday, April 27, 08:30, Opera House
Keynote Speaker
Dr. George Apostolakis
Head, Nuclear Risk Research Center, Japan
Dr. George Apostolakis is a professor emeritus of the Nuclear Science and Engineering Department and of the Engineering Systems Division of the Massachusetts
Institute of Technology. He served as a Commissioner of the U.S. Nuclear Regulatory Commission (NRC) from April 23, 2010 until June 30, 2014. From 1995 until
2010, he was a member and former Chairman (2001-2002) of the statutory Advisory
Committee on Reactor Safeguards of the NRC. He is currently the Head of the
Nuclear Risk Research Center in Japan.
He is a member of the U.S. National Academy of Engineering and a Fellow of the
American Nuclear Society and the Society for Risk Analysis. He has received the
Tommy Thompson Award and the Arthur Holly Compton Award from the American
Nuclear Society.
Dr. Apostolakis holds a Ph.D. in Engineering Science and Applied Mathematics (awarded in 1973) and a Master
of Science degree in Engineering Science (1970) from the California Institute of Technology. He earned his undergraduate degree in Electrical Engineering from the National Technical University in Athens, Greece, in 1969.
9
April 26-30, 2015
PLENARY DISCUSSION GROUP - THE FUTURE OF PSA
Monday, April 27, 10:15, Opera House
Discussion Group Leader: Marty Sattison, INL
Dr. George Apostolakis
Mr. Dennis Henneke
Dr. George Apostolakis is a professor emeritus of the Nuclear Science and Engineering Department and of the Engineering Systems Division of the Massachusetts Institute of Technology. He served as a Commissioner of the U.S. Nuclear Regulatory Commission (NRC) from
April 23, 2010 until June 30, 2014. From 1995 until 2010, he was a member and former
Chairman (2001-2002) of the statutory Advisory Committee on Reactor Safeguards of the
NRC. He is currently the Head of the Nuclear Risk Research Center in Japan.
He is a member of the U.S. National Academy of Engineering and a Fellow of the American
Nuclear Society and the Society for Risk Analysis. He has received the Tommy Thompson
Award and the Arthur Holly Compton Award from the American Nuclear Society.
Dr. Apostolakis holds a Ph.D. in Engineering Science and Applied Mathematics (awarded
in 1973) and a Master of Science degree in Engineering Science (1970) from the California
Institute of Technology. He earned his undergraduate degree in Electrical Engineering from
the National Technical University in Athens, Greece, in 1969.
Dennis Henneke is a Risk and Reliability Consulting Engineer in the Chief Engineer’s office
of GE Hitachi Nuclear Energy, with over 30 years of PRA experience. He provides PRA
support to existing Nuclear Plants, Advanced Reactors and Global Nuclear Fuels (GNF). He
is presently the Principal Investigator for the DOE Funded project for the PRISM reactor on
“Development/Modernization of an Advanced Non-LWR Probabilistic Risk Assessment,”
and leads the GEH effort supporting Hitachi-GE on the UK ABWR PRA.
Dennis is the Vice-Chairman of the ANS/ASME Joint Committee on Nuclear Risk Management. Prior to coming to GEH, Dennis worked at Duke Power and Southern California Edison supporting Risk-Informed Applications such as Risk-Informed Technical Specifications
and NFPA-805. Dennis received his MS and BS in Nuclear Engineering from University of
Florida. Dennis was the Technical Program Chair for PSA-2011, held in Wilmington, NC in
March 2011.
Dr. Jan-Erik Holmberg is a Senior Consultant and Office Manager from Risk Pilot’s Espoo
Office, Finland. He is also an adjunct professor at the Royal Institute of Technology in Stockholm on probabilistic risk and safety analysis with emphasis on nuclear power safety since
2010. He received his MSc degree in applied mathematics and nuclear and energy engineering in 1989 from the Helsinki University of Technology, and dissertated in 1997 from the
same university. During 1989–97 and 2001–13 he worked at the VTT (Technical Research
Centre of Finland) as a research scientist and team leader in the area of reliability engineering and risk analysis. During 1997–2001 he was a consultant and team leader at Vattenfall
Energisystem in Stockholm, Sweden, working with probabilistic safety assessment (PSA) for
Swedish nuclear power plants. He was the Finnish member of the OECD/NEA/CSNI Working Group on Risk Assessment 2001–13. He has been a project manager of numerous risk
and reliability studies for nuclear and other industries. He has also led national and internaDr. Jan-Erik Holmberg
tional R&D projects to develop methods for risk analysis, e.g., Euratom project Harmonised
Assessment of Reliability of Modern Nuclear I&C Software (2011–13). He has published about 20 papers in scientific
journals, more than 70 papers in scientific conferences, more than 30 publications in reviewed report series.
10
April 26-30, 2015
PLENARY DISCUSSION GROUP - THE FUTURE OF PSA (CONT’D)
Mr. Marty Sattison is the Director of the Nuclear Safety and Regulatory Research
Division at the Idaho National Laboratory (INL). He has over 36 years of experience
in nuclear power, including naval nuclear propulsion operations and maintenance,
leadership of major PRA studies, technical consulting on Probabilistic Risk Assessment (PRA) software development, and international standards work and professional
society leadership. He served for 12 years as the INL Department Manager over all
PRA engineering and research. Marty serves on a number of international conference
committees, ANS and ASME Standards Committees and is the past Chair of the Aerospace Nuclear Science and Technology Division of the American Nuclear Society.
Mr. Marty Sattison
Dr. Nathan Siu is a Senior Technical Adviser for PRA (Probabilistic Risk Assessment)
in the Office of Nuclear Regulatory Research of the U.S. Nuclear Regulatory Commission (NRC). He has over 30 years of experience in the development and application of PRA methods, models, and tools. At the NRC, he’s responsible for providing
PRA-related advice and support regarding technical programs and issues (including
issues requiring research and development) and cooperative activities with U.S. and
international organizations.
Dr. Nathan Siu
Dr. Yamaguchi is a Professor at the University of Tokyo, Nuclear Professional School,
Graduate School of Engineering. He received his Ph.D degree in nuclear engineering
from the University of Tokyo in 1984. He joined the Power Reactor and Nuclear Fuel
Development Corporation (currently Japan Atomic Energy Agency) and was involved
in thermal-hydraulic and safety research of sodium cooled fast breeder reactors. In
April of 2005, he moved to Osaka University, Department of Energy and Environment
where he performed nuclear thermal-hydraulics, safety and risk assessment studies.
In January 2015, he became a Professor at the University of Tokyo. He has more
than 30 years of experience in nuclear engineering. He has been a member of governmental committees on atomic energy policy, nuclear safety, nuclear regulation and
nuclear science and technology by the METI, NRA and MEXT. He chairs the Nuclear
Prof. Akira Yamaguchi
Science and Technology Committee of MEXT and Nuclear Safety, Technology and
Human Resource Development Committee of the METI. Currently he is the chair of
the Risk Technology Committee of the Atomic Energy Society of Japan and an International Board member of the
International Association of PSA and Management.
11
April 26-30, 2015
TECHNICAL SESSIONS
12
April 26-30, 2015
Monday, April 27, 13:30, Ram Room
SESSION 6-1: HUMAN FACTORS AND HRA I
Session Chair: Valerie Barnes, NRC
Blowing Up Safety Culture - The Lure and Trap of Accident Investigation and Continuous Improvement (12042)
Harold S. Blackman
Boise State University
Safety culture is clearly recognized as an important element of any organization. This is of particular importance for high-risk industries where complex sociotechnical systems exist.
In many industries a great deal of energy, time and money continues to be expended in trying to get the culture right. Active safety programs such as the Voluntary Protection Program,
peer observation programs such as behavior-based safety, planned audits and inspections from a variety of bodies both internal and external to the organization, as well as audits by
regulatory bodies are regularly employed. And when something bad happens there are standard protocols for investigating accidents leading to corrective actions that seek to prevent
another occurrence. This coupled with the fact that for decades there have been countless programs directed at quality and continuous improvement has led to situations where we can
become captured by quality and we are led away from understanding the greater situational context. This paper describes how this may occur and then presents a case study where an
intervention was applied to “blow up” and then reset the safety culture of an operational facility where this “quality capture” had occurred.
Enhancing Employee Wellbeing by Shaping a Total Safety Culture (12058)
NJF van Loggerenberg, Hester Nienaber
University of South Africa
Employees are the most important assets of an organization. As an asset of the organization, employees can contribute to organizational performance only to the degree that their wellbeing
allows. Wellbeing is defined as a complete state of physical, mental and social health. As such, one would expect that management behave in a way that protects employee wellbeing in order
to foster organizational performance, which is expressed in financial returns. This way of supportive behavior includes creating an environment where employees can perform optimally by:
• honing their abilities to achieve their full potential (development)
• contracting with employees in a way that is advantageous to both them and the organization (remuneration, career, workload, and work-life balance)
• empowering employees so that they can discharge their responsibilities effectively (authority commensurate with responsibility)
• considering the emotions of staff, which contributes to building trust (attitude, motivation, and behavior)
The foregoing is characteristic of occupational health and safety. Hence, it is surprising to note in the literature the absence and/or short-fall of the environment where employees can
perform.
In this article, the authors argue that employee wellbeing can be enhanced by shaping (creating, implementing and improving) a total safety culture. Shaping a total safety culture lies
within the ambit of top management, thus it permeates the whole organization.
The problem that we studied was shaping a total safety culture with a view to understanding how it can enhance employee wellbeing while optimizing economic results (profit). The
primary objective of the study was to explore and describe a total safety culture and the secondary objectives were to make recommendations to organizations on how to shape a total safety
culture and contribute to the body of knowledge on safety culture.
The research design that we employed was a non-empirical study, specifically conceptual analysis, while the methodology was a synthesis review of the literature. The search terms were
“total safety culture, “employee wellbeing”, “occupational disease” (stress and depression), “absenteeism”, “workloads”, and “work-life balance”.
The findings on the literature demonstrate that top management is responsible for shaping a total safety culture. An appropriate total safety culture permeates the whole organization and
contributes to improved organizational performance (profit).
Conclusions include that in essence a total safety culture entails a way of thinking that is dependent on the mental models of, especially, top management. This way of thinking influences
behavior in the organization that positively affects employee wellbeing.
Determining Resilience Thresholds for Nuclear Power Plants (12131)
Pamela F. Nelson, Cecilia Martín del Campo
Departamento de Sistemas Energéticos, Facultad de Ingeniería, Universidad Nacional Autónoma de México
In order to determine the resilience thresholds for a nuclear power station, the different types of events that are reported in the Corrective Action Program database and time between
the consequential events are registered. Linear regression was used to fit a predictive model to the observed data set, in this case, the number of events between each of the consequential events and time. The resulting function can be used to predict, or forecast consequential events; that is, given the number of events that have occurred at a certain time at a plant,
the time until a severe event will occur is estimated and used as a leading indicator. For the plant used in this study, on average, one safety significant event occurs every 28 days and
if 5 events occur in one day, a severe event is likely to occur. Based on this analysis it is believed that this resilience threshold model can be applied by any plant, once the database is
developed in accordance to the proposed specifications developed for this study.
13
April 26-30, 2015
Monday, April 27, 13:30, Sawtooth Room
SESSION 13-1: FIRE ANALYSIS AND NFPA 805 I
Session Chair: Dennis Henneke, GE Hitachi
Development of a Hazard Curve Evaluation Method for a Forest Fire as an External Hazard (11923)
Yasushi Okano and Hidemasa Yamano
Japan Atomic Energy Agency
An external hazard curve of a forest fire is evaluated based on a logic tree. The logic tree consists domains of “forest fire breakout and spread conditions”, “weather condition”, and
“vegetation and topographical conditions”. A location nearby a typical nuclear power plant site in Japan was selected for our studies. The frequency of a large forest fire of the location is
approximately 1/5 of the average in Japan. Forest fire breakout points were selected through deterministic considerations on typical forest fire causes in Japan. The weather conditions
around the location are represented by two parameter sets of “temperature-humidity” and “wind direction-wind speed”. An appearance frequency database was prepared for weather
parameters (i.e. wind speed and humidity) sensitive to forest fire intensities, whereas a non-sensitive branch (i.e. temperature) was eliminated from the logic tree. A number of forest fire
simulations were performed to obtain a response surface for a frontal fireline intensity at different combinations of wind speed and humidity. The hazard curve is therefore evaluated by
a Monte Carlo simulation where one sample gives a unique intensity from the response surface and its frequency is given by the combination of the branching probabilities in the logic
tree. The evaluated hazard curve is such that the annual exceedance probability is about 1.0x10-4 per year for the frontal fireline intensity of 200 kW/m and about 1.3x10-5 per year for
300 kW/m.
Fire-Related Systems and Key Safety Functions Unavailability Matrix Development and Assessment (12087)
P. Díaz, E. Estruch, J. Dies, C. Tapia, A. De Blas, M. Asamoah
Technical University of Catalonia-Barcelona
The paper presents the development and analysis of an Unavailability Matrix for Risk-Informed purposes. The Matrix is developed in the frame of FIRE PSA and combines the unavailability of Fire Protection Systems and Key Safety Functions. The Matrix has been designed with a suitable methodology which focuses on addressing the Key Safety Functions. The result
is a huge Matrix with 168 rows and 52 columns. The columns contain 51 KSF representatives. The Matrix quantification methodology developed to obtain the Matrix provides all the
Matrix elements at the same time. This methodology uses both RiskSpectrum® and Python ™. Risk Increase assessment criteria and a colour code are used to facilitate the visual analysis
of the Matrix. The CDF, or Risk, increase of the Plant due to the combined unavailability of FPSs and KSFs is localized in seven Basic Events, one Fire Protection System and six Key Safety
Functions representatives.
Implementing the NFPA 805 Process: Observations of a Technical Reviewer (12281)
Steve Short, Garill Coles, Karl Bohlander, Bob Layton, Bill Ivans, Fleur De Peralta, Pete Lowry
Pacific Northwest National Laboratories
In July 2004 the U.S. Nuclear Regulatory Commission (NRC) amended its fire protection requirements in 10 CFR 50.48(c) to allow existing nuclear power reactor licensees to voluntarily adopt the fire protection requirements contained in National Fire Protection Association (NFPA) Standard 805. NFPA 805 is a performance-based standard for nuclear power plant
fire protection that is an alternative to the deterministic, prescriptive fire protection requirements, such as 10 CFR 50 Appendix R, that was issued in 1980. One aspect of implementing
NFPA 805 is that the licensee adopts the performance goals, objectives, and criteria for nuclear safety specified in the Standard. These goals, objectives, and criteria can be met through
the implementation of deterministic approaches or performance-based approaches, including engineering analyses, probabilistic risk assessment, and fire modeling.
Licensees voluntarily adopting the fire protection requirements in NFPA 805 must submit a license amendment request (LAR) to the NRC. The LAR provides the new proposed fire
protection licensing basis, including the methodology and results of required evaluations and analyses that show how the NFPA 805 performance criteria are met. As of August 2014,
licensees have submitted LARs for 26 nuclear power plants, representing 42 nuclear reactor units. Of these, 7 nuclear power plants, representing 10 nuclear reactor units, have been
issued a safety evaluation (SE) by the NRC approving transition of their fire protection licensing basis to one that complies with NFPA 805.
Pacific Northwest National Laboratory (PNNL) supports the NRC staff’s technical review of the LARs in the areas of fundamental fire protection, safe shutdown analysis, and Probabilistic Risk Assessment (PRA). PNNL, of course, cannot speak for the nuclear industry and its choice of implementation strategies or to the NRC staff’s assessment of the approaches
being taken to adopt NFPA 805. However, as a reviewer of the technical details of these submittals, PNNL is in a position to observe the array of implementation tactics taken in these
submittals, and the different ways licensees are making the NFPA 805 process work. For example, differences in the kinds of plant modifications being implemented, the number and
types of recovery actions being credited, the utilization of performance-based approaches, achieving safe and stable conditions, alternative performance-based compliance strategies,
and the kinds and extent of detailed modeling performed in support of the Fire PRAs.
As a caveat, it is noted that it is too early to comment on the overall success or limitations of the NFPA 805 process or to provide lessons learned for the future. Furthermore, it is
not PNNL’s intention to endorse any particular approach taken in a submittal over another or to critique the industry or the regulator. Rather the goal of this paper is to summarize a set
of interesting and useful differences across submittals that may provide context for further future discussions about what has been learned by the reviewers, industry, and regulators in
being part of the NFPA process; and how to best use that information to inform future NFPA 805 activities or other risk-informed endeavors.
14
April 26-30, 2015
Monday, April 27, 13:30, Columbine Room
SESSION 7-1: DATA AND PARAMETER ESTIMATION I
Session Chair: Mohammad Modarres, U of MD
A Study on the Effect of the State-of-Knowledge Correlation on Interfacing System Loss-of-Coolant Accident
Frequency (12055)
Dong-San Kim, Jin-Hee Park, Seung-Cheol Jang, Joon-Eon Yang
Korea Atomic Energy Research Institute
Although it is well known that the effect of the state-of-knowledge correlation (SOKC) can be significant especially in calculating interfacing system loss-of-coolant accident
(ISLOCA) frequency that involves rupture of multiple valves, it is difficult to find published studies on the effect of the SOKC on ISLOCA frequency. In this study, the effect of the SOKC
on ISLOCA frequency was examined. The results of the study showed that the effect of the SOKC on ISLOCA frequency depends on several factors: the number of components, the
size of error factor, and probability distributions assumed for component failures (lognormal, beta, or gamma distribution). Also, the results imply that when the SOKC is taken into
account, the use of the beta and gamma distributions is better than the use of the lognormal distribution because the former does not distort the mean failure probabilities without
regard to the number of components and the size of error factor.
Component Repair Times Obtained from MSPI Data (12331)
Steven A. Eide (1), Lee C. Cadwallader (2)
1) Curtiss-Wright/Scientech, 2) Idaho National Laboratory
Information concerning times to repair or restore equipment to service given a failure is valuable to probabilistic risk assessments (PRAs). Examples of such uses in modern PRAs
include estimation of the probability of failing to restore a failed component within a specified time period (typically tied to recovering a mitigating system before core damage
occurs at nuclear power plants) and the determination of mission times for support system initiating event (SSIE) fault tree models. Information on equipment repair or restoration
times applicable to PRA modeling is limited and dated for U.S. commercial nuclear power plants. However, the Mitigating Systems Performance Index (MSPI) program covering
all U.S. commercial nuclear power plants provides up-to-date information on restoration times for a limited set of component types. This article describes the MSPI program data
available and analyzes the data to obtain median and mean component restoration times as well as non-restoration cumulative probability curves.
Development, Implementation, and Impact of Convolution Factors for Offsite Power Recovery in Dominion
PRA Models (12342)
Christopher J. Sutton, Allen C. Moldenhauer, Thomas W. Jaeger
Dominion Resources Services, Inc.
A station blackout is the result of onsite AC power failure following a loss of offsite power. Failure to reenergize an emergency AC bus by recovering offsite power to restore core
cooling and inventory control will result in eventual damage to the core. While some SBO cutsets model an immediate failure of onsite AC power following loss of offsite power,
other cutsets model time-dependent failures, such as the failure of an emergency diesel generator to run. In cases such as these, the time at which the station blackout starts is
delayed, and the time available to recover offsite power is prolonged, resulting in a lower probability of recovery failure. The failure probability of onsite power increases with time,
and the failure probability of offsite power recovery decreases with time. Convolving these failure events by accounting for the different combinations of failure probabilities allows
the dependence between these events to be modeled. Modeling this dependence can result in significant risk benefit from modeling the actual risk and is easily achieved by using
convolution factors to adjust the frequency of existing cutsets modeling these events as independent failures.
15
April 26-30, 2015
Monday, April 27, 13:30, Limelight A
SESSION 1-1: ACCIDENT ANALYSIS LEVEL 2
Session Chair: Rich Denning, The Ohio State University
Improving the Level 2 PRA Modelling of Basemat Failure (12046)
C. Andersson (1), J. Christensen (2), S. Dittmer (1)
1) Ringhals AB,2) Risk Pilot
The results of the current Level 2 PRA model for the PWRs at Ringhals NPP indicate that basemat failure driven by Molten Core Concrete Interactions (MCCI) is one of the most
significant contributors to the unacceptable release frequency. However, since the model was developed in the beginning of 2000 the severe accident (SA) phenomenological
understanding has improved and hence work to update the model and make it more realistic has been initiated. Following entry into a severe accident it is likely that significant core
damage and a failure of the reactor pressure vessel (RPV) occurs.
Following vessel failure it is likely that molten corium debris is transported into the containment and hence the modelling of MCCI and basemat failure is at the highest level
about modelling the cooling processes of the molten debris as it accumulates in the containment. The level of accumulation of debris in the reactor cavity underneath the RPV can
depend on several factors, for instance the primary system pressure at vessel failure. A high pressure vessel failure usually results in a potentially significant debris entrainment out of
the reactor cavity. In these SA scenarios, the lower amount of heat generating debris in the reactor cavity will lower the risk to basemat integrity.
SA scenarios where significant debris accumulates in the reactor cavity and where there is little or no water in the reactor cavity have the highest risk of causing basemat penetration due to unabated MCCI. Based on the above summary, the SA phenomenological basis for Level 2 PRA modelling of MCCI and basemat failure can be broken down into the
following high-level elements:
1. SA progression analysis to identify the different levels of water which can be present in containment and their frequency contribution.
2. Review and apply modern phenomenological understanding of progression of MCCI under dry conditions.
3. Review and apply modern phenomenological understanding of progression of MCCI under wet cavity conditions.
The paper will describe how these three elements are analysed in detail through a set of carefully selected scenarios covering both power operation and shutdown. The current
status of the project, including a high-level discussion of the results obtained so far, will be described.
PSA Level 2 with Dynamic Event Trees: Lessons Learned and Perspectives (12206)
Valentin Rychkov (1), Keisuke Kawahara (2, 3)
1) EDF R&D, 2) University of Tokyo, Japan, 3) Ecole de Mines de Nantes, France
The benefits of dynamic (integrated) approaches for the risk assessment have been advertised since long time. Until recently there were only few cases of application of dynamic
event trees to real size problems. In this paper we discuss the application of dynamic event trees to the analysis two plant damaged states considered in an existing static PSA Level
2 model. In the current study we applied only existed assumptions of the PSA Level 2 model. The main difference with the static PSA Level 2 model is the execution of a severe
accident code for every branch of the event tree. The branching conditions of the sequences are decided by the code (MAAP4). Dynamic event trees show that the static PSA Level
2 model gives fairly conservative estimate of the release frequencies due to severe accident phenomena. At the same time we find that in the static model some dependencies may
have been overlooked.
Assessment of Offsite Power Non-Recovery for Level 2 (12310)
Carroll Trull
Westinghouse Electric Company, LLC / Comanche Peak Nuclear Power Plant
For Level 2 sequences with loss of AC power (particularly SBOs), recovering power following core damage but prior to vessel breach is considered for providing a means to inject
into the RCS thus arresting core damage and preventing vessel rupture, as well as restore power to containment heat removal systems. Given offsite power recovery, these systems
may be credited to prevent vessel breach entirely, or scrub fission products in containment, transferring large releases to small ones. The convolution method (convolving probability
distributions for equipment failure with a fit function to offsite power recovery data) for calculating offsite power non-recovery probabilities prior to core damage is widely used in
Level 1 PRAs. The same methodology and equations may be used to calculate realistic probabilities for not recovering offsite power between the time of core damage and vessel
failure.
Implementation of this methodology and its impacts on the Level 2 PRA for a sample plant (large, dry containment) will be discussed. The offsite power nonrecovery events
are dependent on the RCS conditions for timing associated with their probabilities. Vessel failure, release from the RCS, and containment failure are dependent on success or failure
to recover power. For this case, if power was not recovered, then the sequence could only continue to LERF or LATE (which includes large and small) end states, depending on the
containment failure mechanism. Successful power recovery then would result in small releases (SERF) or an INTACT containment.
16
April 26-30, 2015
Monday, April 27, 13:30, Limelight C
SESSION 29-1: RISK-INFORMED DECISION-MAKING I
Session Chair: Stephen Hess, EPRI
Knowledge Engineering Tools – Ready to Support Risk-Informed Decision Making? (12116)
Nathan Siu (1), Margaret Tobin (1), Peter Appignani (1), Kevin Coyne (1), Gary Young (1), Scott Raimist (2)
1) U.S. Nuclear Regulatory Commission, 2) ECM Universe
The U.S. Nuclear Regulatory Commission (NRC) is performing a feasibility study on the application of advanced knowledge engineering tools and techniques to support the
improved and expanded use of risk information. This work is being undertaken as part of the NRC’s Long-Term Research Program. The project is pursuing a number of demonstration
applications of content analytics software being explored at the NRC for a variety of situations. The project applications involve the identification and characterization of multi-unit
events, the identification and characterization of common cause failure events, the characterization of current PRA results, and the characterization of severe accident design features
of new reactor designs. The multi-unit application, which is ongoing, has demonstrated the usefulness of content analytics technology and some of the challenges in employing this
technology. Work continues on this and the remaining applications.
MSPI Driven Safer Nuclear Power Plant – Callaway Energy Center (13029)
Hongbing Jiang (1), Zhiping Li (2)
1) Tennessee Valley Authority, 2) Ameren Missouri
MSPI (Mitigating System Performance Index) is one of important performance indices of NRC Reactor Oversight Process. In order to improve MSPI performance and gain
additional margin, Callaway Energy Center had installed AEPS (Auxiliary Emergency Power System) and a Non-Safety Motor-Driven Auxiliary Feedwater Pump (NSAFP). Both modifications were completed in 2011 before the Japan Fukushima Daiichi nuclear accident. This risk-informed decision making exhibited that Callaway Energy Center had incorporated
nuclear safety principles into their plant operation and taken proactive actions to keep continuous improvement for being a safer plant.
This paper introduces lessons learned from the MSPI-Driven project from a PRA perspective. Furthermore, insights gained by the author with respect to MSPI, its’ purpose and
definition, and how it can be optimized to support nuclear safety are discussed. Herein, to aid in the optimization effort, the MSPI Analyzer software has been developed. The
resultant MSPI information can be used to select the better plant modification design, and to determine the entire GREEN margin combinations in advance once the PRA model and
plant operational data are defined.
Key words: PRA, MSPI Analyzer, Risk Worth, Operation Optimization, Safety, Risk-Informed Decision
The Development of Safety Function Capability Analysis Methodology to Enhance Defense-In-Depth (14509)
Jonathan Li, Gary Miller, Dennis Henneke, and Matthew Warner
GE Hitachi Nuclear Energy
GE-Hitachi Nuclear Energy (GEH) has developed a framework called Safety Function Capability Analysis (SFCA). The purpose of the SFCA is to demonstrate that the proposed or
existing nuclear reactor design meets the regulations of interest by using a systematic process of identifying the safety systems that fulfill the safety functions for different postulated
initiating events and the postulated accidents and design extension conditions with the required Defense-In-Depth (DID) levels of protection.
The SFCA methodology has been applied to ESBWR for a proposed new reactor project. This methodology has also been applied to an existing BWR plant for similar regulation
requirements at the TVO site. Different options of the proposed plant modifications have then been evaluated to demonstrate the adequacy of meeting the safety function capability
requirements. The plant-specific DID levels have been evaluated with the SFCA methods to either identify potential vulnerabilities or to demonstrate safety enhancements associated
with the proposed plant modifications.
Key Words: PRA, Safety Function Capability Analysis (SFCA), Defense-In-Depth (DID)
17
April 26-30, 2015
Monday, April 27, 15:30, Ram Room
SESSION 20-1: SEISMIC I
Session Chair: Paul Amico, Jensen Hughes
Development of Seismic Probabilistic Safety Assessment Model for OPR-1000 Reactor in Korea (12158)
Jin- Hee Park, In-Kil Choi, S.C. Jang
This Paper presents the seismic probabilistic risk model development for OPR-1000 reactor in Korea. The seismic hazard evaluation was re-performed to develop the specific
frequencies of different levels of ground motion at a pilot OPR-1000 reactor site. The fragility evaluation was re-performed to estimate the conditional failure probability of SSC on
the seismic equipment list also. To develop the seismic induced accident sequence model, initiating events from the internal events were reviewed to determine the appropriate
response to an earthquake. Through this process, eleven seismic induced initiating events were identified. Each event tree was developed for the five intensity earthquake levels.
Seismically induced CDF is given by the integration of the annual probability of occurrence of the five earthquake intensity level.
Dam Failure – Nuclear Plant Seismic PRA Model – Modeling Correlations & Uncertainty (12288, Presentation Only)
Martin W. McCann, Jr. (1), Andrea Maioli (2), Raymond Schneider (2), Greg Paxson (3)
1) Jack R. Benjamin & Associates, Inc., 2) Westinghouse Electric Company, LLC., 3) Schnabel Engineering
This presentation presents a seismic risk model that considers the performance and potential risk of a core damage accident at a nuclear power plant located downstream of a
major dam, considering both earthquake induced damage to the plant and flood induced damage to the plant resulting from a dam failure. The seismic risk model describes the
potential performance states for a dam system, focusing on factors that influence the time and magnitude of potential flooding at the plant. The presentation provides the results
of risk calculations and an assessment of the relative contribution to plant risk of different dam performance states and the probabilistic evaluation of dam breach parameters. For a
major seismic event, there is the potential for ground motions high enough to damage the plant, the dam, or both facilities. Core damage could occur from either the ground motions that occur at the plant or as a result of flooding from a dam failure. In addition, while the earthquake may not directly lead to plant core damage, it could compromise emergency response capabilities required to address the potential flooding at the plant. Properly analyzing this problem requires evaluation of the seismic performance of the dam and
nuclear power plant such that the simultaneous occurrence of earthquake ground motions at both facilities is considered. This requires addressing the spatial separation of the two
sites as well as the correlation of ground motions that occur during an earthquake. The performance of the dam system during a seismic event can substantially impact the potential
time and magnitude of the flooding that occurs downstream. The performance states of the dam to be considered include: immediate dam breach during the earthquake; delayed
breaching as a result of significant damage and possibly failed attempts at mitigating the damage; and controlled releases required to reduce the load on the dam in order to prevent
a subsequent failure. In the event of a dam breach (immediate or delayed), the extent and timing of flooding at the plant may be highly variable due to such factors as the mode of
dam failure, breach characteristics (location, size and timing), reservoir level and flow conditions in the river at the time of the breach, potential for debris, etc. The performance of
the plant may vary during a seismic event, including the potential for direct core damage due to earthquake ground motion, damage to critical equipment including flood protection
features, and compromised response capability. A framework for modeling and evaluating the coupled seismic risk problem of upstream dam failure and nuclear power plant risk
is presented. Results of seismic/flood evaluations for hypothetical dam-plant system arrangements are presented. The focus of the assessment is to explore the coupling between
the seismic and flood hazard and capture insights associated with the uncertainty in the dam failure mechanisms and the variability and uncertainty in the timing, magnitude and
potential consequences of plant flooding resulting from dam failure.
18
April 26-30, 2015
Monday, April 27, 15:30, Sawtooth Room
SESSION 30-1: RISK-INFORMED REGULATION I
Session Chair: George Flanagan, ORNL
Use of Risk Information in French Technical Specifications (11801)
Mioara Georgescu, Fabienne Rousseaux, Laurent Gilloteau
Institute for Radiological Protection and Nuclear Safety
In France, in the ’80, Technical Specifications (TS) were defined based on deterministic approach and expert judgment. The use of probabilistic methods was very limited. In late
’90, PSA insights were used to conduct TS changes, mainly in shutdown states.
Following the publication of the PSA basic safety rule, the regulatory framework of PSA contribution to the decision making process was established. It allows the use of risk
information to assess the necessity to require a function to be operable in a given reactor state, to define the required actions and the completion time in case of deviation from the
established limits and conditions of operation or to justify TS temporary changes. As a main principle, the PSA is used as a guideline, the deterministic rules prevailing. In order to
ensure the applicability of the probabilistic information, the PSA basic safety rule requires verifying the PSA model consistency with any given application.
Today risk information is used in a systematic way to improve the TS of the operating reactors or to develop the TS of the new reactors and also to assess TS temporary changes.
The paper presents the IRSN principles of using PSA in the decision making process.
Improving the Processes Associated with Establishing the Technical Adequacy of Probabilistic Risk Assessments - Status
and Path Forward (12105)
Donnie Harrison
U.S. Nuclear Regulatory Commission
Working groups representing the NRC and industry are engaged, via public meeting interactions, in an initiative to improve various processes associated with establishing the
technical adequacy of plant-specific Probabilistic Risk Assessments (PRAs). Specifically, the working groups are striving to achieve a number of objectives, including: improve the
process for gaining acceptance of new PRA methods/approaches and improve the process for documentation and closure of PRA peer review findings and suggestions. As directed
by their respective risk-informed steering committees, the working groups may ultimately clarify and/or develop enhancements to existing guidance to enable these improved
processes. This paper discusses this initiative and these two specific objectives.
Graded Approach in Supervision Program and Strategies at SSM (12283)
Per Hellström
Swedish Radiation Safety Authority
The Swedish Radiation Safety Authority (SSM) is responsible for radiation safety. SSM’s mission is to protect people and the environment from unwanted radiation impact,
now and in the future. SSM is currently in the process of enhancing the use of risk information in its supervision activities. This paper presents the background and requirements in
this area. Further, descriptions are provided of the rather complex scope of SSM’s radiation safety responsibility covering all sources of both ionizing and non-ionizing radiation in
Sweden that makes it very challenging to implement a risk management process where a structured and full scope risk analysis is a major necessity. The outline of the risk analysis
approach, including the consequence criteria and frequency classes, and the first results including some lessons learned are presented together with a proposed risk management
process. Finally, the outlook and requirements for further development and to realize benefits of this development are presented.
Recent and Future Activities of the OECD Working Group on Risk Assessment (WGRISK) (12356)
Marina Roewekamp (1), Vinh Dang (2), Jeanne-Marie Lanore (3), Kevin Coyne (4), Neil Blundell (5)
1) Gesellschaft fuer Anlagen- und Reaktorsicherheit (GRS) mbH, 2) Paul Scherrer Institut (PSI), 3) Institut de Radioprotection et
de Sûreté Nucleaire (IRSN), 4) U.S. Nuclear Regulatory Commission, 5) OECD Nuclear Energy Agency (NEA)
The international Working Group on Risk Assessment (WGRISK) of the Organisation for Economic Co-operation and Development (OECD) Nuclear Energy Agency (NEA) Committee on the Safety of Nuclear Installations (CSNI) aims to enhance the understanding of probabilistic safety assessment (PSA) and to facilitate the application of probabilistic
approaches to help ensure the safety of nuclear installations. In order to meet these overall goals, WGRISK carries out a variety of tasks in support of exchange of information on PSA
between experts from member countries.
Recently, two tasks have been successfully finished. The first was an international workshop on “PSA of Natural External Hazards including Earthquakes” that provided insights
into challenges in the assessment of risk from external hazards (particularly potential combinations of external hazards with other events) and the impact of external events on
multi-unit sites and human reliability. The second task, entitled “Failure modes taxonomy for reliability assessment of digital I&C systems for PRA,” focused on the development of a
19
April 26-30, 2015
common taxonomy of digital instrumentation and control (I&C) failure modes and is an important step towards harmonizing the treatment of these systems in PSA. Additionally,
forthcoming reports include: (1) the proceedings of an international OECD-sponsored workshop on fire PRA held in April 2014 to address recent advances and emerging challenges
in fire and (2) a report on “Probabilistic Safety Assessment Insights Relating to the Loss of Electrical Sources”, resulting from a task initiated as a result of activities after the Fukushima
Dai-ichi accidents. The latter collects essential PSA insights associated with accident sequences involving losses of electrical power.
Two tasks are envisioned in the near future: one on “Human Reliability Analysis in External Events PSA” and another on “Multi-unit PSA Methodology“, both as follow-ups to
the above-mentioned External Hazards PSA workshop and other CSNI post-Fukushima activities. Furthermore, WGRISK continues to support other CNSI and Committee on Nuclear
Regulatory Activities (CNRA) working groups. For example, WGRISK recently supported the CNRA Working Group on Operating Experience (WGOE) in preparing a report on “Fukushima Precursor Events” by providing risk perspectives and is actively supporting the new CSNI Supporting Task Group on Natural External Events (TGNEV).
This paper is intended to give a brief overview on ongoing and planned WGRISK activities.
20
April 26-30, 2015
Monday, April 27, 15:30, Columbine Room
SESSION 9-1: DYNAMIC PSA I
Session Chair: Nathan Siu, NRC
Dynamic Reliability Modeling of Reactor Trip System (12155)
Hua Hui, Wang Gong, Shi Jianmin, Fang Man, Wang Wei
Chinese Academy of Sciences
Nuclear reactor protection systems are in the process of replacing the existing analog instrumentation and control (I&C) systems with digital technology. To completely analyze
and assess the reliability of digital I&C systems, it is necessary to account for couplings between the system and controlled objects; couplings between the basic components, tasks
and communications of the system and the time dependencies. This paper use Dynamic Flowgraph Methodology (DFM) to model the reliability model of reactor trip system (RTS)
for reflecting the sub-groups which is more simplified compared to the board-level model. The deductive method is used to analyze the constructed model, the prime implications of top events of this system is obtained. This paper shows that Dynamic Flowgraph Methodology is an effective method to be applied to the reliability assessment of digital
instrumentation and control systems of nuclear power plants.
ADAPT-MAAP4 Coupling for a Dynamic Event Tree Study (12236)
Valentin Rychkov (1) and Keisuke Kawahara (2, 3)
1) EDF R&D, 2) University of Tokyo, Japan, 3) Ecole de Mines de Nantes, France
The success of dynamic reliability methods strongly depends on the accessibility of dedicated methods and tools. Scientific community developed several dynamic event tree
tools that reached the high degree of maturity. Dynamic PSA workshop held during PSA 2013 in Columbia NC motivated EDF R&D to test one of the presented packages.
We chose ADAPT to manage generation of the dynamic event trees. ADAPT was developed by Ohio State University and Sandia National Lab. Until now ADAPT was coupled only
to MELCOR (NRC developed severe accident code). We used this experience to couple ADAPT to MAAP4. (EPRI developed severe accident code). It turned out that this coupling has
some particularities due to architecture of MAAP4.
In this paper we discuss technical aspects of dynamic event trees generation using coupling between ADAPT and MAAP4. This coupling has been used to compare the dynamic
event tree analysis with the static PSA Level 2 for station blackout (SBO) sequences of a large dry containment Westinghouse type PWR plant.
DYMS: A Monte Carlo Code for Dynamic Fault Tree Analysis on Nuclear Power Plants (12296)
Meng-Yun Liu, Ding She, Jing-Quan Liu
Tsinghua University
In the past decade, the dynamic fault tree (DFT) has been one of the research highlights in the reliability engineering field. DFT extends the traditional fault tree by adding
dynamic gates, in order to model the time-dependent behaviors. A new DFT calculation code, DYMS, is introduced in this paper. The Monte Carlo (MC) approach is employed in
DYMS, due to its capability in modeling the authentic behavior of the system. The code is able to calculate static as well as dynamic gates, and it supports modeling the components
following various kinds of distributions. The Message Passing Interface (MPI) is applied in DYMS for parallel computing. Along with the utilization of a random number generator,
which possesses a skipping property, DYMS is able to obtain the reproducible results regardless of the number of processors. The computational results of benchmark problems
are in good agreement with those obtained by the analytical approach, and it also shows the high performance of DYMS in terms of execution time. Finally, a case study on RRI
(Component Cooling Water System) system is assessed to demonstrate the ability for solving large-scale problems.
21
April 26-30, 2015
Monday, April 27, 15:30, Limelight A
SESSION 11-1: SEVERE WIND PSA I
Session Chair: Larry Twisdale, ARA/Risk
High Wind PRA Development and Lessons Learned from Implementation (12074)
Artur Mironenko (1) and Nicholas Lovelace (2)
1) Duke Energy, 2) Jensen Hughes
Over the last couple of years a number of insights and lessons learned have occurred in High Wind Probabilistic Risk Assessment (PRA) model development. An overview of
the lessons learned from the Duke Energy fleet based upon the successful completion of the Regulatory Guide (RG) 1.200 Rev. 2 high wind models for Catawba Nuclear Station
and McGuire Nuclear Station are presented in this paper. The risks associated with thunderstorms, extra-tropical storms, tornadoes, and hurricanes were evaluated for each site.
Wind loading effects include the aerodynamic forces produced by the dynamic pressure component of the wind flow, the associated atmospheric pressure change (APC) within the
tornado core, and impact forces produced by objects picked up and accelerated by the wind field. These wind loading effects may damage the building that the target is located in,
as well as the target itself. In addition, high wind induced initiating events were incorporated into the fault tree along with high wind logic model changes and Human Failure Events
(HFEs) to quantify the Core Damage Frequency (CDF) and Large Early Release Frequency (LERF). The following six tasks were performed to complete the high wind PRA models: Site
Specific High Wind hazard analysis, High Wind Analysis Walkdowns and equipment list, High Wind Fragility Analysis, Integrate High Wind Impacts into PRA Model, Quantify High
Wind PRA Model, and Complete Documentation. The methodology used to perform the analysis addresses all applicable supporting requirements of the ASME/ANS PRA Standard
RA-Sa-2009 and ASME/ANS RA-Sb-2013 for High Wind Hazard Analysis (WHA), High Wind Fragility Analysis (WFR), and High Wind Plant Response Model (WPR). The model
and documentation was peer reviewed in accordance with RG 1.200 Rev. 2 and meets Capability Category III of the ASME standard for every High Wind Supporting Requirement
(SR) and received several best practices. In conclusion, several improvements and vulnerabilities were discovered during the development of the High Wind PRA Model and will be
discussed in this paper.
Tornado Missile Strike Calculator: An Excel-based Stochastic Model of Tornado-Driven Missile Behavior for Use in
High Winds PRA (12086)
Kyle Hope, Nataliya Povroznyk, Ray Schneider
Westinghouse Electric Company
The Tornado Missile Strike Calculator (TMSC) is a Westinghouse innovation product that evaluates the probability of strike by tornado-driven missiles on a set of plant-specific
targets. This tool supports the development of a full-scope High Winds Probabilistic Risk Assessment (PRA) by providing a method to meet several requirements of Part 7 of the
ASME/ANS PRA Standard.
High Wind PRA Failure Calculations, Error Estimates and Use of CAFTA (12291)
Lawrence A. Twisdale, Jr. (1), Nicholas Lovelace (2), Cory Slep (1)
1) Applied Research Associates, Inc., 2) Jensen Hughes
Quantification of the top event in HW (High Wind) Probabilistic Risk Assessments (PRAs) involves thousands of computations of component and system failures with thousands
of cutsets. The computation of component failure frequency from hazard and fragility curves is fundamental to HW plant response quantification. This paper examines failure
frequency calculations using wind hazard and fragility functions. Multiple issues are investigated, including: (1) the number of wind speed intervals needed for accurate computation of component failures; (2) the wind speed range needed to accurately compute failure frequencies; (3) the differences in the computed failure frequency from the derived mean
curve vs. its family of curves; (4) the tradeoffs in modeling single vs. multiple wind hazards; and, (5) the range of error bounds for perfectly positively and perfectly negatively correlated failure modes compared to statistically independent modes. We found many sources of potential errors, mostly ones of over estimation of failure frequency. Additional work
is needed in HW modeling in order to develop improved understanding of HW PRA failure quantification.
22
April 26-30, 2015
Monday, April 27, 15:30, Limelight C
SESSION 2-1: MULTI-UNIT RISK
Session Chair: Zoltan Kovacs, Relko, LTD
Multi-Unit Nuclear Plant Risks and Implications of the Quantitative Health Objectives (12230)
Mohammad Modarres
University of Maryland
The Fukushima Daiichi accident highlighted the importance of risks from multiple nuclear reactor unit accidents at a site. As such, a measure of Core Damage Frequency (CDF)
representing the site rather than the unit should be considered and estimated through a multiunit Probabilistic Risk Assessment (PRA). In doing so, possible unit-to-unit interactions
and dependencies should be modeled and accounted for in the site CDF. In order to effectively account for these risks, six main commonality classifications: initiating events, shared
connections, identical components, proximity dependencies, human dependencies, and organizational dependencies may be used. This paper examines formal definitions of multiunit site risk and proposes feasible quantitative approaches to account for unit-to-unit dependencies. This paper also discusses approaches to formal assessment and implications of
the current U.S. NRC’s safety goals in the context of multi-unit site risk. Finally, the paper offers discussions of the options to define and assess surrogate risk measures of CDF, Large
Release Frequency (LRF), and Large Early Release Frequency (LERF) due to the total site risk for determining whether the corresponding Quantitative Health Objectives (QHOs) will
be met.
On the Risk Significance of Seismically Induced Multi-Unit Accidents (12275)
Karl N. Fleming
KNF Consulting Services, LLC
The purpose of this paper is to explore the modeling of seismic induced initiating events on a multi-unit site and to consider the effects of the so-called seismic correlation
between identical components that share the same fragility curves in the context of multi-unit initiating events. This paper is based on work performed to develop a safety guide for
the International Atomic Energy Agency. The topic of this guide is a technical approach to the performance of a probabilistic safety assessment (PSA) for a multi-unit nuclear power
plant site.
A Framework for Addressing Site Integrated Risk (12286)
Kenneth Kiper, Andrea Maioli
One of the risk insights from the Fukushima nuclear accident in 2011 is the importance of the inter-relationships of the sources of nuclear risk on that one site. The paper proposes
a framework methodology to assess site integrated risk and, more importantly, to identify the unique vulnerabilities that may result from the interactions among the sources of
irradiated fuel during accidents.
The sources include the fuel in the reactor core for each unit and in the spent fuel pools on the site. As a result, even a single-unit site has the potential for site integrated risk
between the reactor core and spent fuel pool. Multi-unit sites, especially with shared systems, have higher likelihood of significant site integrated risk. External hazards represent an
important source of multi-unit initiating events.
The approach to assessing site integrated risk is top-down with four major steps: (a) identifying the common elements shared by units at the site, including location, systems,
structures, etc., (b) determining the potential site configurations among the units and spent fuel pool; (c) assessing initiating events that may result in multi-unit challenge; and (d)
searching for new scenarios created by the interaction between/among units and sources.
This information is used to as a progressive screening process to dismiss scenarios that do not have any unique impacts due to multi-unit issues. It is expected that, for sites with
limited shared systems and structures between units, most scenarios will screen out. The focus is on the multi-unit accident sequences that do not screen out.
Framework for Assessing Integrated Site Risk of Small Modular Reactors Using Dynamic Probabilistic Risk Assessment
Simulation (12305)
Matthew Dennis (1), Mohammad Modarres (1), Ali Mosleh (1), Zen Wang (2)
1) Center for Risk and Reliability, University of Maryland, 2) GSE Systems, Inc.
The events at the Fukushima nuclear power station highlight the need for consideration of risks from multiple nuclear reactors co-located at a site. Considering the number and
close proximity of the reactor modules in the proposed small modular reactor (SMR) designs, determination of site risk is also important. To gain an accurate view of a site’s risk
profile, the core damage frequency (CDF) for the site rather than the unit should be considered. There are many types of events that could create a dependency between multiple
units from a risk perspective. In order to effectively account for these risks when looking to create a multi-module probabilistic risk assessment (PRA), six commonality classifica-
23
April 26-30, 2015
tions have been established: initiating events, shared connections, identical components, proximity dependencies, human dependencies, and organizational dependencies. These
commonality classifications and dynamic PRA will be used to establish a system model which will be applied to two adjacent modular reactors with shared safety and support
systems. To accomplish this, the dynamic simulator ADS-IDAC will be upgraded in three areas: 1) the thermal-hydraulic code responsible for modeling the system performance will
be upgraded to the most current RELAP5 version, 2) ADS-IDAC will be incorporated with a commercial “executive platform” to allow parallel communication between two or more
nuclear reactors, and 3) the hardware reliability model within ADS-IDAC will be improved to allow explicit, dynamically linked fault tree-based system models to cover “support
systems” to “front-line systems” interdependencies and capture dynamic hardware reliability. These improvements to ADS-IDAC will be applied to a sample simulation involving two
SMRs with shared systems in order to qualitatively assess any important accident sequences which could lead to core damage and may not otherwise be captured in a traditional
static PRA.
24
April 26-30, 2015
Tuesday, April 28, 08:30, Ram Room
SESSION 6-2: HUMAN FACTORS AND HRA II
Session Chair: Cheryl Eddy, RSC Engineers
Estimating Time Information to Conduct a Seismic Human Reliability Analysis (HRA) Based on Human Performance Data
Simulated Against Non-Seismic DBAs (11965)
Jinkyun Park, Yochan Kim, Wondea Jung, Seung Cheol Jang
In this paper, a framework to estimate the response time of human operators under a seismic event. To this end, based on the four kinds of task environments being suggested
from Electric Power Research Institute (EPRI, 2012), the representative contexts of seismic events are identified first. After that, the response times of human operators who are faced
with similar contexts are reviewed from existing literatures and databases. After that, as a case study, response times of human operators under a seismic event are estimated based
on existing data available from literatures as well as databases.
Nuclear Power Plant Seismic Probabilistic Risk Assessment Human Reliability Analysis – A Practical Approach (12138)
James K. Liming (1), John E. Reddington (2)
1) ABSG Consulting Inc., 2) CJR Engineering
This paper summarizes a practical approach for human reliability analysis (HRA) performed in the context of a seismic probabilistic risk assessment (SPRA). The authors of this
paper, with support from members of the FirstEnergy Nuclear Operating Company (FENOC) probabilistic risk assessment (PRA) staff and the ABSG Consulting Inc. (ABS Consulting)
SPRA team, and applying the general guidance presented in the Electric Power Research Institute (EPRI) report entitled “A Preliminary Approach to Human Reliability Analysis for
External Events with a Focus on Seismic,” EPRI 1025294, developed and refined an SPRA HRA method, which they applied on the FENOC Davis-Besse, Perry, and Beaver Valley Units
1 and 2 SPRAs (four separate and unique nuclear power generating unit SPRAs) completed in late 2014. These four SPRAs were developed not only to respond to the requirements
of U.S. Nuclear Regulatory Commission (NRC) Near-Term Task Force Recommendation 2.1 (Seismic), but also to support implementation of future risk-informed applications in
accordance with the requirements stated in NRC Regulatory Guide 1.200, Revision 2, and the joint American Society of Mechanical Engineers (ASME) and American Nuclear Society
(ANS) PRA Standard.
Key Words: Probabilistic Safety Assessment (PSA), Seismic Probabilistic Risk Assessment (SPRA), Human Reliability Analysis (HRA)
Three HRA Case Studies on Plant Shutdown Following Main Control Room Abandonment (12364)
Steve Odell and Clarence Worrell
Westinghouse Electric Company LLC
Post-fire Human Reliability Analysis (HRA) is an evolving field, where much has been recently published. Within post-fire HRA is the need to develop or characterize the likelihood of plant shutdown following Main Control Room (MCR) abandonment. While NUREG/CR-6850 and NUREG-1921 contain approaches for developing the MCR abandonment
HRA, the methodology has been challenged by the Nuclear Regulatory Commission (NRC) and as such there has been inconsistent application of the analysis across the industry.
This paper presents a case study of MCR abandonment HRA methodologies and quantification applied at three different nuclear plants.
Plant A performed a detailed HRA of the alternate shutdown procedure. Plant B added to that by incorporating equipment reliability and binning the abandonment scenarios
into three different levels of fire impact severity. Plant C further expanded on that approach by modeling the HRA and equipment logic directly in the fire probabilistic risk assessment plant response model.
These case studies were performed prior to or concurrently with the development of the methodology proposed in FAQ 13-0002 “Modeling of Main Control Room Abandonment
on Loss of Habitability.” A brief discussion on regulatory recommendations in response to the FAQ along with current and expected industry efforts are included in this paper. MCR
abandonment HRA is a dynamic field whose development will be closely monitored by the industry in coming months.
25
April 26-30, 2015
Tuesday, April 28, 08:30, Sawtooth Room
SESSION 13-2: FIRE ANALYSIS AND NFPA 805 II
Session Chair: Marina Roewekamp, GRS
Statistical Characterization of the Advanced Notification in Detection Time for Very Early Warning Fire Detection in
Nuclear Plant Electrical Enclosures (12051)
Gabriel J. Taylor (1), Raymond H.V. Gallucci (1), Nicholas B. Melly (1), Thomas G. Cleary (2)
1) U.S. Nuclear Regulatory Commission, 2) National Institute of Standards and Technology
This paper uses recent test data to evaluate the differences in time to detection of low energy fire sources between very early warning fire detection systems and ION spot-type
detection systems as a basis to evaluate the non-suppression probability assuming detection of pre-flaming fire conditions. As indicated by the stochastic simulation results, there is
fairly wide variability in the actual reduction factor due to the variability in the test results. If used in probabilistic risk applications, the distributional aspects should be applied with
appropriate consideration of uncertainty and sensitivity.
Alternate Approach to Calculating LERF for Fire PRA Models (12181)
M. B. Hirt, R. C. Bertucio, J. A. Julius
Scientech
The purpose of this paper is to describe the process used to calculate the fire induced Large Early Release Frequency (LERF) as part of the Fire PRA for a PWR. For Internal Events
PRA (IEPRA), LERF is typically derived from a containment event tree (CET) suitable for the particular initiating event. This process becomes unfeasible for Fire PRA due to the large
number of individual fire scenarios that are solved with specific fire failures. Solving in the traditional way would require resolving of the CET for each fire scenario. A Fire PRA
specific approach was developed to retain the same level of phenomenological detail as the IEPRA, while calculating Conditional Large Early Release Probabilities (CLERP) for each
fire scenario within the Conditional Core Damage Probability (CCDP) calculation in a timely manner. Core Damage (CD) sequences are binned into Plant Damage States (PDSs),
as defined by the IEPRA, to group sequences with similar plant conditions. Each PDS has a phenomenological character which drives a Large Early Release (LER) split fraction.
The phenomenological LER split fraction is calculated by quantifying the containment event tree with specific data settings to reflect the plant conditions of each PDS. In the fire
scenario quantification process, the phenomenological split fraction is combined with a system failure driven LER split fraction that is specific to each fire scenario, depending on the
fire-failed equipment. The total LER split fractions are applied through Boolean logic to each fire scenario, allowing calculation of both CCDP and CLERP in a single quantification.
Research on the Installation of VEWFDS in Passive NPP Based on Fire PSA (13059)
Li Zhaohua, Li Lin, Qiu Yongping, Zhang Qinfang
Shanghai Nuclear Engineering Research and Design Institute
Very early warning fire detection systems (VEWFDS) have been proven to be effective in detecting fire in the incipient stage that originates in electrical and electronic cabinets
and low-voltage electrical circuits. To further decrease the fire risk of passive nuclear power plants, the identification of fire compartments and equipment and the difficulties of the
installation of VEWFDS based on fire PSA are discussed in this paper.
26
April 26-30, 2015
Tuesday, April 28, 08:30, Columbine Room
SESSION 3-1: COMMON CAUSE FAILURES I
Session Chair: Chris Mattenberger, NASA Ames Research Center
Common Cause Failure Parameters Estimation with Coloured Petri Nets (11611)
Gilles Deleuze (1), Nicolae Brinzei (2), Laurent Gérard (2)
1) EDF R&D , 2) Université de Lorraine
The object of the article is the estimation of Common Cause Failures (CCF) in digital systems, e.g. protection system of nuclear plants. The system under study is composed of four
divisions, with identical hardware. Colored Petri Nets are used because of their capability to model complex digital systems and assess their dependability. The Atwood model is also
implemented into the CPN model. It represents the CCF impact on the system dependability. Assumptions related to hardware reliability and system logic, maintenance and repairs
are taken into account in the model that is thus dynamic. The simulation, based on a CPN model and the assumptions of the Atwood model, permits to compare estimators of CCF
parameters. An example of comparison is presented in this article, based on the Impact Vectors approach. Finally, some conclusions are presented.
A Risk-Informed Approach to Address Diversity Requirements in the Design of New Reactors (11953)
Vincent Sorel, Boris Gonul
EDF Basic Design Department
Diversity is defined as the presence of two or more systems or components to perform an identified function, where the different systems or components have different attributes
so as to reduce the possibility of common cause failure (CCF). By eliminating CCF an adequate level of diversity between redundant systems or components contributes to improve
safety function reliability. Thus it plays an important role in the respect of both qualitative and quantitative high safety objectives for new Nuclear Power Plants, as independence between Defense in Depth (DiD) levels, and respect of quantitative safety goals. This paper presents the main stages of an approach to address diversity requirements for
redundant components involved in several DiD levels: Identification of diversity requirements for the main safety functions; Preliminary system reliability analysis for determining
the components that need to include diverse provisions; Detailed Failure Mode and Effects Analysis of these components taking into account operating experiences and focusing
on the identification of coupling factors amongst critical redundant parts leading to CCF. This approach allows characterizing diversity provisions to limit CCF to consider in future
component design. Insights of the application of this approach on redundant safety injection pumps are briefly given in this paper.
A New Approach for Estimation of Common Cause Failures Parameters in the Context of Incomplete Data (12262)
Tu Duong Le Duy, Dominique Vasseur
EDF R&D
In the context of Nuclear Probabilistic Safety Assessments (PSA), Common Cause Failures (CCF) events have been recognized to be the dominant contributor to the system failure
and core meltdown probability. Therefore quantifying CCF is essential to demonstrate the reliability of a safety system. However, since CCF events occur rarely, the CCF event data
are often scarce. In such a context, the CCF quantification is generally performed by using expert judgments or the generic CCF event data which are collected from various nuclear
powers plants of other countries. However, the origin of these generic CCF data from different sources sometimes is not sufficiently explained and therefore could be incorrectly
applied. Moreover, these generic CCF data are often used independently with existing independent failure data, producing therefore eventually incoherent results of CCF quantification in PSA model. In this paper, we propose an alternative approach for estimation of CCF parameters. The main idea of this approach consists of adding fictitious CCF events when
the CCF data are incomplete or totally absent. These fictitious CCF events can be interpreted as either the potential CCF events omitted during the data collection or future CCF events
which could occur on the components. These events are obtained by simulation of impact vectors which are used for describing the CCF events according to the ICDE (International
Common cause Data Exchange) coding guideline and NUREG/CR-6268. The CCF events simulated with the most likely probability of occurrence are then used for the CCF parameter
estimation.
27
April 26-30, 2015
Tuesday, April 28, 08:30, Limelight A
SESSION 5-1: CONFIGURATION RISK MANAGEMENT
Session Chair: Rick Grantom, CRG, LLC
Point Estimates for Components in 10 CFR 50.65(a)(1) (12163)
Ross C. Anderson, Joseph Lavelline
ENERCON Services, Inc.
This paper reviews the basis for potential changes to the failure point estimates for components that have been placed in 10 CFR 50.65(a)(1). The summary section delineates
recommended actions to ensure compliance with the intent of 10 CFR 50.65(a)(4). This review is based upon utility experience with these requirements.
An infrequently discussed topic is the treatment of the (a)(1) SSCs in the configuration risk management requirements of 10 CFR 50.65(a)(4). Paragraph (a)(4) is typically met by
analyzing all at-power maintenance configurations with a PRA code and managing the subsequent risk increase.
However, a component in (a)(1) has often experienced an excessive failure rate. The nominal point estimate in the PRA model may underestimate the component’s current failure
rate.
A number of methods may potentially be used to account for (a)(1) SSCs in (a)(4) assessments. Several of these options, and their applicability in various situations, are discussed in the full paper. Finally, this study provides recommendations as to the best formulations for addressing (a)(1) SSCs in (a)(4) assessments.
Licensees are advised to establish procedures for reviewing, and potentially resetting, the point estimates for components in (a)(1) due to reliability failures.
Evaluation of Fire Risk in the Configuration Risk Management Process for XCEL Energy’s Monticello and Prairie Island
Nuclear Generating Plants (12237)
Thomas A Morgan (1), John Biersdorf (2)
1) ENERCON Services, Inc. (Maracor), 2) Xcel Energy
The implementation guidance for the US Maintenance Rule (NUMARC 93-01) was revised in 2011 to include fire risk considerations in the Configuration Risk Management
(CRM) Program used to meet the requirements of Paragraph (a)(4) of the Rule (10CFR50.65). The evaluation process was designed to be primarily qualitative in nature and to allow
for flexible implementation approaches.
Xcel Energy’s Prairie Island and Monticello nuclear generating plants did not have current fire PRAs, so existing Safe Shutdown Analyses were compared to the structures, systems
and components (SSCs) in the internal events PRA models to ensure that all required components were included. The component importance information from the PRAs was then
used to identify safe shutdown SSCs that were risk-significant.
A process was developed to identify which fire zones might need fire Risk Management Actions when the identified SSCs are removed from service. A “fire zone logic model”
determines the availability status of each safe shutdown path. This model was then solved with various SSCs out of service to determine the impacts on each safe shutdown path.
This model was also implemented directly into each plant’s EOOS CRM tool so that the safe shutdown paths could be evaluated dynamically by plant staff as equipment is removed
from service or restored.
Nuclear Power Plant Configuration Risk Management: EPRI CRMF Research – Recent Shutdown Risk Management Research (12279)
Thomas A Morgan (1), Doug Hance (2), Diane M. Jones (1)
1) ENERCON Services, Inc. (Maracor),2) EPRI
The Configuration Risk Management Forum (CRMF) was established in 2003 by the Electric Power Research Institute to serve as a venue to discuss evolving issues in Configuration Risk Management applicable to commercial nuclear power plants.
Recently, the CRMF has studied current shutdown risk management practices. Industry surveys were conducted to obtain detailed information about current shutdown risk
practices and the factors that most significantly impact the risk evaluation process. After the survey results were analyzed, information was requested from several of the survey
respondents to obtain a better understanding of their survey responses and to explore possible reasons for reported variations in risk regimes for similar plants. Reported differences
in outage risk results were influenced by differences in types of qualitative risk models used, as well in differences in how the risk results from individual Key Safety Functions were
aggregated to determine an overall outage “risk color”. Different programmatic treatments of the risk impacts of support systems that are shared between units were also observed
to influence the risk results.
Based on these insights, work has begun on drafting technical guidelines for certain aspects of shutdown risk management that may help to reduce some of the observed variability.
28
April 26-30, 2015
Tuesday, April 28, 08:30, Limelight C
DISCUSSION GROUP SESSION:
ATTITUDES AND BELIEFS REGARDING PRA – WHERE ARE THEY NOW?
Discussion Leaders: Nathan Siu, Valerie Barnes, NRC
In 2001, as part of its efforts to establish a risk-informed environment, the U.S. Nuclear Regulatory Commission (NRC) conducted a number of focus group sessions and interviews involving nearly 100 staff and managers from the NRC’s Office of Nuclear Reactor Regulation (NRR) and the NRC’s Regional Offices. The purpose of this activity, documented
in a 2002 letter report, was to identify barriers to implementing risk-informed approaches to regulatory decision-making as well as catalysts for achieving successful risk-informed
processes. The focus group sessions and interviews explored the views and perceptions of staff members regarding their past experiences using PRA techniques in regulatory matters
and developing and implementing risk-informed regulatory processes. Although the report identified a number of issues (and associated potential improvements), its higher-level
findings were generally positive. In particular, the report states: “...this evaluation found that staff are demonstrating increasing acceptance of a risk-informed approach. There are
pockets of disagreement, but the majority of respondents felt that there are significant contributions PRA technology can make to regulatory practices in the reactor program. Debate
within NRR appears to have moved beyond whether risk insights should be integrated into NRR activities, to discussion of how and when to implement risk-informed approaches.
Respondents expressed general consensus about the issues the reactor program faces in the use of PRA technology and risk insights, but there is not necessarily agreement about
how to address them.”
In 2013, the Nuclear Energy Institute (NEI) sent a letter to the Commission noting, among other things that: “Cultural issues with regard to deterministic thinking have not been
overcome. Elements of the NRC staff have reinterpreted or objected to certain risk-informed activities and the industry has indirectly agreed through accommodating NRC staff
positions. The discussions that surround these actions and interpretations often result in prolonged regulatory interactions and reviews, increasing the costs and uncertainties in the
decision-making process.”
The concern stated in the NEI letter raises some natural questions. What are the current attitudes and beliefs within the NRC and licensees regarding the performance and use of
PRA? Have there been any changes since the early 2000’s? What are the challenges in effecting (and accelerating) changes and what can be done to meet these challenges? Given
the deep-seated nature of attitudes and beliefs embedded in an organization’s culture, what kinds of changes might be expected and over what time scale? What are the experiences of other organizations?
The purpose of this panel session is to provide a forum for discussing these and related questions. The panelists will include speakers providing perspectives from NRC, NEI,
NASA’s Office of Safety and Mission Assurance (which has faced similar challenges in promulgating the use of risk tools and information within NASA), and the IAEA, and an expert
on the subject of organizational culture. Following brief opening remarks by the panelists, the session will involve facilitated discussion involving the panelists and the audience.
Discussion Group Members:
Chair: Dr. Nathan Siu is a Senior Technical Adviser for PRA (Probabilistic Risk Assessment) in the Office of Nuclear Regulatory Research of the U.S. Nuclear Regulatory Commission
(NRC). He has over 30 years of experience in the development and application of PRA methods, models, and tools. At the NRC, he’s responsible for providing PRA-related advice
and support regarding technical programs and issues (including issues requiring research and development) and cooperative activities with U.S. and international organizations.
Participant: Dr. Valerie Barnes is a social/organizational psychologist in the U.S. Nuclear Regulatory Commission’s Office of Nuclear Regulatory Research. Before joining the NRC
staff, she performed research for and consulted to the NRC, the Department of Energy, numerous nuclear utilities and other government and private-sector organizations on organizational and leadership issues affecting safety performance. She supervised the nuclear industry’s first safety culture assessment at Davis Besse following the reactor pressure vessel
head event, and was a key contributor to the development of the NRC’s safety culture policy statement. She has a particular interest in the challenges associated with implementing
substantive organizational change.
Participant: Ms. Victoria Anderson is a Senior Project Manager for Risk Assessment at the Nuclear Energy Institute, a role that involves work with Fire PRA, NFPA 805, numerous
risk informed applications, maintenance rule, and PRA technical adequacy. Prior to joining NEI in 2007, she worked for the Defense Nuclear Facilities Safety Board and Los Alamos
National Laboratory. She holds S.B. degrees in Nuclear Engineering and Political Science from the Massachusetts Institute of Technology, as well as an S.M. degree in Nuclear
Engineering from the Massachusetts Institute of Technology. Participant: Dr. Robert W. Youngblood is a Senior Risk Consultant in the Risk Assessment and Management Services Department, Idaho National Laboratory. BA Physics, Reed
College (1968); MS and PhD Physics, State University of New York at Stony Brook (1969 and 1976). Bob has over 30 years of experience in Probabilistic Risk Assessment, including
methods development and regulatory applications of reliability analysis, risk analysis, and decision analysis, applied on behalf of NRC, DoE, USEC, and NASA. He has over 25 years
of project management and supervisory experience in risk analysis, including program development and supervision of Ph.D. research. His current technical emphasis is on finding
better ways to apply simulation to decision-making under uncertainty, and using this information in the development of safety cases. Previous positions include Vice President and
Chief Technical Officer, Energy Sector, Information Systems Laboratories, Inc.; Leader of Licensing and PSA Group, SCIENTECH, Inc.; Group Leader in Department of Nuclear Energy,
29
April 26-30, 2015
Brookhaven National Laboratory.
Member of ANS, American Physical Society, Society for Risk Analysis, and American Society of Mechanical Engineers.
Participant: Dr. Homayoon Dezfuli is the NASA System Safety Technical Fellow and the Manager of System Safety in the Office of Safety and Mission Assurance at NASA Headquarters in Washington, D.C. In these roles, he serves as a senior technical expert for the Agency in system safety methodology and practice, and leads NASA’s policy development
initiatives for system safety and risk management. Dr. Dezfuli has been instrumental in developing and implementing advanced system safety and risk management techniques
and processes for the Agency. He led the development of and co-authored the NASA Probabilistic Risk Assessment (PRA) Procedures Guide, NASA Risk-Informed Decision Making
Handbook, NASA Risk Management Handbook, and NASA System Safety Handbook. He is also a co-author of the NASA Systems Engineering Handbook and is the author or coauthor of many technical papers in the areas of safety, risk assessment, and risk management. He devised a safety goal implementation framework that has helped shape the NASA
safety goal policy for human space flight. Dr. Dezfuli is currently leading the development of a risk-informed assurance case framework to unify system safety and mission success
activities. He is also leading the development of enterprise risk management methods for the Agency. Dr. Dezfuli has a Ph.D. in nuclear engineering from the University of Maryland.
Participant: Dr. Irina Kuzmina has been working as a professional staff member of the International Atomic Energy Agency (IAEA) for twelve years. She graduated and received her
PhD from Moscow Engineering Physics Institute in Moscow, Russia. Before joining the IAEA she worked for more than ten years at the Scientific and Engineering Centre for Nuclear
and Radiation Safety of the Russian Nuclear Regulatory Authority in the PSA department. In her carrier she also worked for a short time at the Joint Research Centre of the European
Commission. Her current assignments with the IAEA are mainly dealing with various PSA-related activities: developing IAEA technical publications and safety standards, conducting
PSA reviews, workshops, training courses, and research-type projects. She has been always very interested in PSA technology and published many papers on PSA-related subjects.
Participant: Mr. Donnie Harrison is currently the Senior Technical Advisor for Probabilistic Risk Assessment (PRA) in the Office of New Reactors. He has more than 30 years of
experience in nearly all aspects of PRA and associated applications for current and advanced nuclear power plant designs, high-level radioactive waste geologic repository designs,
chemical processing facilities, and other facilities. He is also currently the NRC representative on the ASME/ANS PRA Standards Maintenance Subcommittee.
30
April 26-30, 2015
Tuesday, April 28, 08:30, Boiler Room
SESSION 4-1: COMPUTER CODES
Session Chair: Mohamed Hibti, EdF R&D
Fuel Reliability Analysis Using BISON and RAVEN (12353)
C. Rabiti, J. Cogliati, G Pastore, R. J Gardner, A. Alfonsi
The investigation of operational limits for nuclear fuel is a challenging subject and at the same time important to ensure reliability and safety of the nuclear energy production.
The parametric and probabilistic analysis of failure is a very expensive process that might require thousands of simulations while exploring the input space by altering the input
parameters. This paper will demonstrate how RAVEN is a suitable tool to perform such analysis. While RAVEN is fully capable to perform the needed parametric analysis, it can also
use artificial intelligence to speed up the reliability/safety evaluation. In particular artificial intelligence algorithms are used to accelerate the search of the limit/reliability surfaces.
This paper will review the concept of limit surface and its numerical representation, and will explain how support vector machine type algorithms are used to speed up the
limit surface search. The limit surface location is then used to perform evaluation of the failure probability. This last step is examined in detail from the point of view of its numerical
implementation.
Multiple Models Support in Probabilistic Safety Assessment Program RiskA (13033)
Shanqi CHEN, Jin WANG, Jiawen XU, Fang Wang, Liqin HU
Chinese Academy of Sciences
Probabilistic safety assessment (PSA) programs have been widely used for the fault tree analyses. However, the fault tree model formats of different programs are generally different, which will introduce difficulties in the comparison and verification among these PSA programs. RiskA, a reliability and probabilistic safety assessment program developed by
FDS Team, can support multiple model formats of widely used PSA programs. Abundant benchmarks are tested and results are compared, which verified the accuracy and efficiency
of the model conversion.
Keywords: RiskA; Probabilistic Safety Assessment; Fault Tree; Model Format
Design and Implementation of Probabilistic Safety Analysis Program Based on C/S Architecture (13035)
Jiawen XU (1, 2), Jin WANG (1), Shanqi Chen (1, 2), Liqin HU (1, 2)
1) Chinese Academy of Sciences, 2) University of Science and Technology of China
Probability safety analysis (PSA) programs are necessary tools for the PSA analysis of large complicated systems. Architecture is the basis of product software systems, the
effectiveness and efficiency of the architecture design determined the quality and performance of the product software. Most existing PSA software is standalone. In this paper, the
design and implementation of the new Client/Server (C/S) architecture developed on the platform of PSA program RiskA will be introduced in detail. Combining with multilayer
software system structure design method and integrating with module exploring idea, the new architecture can enhance reliability, efficiency and expandability of PSA software
system.
31
April 26-30, 2015
SESSION 6-3: HUMAN FACTORS AND HRA III
Session Chair: Jeff Shackelford, DNFSB
Modeling Human Failure Event Dependencies in the Columbia PRA Update (12031)
Eric Jorgenson, Vicki Manning
Enercon Services Inc.
The modeling of human failure event dependencies addresses the dependence between multiple human failure events that occur in the same accident sequence or cutset. The failure to
perform one action correctly can affect operator performance for a subsequent action. As part of the Columbia Generating Station PRA update in 2013 and 2014, the human failure event
dependency evaluation was updated using the HRA Calculator version 5.1. Based on the update work, this paper enumerates several insights and recommended approaches for performing
an HFE dependency evaluation more efficiently and effectively.
Focusing the Scope of Human Error Dependency Analysis (12191)
Dave Blanchard (1), Steven Mongeau (2), Wes Brinsfield (1)
1) Applied Reliability Engineering, Inc., 2) Entergy
Considerable effort has been given to development of nuclear power plant PRA human error dependency analysis. It is not practical to evaluate the dependencies, derive conditional probabilities, review the resulting dependency analysis and apply dependency logic within the PRA for all combinations of human failure events. In this regard, it is useful to focus development,
review and implementation of human error dependency analyses on a limited set of combinations of actions that control the risk in the PRA.
This paper provides a description of a method for determining which of the many thousands of human error combinations that exist in a PRA control the results. The method is referred
to as DepHEP. The DepHEP methodology has been applied successfully to both BWR and PWR PRAs. Internal events, internal flooding and internal fires each have been subject to a DepHEP
analysis. In each case, the characteristics of the final controlling set of human error combinations have been similar. That is, only a small fraction of the total number of combinations control
the results, with virtually all combinations in the controlling set being second or third order combinations.
This paper discusses the DepHEP methodology and summarizes its implementation on a recent application to a PRA. In addition, a description of the automation that has been developed
to implement the methodology is provided.
Extreme Events: Causes and Prediction (12222)
Romney B. Duffey
DSM Associates Inc.
We address the question of what is the demonstrated attainable minimum risk and probability claimable for a major event or disaster in any modern technological system. Rare and extreme events may not have even been observed. Claims of outcomes occurring, say, once in hundred thousand years or less are not credible or demonstrable, and subject to massive unknown
and unverifiable uncertainties.
We examine recent major extreme events including: the meltdown and explosion of nuclear reactors in Japan; the explosion and oil leak from a large offshore oil rig in the Gulf of Mexico;
the crash into the Atlantic Ocean of a modern and automated jet passenger plane; the massive disruption of power due to a superstorm in the Northeastern USA; and the collapse of the
global commercial banking system in the great Financial Crisis. These failures include the biggest, most expensive and best technological systems that exist today. Although these rare and
extreme events happened in different physical systems, they actually all have the same underlying human contributory causes.
These events lead to changes in rules, licensing, regulations, regulatory authority, design requirements, and operating procedures. So we address the question of the prediction of the
chance of such extreme events “ever happening again.”
How to Explain Post-Core-Damage Operator Actions for Human Reliability Analysis (HRA): Insights from a Level 2 HRA/PRA
Application (12312)
Susan E. Cooper (1), John Wreathall (2), Stacey M. L. Hendrickson (3)
1) US Nuclear Regulatory Commission, 2) The WreathWood Group, 3) Sandia National Laboratories
The U.S. Nuclear Regulatory Commission (USNRC) is performing a site-wide, multi-hazard Level 3 PRA project that is fully supported by human reliability analysis (HRA). An earlier paper1
discussed steps that were taken in a “pre-analysis,” such as: 1) understanding the procedures used after core damage, 2) identifying potential differences between pre-core-melt and postcore-melt operator actions and decision-making, and 3) developing insights from real-world operational experience (e.g., the March 2011 Great East Japan Earthquake and its effects on the
Fukushima Nuclear Power Stations).
These pre-analysis steps are essential to HRA performed for any context that is substantially different from the at-power, internal events Level 1 PRA context. In particular, information collected during plant site visits (e.g., interviews of plant personnel regarding post-core damage response) was crucial in developing an HRA approach for post-core-damage (i.e., Level 2) PRA.
Based on plant visits, the authors can show how certain cognitive or behavioral models, such as Klein’s naturalistic decision-making models, can be used to explain post-core-damage
responses. Also, plant interviews and walkdowns of post-core damage field operator actions were found to be vitally important to both feasibility assessments (e.g., expansion of the fire
context definition in NUREG-1921 [Ref. 2]) and HRA quantification.
32
April 26-30, 2015
DISCUSSION GROUP SESSION: RISK COMMUNICATIONS
Discussion Leader: Laura Hermann, Potomac Communications Group
Ms. Teri Ehresman, INL, retired
Mr. Allen Moldenhauer, Dominion Resources
Dr. Chris Mattenberger, NASA, Ames Research Center
Mr. Marty Sattison, INL
33
April 26-30, 2015
SESSION 7-2: DATA AND PARAMETER ESTIMATION II
Session Chair: Deepak Rao, Entergy
PRA Parameter Estimation for NPPs in Japan (I) Parameter Estimation Overview (12153)
Kazunori Hashimoto (1), Atsushi Nishikimi (1), Shinya Kamata (1), Shota Soga (2), Tomoaki Yoshida (2), Yukihiro Kirimoto
(2), Masao Kasai (3)
1) Japan Nuclear Safety Institute, 2) Nuclear Risk Research Center, Japan, 3) Akita Prefectural University, Japan
PRA parameter estimation, especially safety-related component failure rate has been studied in Japan since 2009. Based on these experiences, new estimation methodology
was discussed and planned to be applied for future parameter estimation. This methodology includes selection of new hyper-prior distribution and prior information to be used in
hieratical Bayesian estimation. Also, improvement of convergence in Markov Chain Monte Carlo calculation is discussed. This report presents overview of those investigations.
PRA Parameter Estimation for NPPs in Japan (II) Parameter Estimation Methodology (12114)
Shota Soga (1), Tomoaki Yoshida (1), Yukihiro Kirimoto (1), Kazunori Hashimoto (2), Atsushi Nishikimi (2), Shinya Kamata
(2), Masao Kasai (3)
1) Central Research Institute of Electric Power Industry, Japan, 2) Japan Nuclear Safety Institute, 3) Akita Prefectural
University, Japan
This paper summarizes the enhancement of failure rate estimation methodology conducted by Japan Nuclear Safety Institute (JANSI). JANSI had developed the hierarchy Bayesian approach to estimate the generic and plant specific component failure rates at once. However, this approach had suffered from instability in estimating mean value of generic
failure rate due to outliers and required many samples for reliable inference. To enhance the quality of component failure rate estimations, new hyper-prior distributions, a normal
distribution for log-scale parameter and a Half-Cauchy distribution for shape parameter, were introduced. The performance of new hyper-prior distributions is compared with wellknown hyper-prior distributions in various aspects.
PRA Parameter Estimation for NPPs in Japan (III) Parameter Estimation Experience (12148)
Kei Oya (1), Takahiro Kuramoto (1), Chikahiro Satou (2), Kazunori Hashimoto (3), Atsushi Nishikimi (3), Shinya Kamata (3),
Masao Kasai (4)
1) Nuclear Engineering, Ltd, Japan, 2) TEPCO Systems Corporation, Japan, 3) Japan Nuclear Safety Institute, 4) Akita Prefectural
University, Japan
These series papers summarize the validation of component failure rate estimation methodology conducted by Japan Nuclear Safety Institute (JANSI). To enhance the quality
of the component failure rate, in the series paper (II) as discussed we developed the method of estimation of component failure rate with new hyper prior distribution, normal
distribution for a logarithmic scale parameter (μ) and the half-Cauchy distribution for shape parameter (σ). In this paper, we confirmed the quality of the new estimation method of
component failure rate. To estimate the Japanese component failure rate, we selected US component failure modes as the prior information and set the prior distribution on the basis
of the new estimation method. In addition, we estimated the posterior distribution by implementing Markov chain Monte Carlo calculation with the prior distribution and operating
performance. As a result, we could obtain the converged posterior distributions for all of Japanese component failure rates.
34
April 26-30, 2015
SESSION 11-2: SEVERE WIND PSA II
Session Chair: James Lin, ABS Consulting
High Wind PRA Plant Walkdown Insights and Recommendations (12242)
J. C. Sciaudone, L. A. Twisdale, S. S. Banik, and D. R. Mizzen
Applied Research Associates, Inc.
Walkdowns provide essential information to support the development of wind pressure and missile fragilities for High Wind Probabilistic Risk Assessments (HW PRA). The goals
of these walkdowns are to identify potential wind related failure modes of the Structures, Systems, and Components (SSCs), collect information on SSC characteristics and condition,
identify structural interactions, and develop inventory data of potential wind-borne missiles.
ARA has conducted numerous high wind and missile walkdowns of nuclear plants in the US and Canada. The walkdowns have been conducted to meet the requirements of
ASME/ANS RA-Sa-20091 and ASME/ANS-RA-Sb-20132, as appropriate. New walkdown considerations have been developed from recent HW PRA experience. The resulting
insights, lessons learned, and recommendations for performing HW PRA SSC walkdowns and inventories of potential wind-borne missiles are discussed in this paper.
Experience with Implementing Part 7 of the ASME PRA Standard (High Wind): Canadian Perspective (12254)
S. Kaasalainen (1), L. Twisdale (2), W. Al-Sarraj (1), J. Sciaudone (2), P. Vickery (2), D. Mizzen (2), S. Banik (2)
1) AMEC NSS Ltd, 2) Applied Research Associates, Inc.
Canadian Regulatory Standard S-294 “Probabilistic Safety Assessments (PSA) for Nuclear Power Plants” has forced the Canadian nuclear utilities to rigorously assess external
hazards using probabilistic approaches. In support of this standard, AMEC NSS and ARA have worked together over the past three years to complete High Wind Probabilistic Risk Assessments (PRAs) for all five of Ontario’s multi-unit CANDU nuclear generating stations (Pickering A, Pickering B, Bruce A, Bruce B and Darlington). This work followed the guidance
provided in Part 7 of ASME/ANS RA-S-2009 “Standard for Level1/Large Early Release Frequency Probabilistic Risk Assessment for Nuclear Power Plant Applications”.
To execute these projects within reasonable timelines, a phased approach was applied. Phase 1 utilized simplified approaches and techniques to assess and identify the most
important aspects of high wind risk for a particular plant, and Phase 2 utilized enhanced techniques to evaluate these important aspects in greater detail.
The enhancements can generally be categorized as follows: First, civil/structural modelling issues; And second, PRA modelling issues. The civil/structural enhancements include
items such as detailed fragility analysis of the buildings housing credited equipment, and consideration of the physical layout of equipment within the buildings. PRA modelling
issues include items such as the number of wind speed intervals, wind duration and the impact on operator action credits, modelling of the correlation of wind and rain, credit for
FLEX/EME and the number of high wind targets.
This paper looks at the assumptions and methods followed in the Phase 1 “Simple Approach” as applicable to the PRA items identified above and compares them with the Phase
2 “Enhanced Approaches” along with insights with regard to the impact the enhanced approaches may have on high wind risk based on experience with the Canadian nuclear
power plants assessed to date.
Advances in Wind Hazard and Fragility Methodologies for HW PRAs (12290)
Lawrence A. Twisdale, Jr., P.J. Vickery, J. C. Sciaudone, S. S. Banik, and D.R. Mizzen
Applied Research Associates, Inc.
Wind design standards and high wind (HW) modeling methods have advanced notably since Hurricane Andrew in 1993. Improved building codes, wind borne debris standards,
wind tunnel tests/data, and modeling for catastrophic loss have advanced our understanding of wind hazards and wind effects on structures. These advances provide a basis for
improved methodologies in HW Probabilistic Risk Assessments (PRAs). This paper discusses wind hazard and fragility methods developed and applied in HW PRAs over the past
several years.
35
April 26-30, 2015
SESSION 8-1: DIGITAL I&C SAFETY AND RISK ANALYSIS I
Session Chair: Tsong Lun Chu, BNL
Oconee Digital Protection System PSA Model (11781)
Jeremy S. Allen (1), Robert S. Enzinna (2)
1) Duke Energy, 2) AREVA NP Inc.
AREVA and Duke Energy have successfully created a probabilistic safety analysis (PSA) model of the digital reactor protection system (RPS) and engineered safety features actuation system (ESFAS) upgrade for the Oconee nuclear power station. The Oconee RPS/ESFAS upgrade, built on AREVA’s TELEPERM® XS digital I&C platform, is the first full-scale digital
RPS/ESFAS replacement in the US nuclear industry. The PSA analysis performed for that project was also a first-of-a-kind for a U.S. PSA. The Oconee PSA has the distinction of being
the only operating plant in the U.S. commercial nuclear fleet to have a PSA model of a fully-digital protection system. The Oconee RPS/ESFAS reliability model is detailed and fullyfeatured including hardware and software common cause failure. The model has been fully integrated into the Oconee plant PSA model, has received RG 1.200 peer review, and is
currently supporting plant operations. This paper discusses the PSA methodology that is used to model the Oconee digital I&C system.
Coupling Model Checking and PRA for Safety Analysis of Digital I&C Systems (11961)
Kim Bjorkman (1), Jussi Lahtinen (1), Tero Tyrväinen (1), Jan-Erik Holmberg (2)
1) VTT, Technical Research Centre of Finland, 2) Risk Pilot AB
Digital instrumentation and control (I&C) systems play an important role in the operation of nuclear power plants (NPP). Due to many unique features of digital systems the
safety and reliability analysis of such systems can be challenging. There are several methods used for analyzing the safety and reliability of digital systems in NPP with their strengths
and weaknesses. In this paper, the focus is on model checking and fault tree analysis (FTA) in the context of probabilistic risk assessment (PRA). Model checking is a computeraided verification method developed to formally verify the correct functioning of a system design model by examining all of its possible behaviors. Fault tree analysis is a top down
approach used for failure analysis. In this paper the two approaches are presented and compared in the modelling of an example system and their benefits and limitations are
discussed. The example system used with both approaches is a fictive boiling water reactor. Additionally, ways to couple these methods to enable more extensive or practical safety
analysis of digital systems are proposed.
NRC Research on Digital System Modeling for Use in PRA (12092)
Ming Li, Kevin Coyne
US Nuclear Regulatory Commission
This paper describes status of the digital I&C PRA research program being implemented at the NRC’s Office of Nuclear Regulatory Research. In particular, the paper describes the
objectives of the research program, philosophies behind research directions, and major findings. Some future research is recommended in order to advance the state of the art of
digital I&C PRA.
Nordic Experience and Experiments of Modelling Digital I&C Systems in PSA (12110)
Jan-Erik Holmberg (1), Stefan Authén (1), Ola Bäckström (2), Tero Tyrväinen (3), Lisa Zamani (1)
1) Risk Pilot AB, Finland, 2) Lloyd Register Consulting, Sweden, 3) VTT, Finland
This paper describes results from the Nordic research project DIGREL on modelling digital I&C systems in probabilistic safety assessment (PSA). The goal has been to develop
guidelines for analysing and modelling digital I&C systems. The failure modes taxonomy has been developed jointly with OECD/NEA Working Group on Risk Assessment. In addition,
the modelling issue has been studied by developing a fictive, simplified PSA model representing a four-redundant distributed protection system. The evaluation of the example
PSA has demonstrated the developed taxonomy and verified that it is suitable for PSA purpose. The evaluation shows that the choice of the level of abstraction for the modelling of
digital I&C is of high importance for the results. Module level is recommended. Both undetected and detected hardware as well as software failures contribute significantly to the
PSA results, indifferently of the assumed fault tolerant design. Similar conclusion can be drawn from the test of using different CCF parameters for undetected and detected failures.
Software faults have a non-negligible effect on the results due to their functional impact on all divisions — one or more safety functions can be lost. In order to develop a realistic
fault tree model for a digital I&C protection system it is vital that the chosen fault tolerant design is fully understood and correctly described in the model. The treatment of faulty
inputs and degraded voting logic sets the foundation of the fault tree analysis.
36
April 26-30, 2015
SESSION 21-1: NON-NUCLEAR PSA
Session Chair: Pamela Nelson, UNAM
Probability of Loss of Crew Achievability Studies for NASA’s Exploration Systems Development (12134)
Roger L. Boyer (1), Mark Bigler (1), and James H. Rogers (2)
1) NASA Johnson Space Center, Houston, TX, 2) NASA Marshall Space Flight Center, Huntsville, AL
Over the last few years, NASA has been evaluating various vehicle designs for multiple proposed design reference missions (DRM) beyond low Earth orbit in support of its
Exploration Systems Development (ESD) programs. This paper addresses several of the proposed missions and the analysis techniques used to assess the key risk metric, probability
of loss of crew (LOC). Probability of LOC is a metric used to assess the safety risk as well as a design requirement. These risk assessments typically cover the concept phase of a DRM,
i.e. when little more than a general idea of the mission is known and are used to help establish “best estimates” for proposed program and agency level risk requirements. These
assessments or studies were categorized as LOC achievability studies to help inform NASA management as to what “ball park” estimates of probability of LOC could be achieved for
each DRM and were eventually used to establish the corresponding LOC requirements. Given that details of the vehicles and mission are not well known at this time, the ground
rules, assumptions, and consistency across the programs become the important basis of the assessments as well as for the decision makers to understand.
Dynamic Modeling of Ascent Abort Scenarios for Crewed Launches (13028)
Mark Bigler, Roger L. Boyer
NASA, Johnson Space Center
For the last 30 years, the United States’ human space program has been focused on low Earth orbit exploration and operations with the Space Shuttle and International Space
Station programs. After over 40 years, the U.S. is again working to return humans beyond Earth orbit. To do so, the National Space and Aeronautics Administration (NASA) is
developing a new launch vehicle and spacecraft to provide this capability. The launch vehicle is referred to as the Space Launch System (SLS) and the spacecraft is called Orion. The
new launch system is being developed with an abort system that will enable the crew to escape launch failures that would otherwise be catastrophic as well as probabilistic design
requirements set for probability of loss of crew (LOC) and loss of mission (LOM). In order to optimize the risk associated with designing this new launch system, as well as verifying
the associated requirements, NASA has developed a comprehensive Probabilistic Risk Assessment (PRA) of the integrated ascent phase of the mission that includes the launch
vehicle, spacecraft and ground launch facilities.
Given the dynamic nature of rocket launches and the potential for things to go wrong, developing a PRA to assess the risk can be a very challenging effort. Prior to launch and after the crew has boarded the spacecraft, the risk exposure time can be on the order of three hours. During this time, events may initiate from either the spacecraft, the launch vehicle,
or the ground systems, thus requiring an emergency egress from the spacecraft to a safe ground location or a pad abort via the spacecraft’s launch abort system. Following launch,
again either the spacecraft or the launch vehicle can initiate the need for the crew to abort the mission and return safely back to the Earth’s surface. There are thousands of scenarios
whose outcome depends on when the abort is initiated during ascent and how the abort is performed. This includes modeling the risk associated with explosions and benign
system failures that require aborting a spacecraft under very dynamic conditions, particularly in the lower atmosphere, and safely returning the crew back to the Earth’s surface. This
paper provides an overview of the PRA model that has been developed of this new launch system, including some of the challenges that are associated with this effort.
Key Words: PRA, space launches, human space program, ascent abort, spacecraft, launch vehicles
37
April 26-30, 2015
SESSION 20-2: SEISMIC II
Session Chair: Justin Coleman, INL
Seismic Margins Assessment Systems Analysis Insights for Seismic PRA (11967)
Richard Anoba
Jensen Hughes
Probabilistic Risk Assessments (PRAs) are increasingly being used as a tool for addressing seismic hazards at nuclear power plants. The selection of structures, systems, and
components (SSCs) for Seismic Probabilistic Risk Assessment (SPRA) is a critical element for determining the scope and the resources required to perform the analysis.
A Seismic Margins Assessment (SMA) is another approach that can be used to address seismic hazards. The seismic margin methodology is designed to demonstrate sufficient
margin over the safe shutdown earthquake (SSE) to ensure plant safety and to find any “weak links” that might limit the plant’s capability to safely withstand a seismic event larger
than the SSE. The selection of equipment for a SMA can be based on a set of shutdown equipment required to safely shut down the plant during a seismic event.
The SMA methods used to select and screen SSCs for a SMA, are directly applicable to the development of a SPRA. Some of the insights derived from recent SMAs can be used to
guide the development of future SPRAs. For example, the “rule-of-the-box” (ROB) principle is often used to group subcomponents with a primary component or a panel. A control
room panel containing 50 subcomponents would not usually have to be seismically evaluated individually. Based on the ROB principles, with the exception of essential relays, only
the panel is seismically evaluated. However, in locations of high seismicity, the panel may not screen, and the subcomponents may have to be seismically evaluated. This, of course,
results in an increase is scope of the SSC selection process and the SMA walkdowns.
The purpose of this paper is to summarize current SMA SSC selection insights and to review the applicability of these insights to the development of the system models for a SPRA.
Seismic PRA Insights and Lessons Learned (12324)
Andrea Maioli (1), Josh Beckton (1), Erica Carson (1), Rachel Solano (1), Clarence Worrell (1), Martin McCann (2), T.K. Ram (3)
1) Westinghouse Electric Company, LLC, 2) Jack Benjamin & Associates, 3) Stevenson & Associates
Westinghouse Electric Company is currently developing at-power Seismic Probabilistic Risk Assessments (SPRAs) for several operating nuclear power plants, as well as the
AP1000® plants currently under construction at the Virgil C. Summer and Alvin W. Vogtle sites. These models are in support of risk-informed applications as well as in response to
the U.S. Nuclear Regulatory Commission Post-Fukushima Near Term Task Force Recommendation 2.1 on seismic hazard. This paper discusses technical challenges, lessons learned,
and insights gained across a variety of SPRA tasks, including SPRA model development, quantification, and SPRA development for a pre-operational AP1000 plant.
Model development starts with identification of the Seismic Equipment List (SEL). While general SEL guidance is available, this paper provides some focused insights on
identifying potential seismically risk significant failures not already included in the Internal Events PRA or previous seismic margins studies. The paper also addresses SPRA modeling
approaches for the treatment of Non-Seismic Class I components and structures, as well as the management of high seismic capacity equipment via system level surrogates. Finally,
some modeling insights will be discussed related to extended mission times for high magnitude earthquake sequences where recovery of offsite power within 24 hours is unlikely.
SPRA model quantification can be performed with either a discrete or integral approach. The discrete approach divides the seismic hazard into typically 10-15 bins, covering the
full range of ground motion expected to be risk significant. The model is quantified for each bin, with the representative mean ground motion value and corresponding component
fragility values for each bin. Post-processing of the resulting cutsets develops the uncertainty interval over the entire seismic hazard via Monte-Carlo sampling of the ground motion
and fragility probability density functions for each bin. In the integral approach, instead of discretizing the hazard, the SPRA logic model is quantified once to generate the seismic
cutsets, relatively independent of ground motion and fragility values. Then, the seismic hazard and fragility distributions are convolved with the cutsets via post-processing software.
This paper will discuss both approaches, as well as lessons learned applying both approaches to current SPRA model development projects.
Finally, this paper discusses several challenges and insights encountered while performing SPRA for pre-operational plants, such as the AP1000 plant. For example, the partially
complete equipment and structure installation limits the ability to include walkdown insights into the fragility development and assessment of ex-control room operator actions.
However, performing the SPRA on a partially complete plant provides significant opportunity to inform the plant design with risk insights, ultimately improving its safety.
Evolution of the Seismic Portion of the PRA Standard (12325, Presentation Only)
Andrea Maioli (1), Stephen Eder (2), Boback Torkian (3), Raymond Fine (4), M.K. Ravindra (5)
1) Westinghouse Electric Company, LLC, 2) Facility Risk Consultants, Inc., 3) Enercon, 4) FirstEnergy, 5) MK Ravindra Consulting
The upcoming wave of Seismic Probabilistic Risk Assessments (S-PRA) that are being developed in response to the requirements set forward by the Nuclear Regulatory Commission (NRC) in response to the Post Fukushima Near Term Task Force (NTTF) Recommendation 2.1 on seismic hazard re-evaluation will represent the first large scale test of the
feasibility of Part 5 of the ANS/ASME PRA standard.
Drawing from the experience of the seismic risk evaluations performed during the 90s for the Individual Plant evaluation for External Events (IPEEE), which resulted in approximately one third of the U.S. fleet performing S-PRAs, the seismic portion of the PRA standard was initially released as part of the ANS External Events PRA standard, and later
38
April 26-30, 2015
included in the joint ASME/ANS PRA standard. The recently released Addendum B of the PRA standard (ANS/ASME RA-Sb-2013) implemented a series of insights from the Surry
S-PRA pilot, which nevertheless only resulted in relatively minor modifications to Part 5. The next edition of the PRA standard will see the seismic portion reflect more radical modifications resulting from both the resolution of cross cutting consistency issues, which are only partially discussed in this paper and only in the context of their relevance to seismic,
but also from more extensive lessons learned from a larger pool of S-PRA development.
The more seismic specific modifications discussed in this paper are expected in Part 5 of the standard to reflect lessons learned from SPRAs that have been recently completed.
Insights from at least six peer reviews started to identify trends, such as requirements that are outdated by the evolution in the tools and techniques in S-PRA. Members from the
Writing Group for Part 5, tasked with the update of the seismic requirements of the Standard in preparation for the next Edition, are intimately involved in both the development
phase of the new wave of S-PRAs as well as in their peer reviews.
39
April 26-30, 2015
SESSION 30-2: RISK-INFORMED REGULATION II
Session Chair: Tom Morgan, Maracor
Risk-Informed Prioritization of Nuclear Power Plant Issues and Activities (11932)
D.A. Dube (1), J.R. Chapman (2), K.R Austgen (3), J.C. Butler (3)
1) ERIN Engineering and Research, Inc., 2) Scientech Curtiss Wright Flow Control, 3) Nuclear Energy Institute
This paper describes industry’s approach for characterizing, prioritizing, and scheduling regulatory and plant-initiated actions consistent with safety significance in response to
the U.S. Nuclear Regulatory Commission’s policy paper SECY-12-0137 and related directives. Generic and plant-specific prioritization and plant-specific scheduling are two elements
of the approach for improving the process for managing emerging regulatory issues and addressing industry and regulatory concerns on the cumulative impact of additional regulatory requirements. While nuclear safety impact/importance is the predominant factor in the assignment of scheduling priority, an overall characterization is performed that takes
into account additional factors such as emergency planning, security, equipment reliability, and radiological protection. A set of qualitative screening questions is used to support
the initial steps of the approach. PRA models also can be applied to inform the process. Full-scale pilots at six nuclear power plant sites were completed during the summer of 2014
to exercise the methodology for a total of 105 issues comprising 59 plant improvement activities and 46 activities driven by a regulatory requirement or plant commitment.
A New Regulatory (?) Direction for Level 3 PRAs: NRC Pilot and Beyond (11970)
Stanley H. Levinson
AREVA Inc.
The author anticipates that in the near future the Nuclear Regulatory Commission will transition from the current surrogate risk metrics of core damage frequency and large
early release frequency to a true risk metric that considers both likelihood and consequence; to estimate a true risk metric, a licensee will need to develop and maintain a Level 3
probabilistic risk assessment (PRA). This paper provides the rationale for the anticipated risk metric change based on the increasing scope of PRA and actions by the NRC heralding a
paradigm shift to a more risk-informed regulatory framework. This paper provides some simple steps for the industry to prepare for this paradigm shift.
Subsequent License Renewal and PRA (12071)
Gary W. Hayner, Jr., Garrett W. Snedeker
ERIN Engineering and Research, Inc.
In 1995 the US Nuclear Regulatory Commission (NRC) and the nuclear industry established regulations and guidance for renewing nuclear plant operating licenses for 20 years
beyond the initial 40 year license. Approximately 75 percent of the operating US nuclear fleet has received license renewal approval for an additional 20 years (total of 60 years). The
license renewal process consists of a licensee-submitted application, and subsequent NRC review and approval. A primary purpose of the regulations is to ensure that the effects of
aging on the plant is managed appropriately to ensure safe operation during the period of extended operation. As such, new aging management programs or supplements to existing aging management programs are instituted which focus on age-related issues such as corrosion degradation, stress corrosion cracking, Reactor Pressure Vessel (RPV) embrittlement, buried components, and concrete degradation. Time-limited aging analyses and environmental assessments are also performed. The role of Probabilistic Risk Assessment
(PRA) in license renewal is currently focused on supporting the Severe Accident Mitigation Alternatives (SAMA) analysis with contemporary Level 2 and Level 3 PRA analyses.
On the horizon is the potential for additional license extensions from 60 to 80 years. This is termed Subsequent License Renewal. As one of the methods to enhance the plant for
operation beyond 60 years, a PRA (all modes/all hazards) offers a valuable tool to bring a risk perspective along with its attendant insights to hear on the process.
This paper will investigate the potential benefits and role of PRA in the subsequent license renewal process by assessing the role of PRA in the current license renewal process and
the latest regulatory and industry positions on the subsequent license renewal framework. The paper will discuss several examples of areas that can be advanced as benefits in the
subsequent license renewal process where an objective criteria related to quantitative risk can be developed.
40
April 26-30, 2015
SESSION 9-2: DYNAMIC PSA II
Session Chair: Curtis Smith, INL
Symbiosis of Static and Dynamic Probabilistic Approaches to Support the Design Process and Evaluate the Safety of SFR
Reactors (12156)
F. Curnier (1), M. Marquès (1), R. Kumar (2), Z. Bama (3), V. Rychkov (4)
1) CEA, France, 2) Royal Institute of Technology (KTH), Sweden, 3) AREVA-NP, 4) EDF R&D
ASTRID, the Advanced Sodium Technological Reactor for Industrial Demonstration, is a GEN IV technological demonstrator to be commissioned near the end of the 2020 decade. The aim is
to demonstrate the progress made in the field of Sodium Fast Reactor technology on an industrial scale, by qualifying innovative options, especially those pertaining to safety and operability.
An original combined methodology for probabilistic safety assessment (PSA) is being developed by the CEA and its partners, AREVA NP and EDF at the conceptual design stage of ASTRID.
It consists at first, of a static level 1 PSA based on the conventional fault trees (FT)/event trees (ET) approach, taking into account a time period of a week without repair of component
malfunctions. Its goal is to provide probabilistic insights in the assessment of design choices and to suppress the weaknesses of the design in terms of safety considerations. A reference
configuration of the safety systems is evaluated in order to identify dominant accident sequences. Sensitivity studies are then performed on various design alternatives to define the optimal
safety systems configurations that will minimize core damage frequency. It takes into account recent design evolutions for decay heat removal (DHR) systems and support systems, and reevaluates the preliminary results from ASTRID PSA modeling.
The conventional FT/ET approach initially developed for PWRs (Wash 1400) appears to be unsuitable for Sodium Fast Reactors (SFR) PSA because:
•
This approach is binary and static,
•
The probabilistic study for SFR cannot be limited to short periods of time - when repair is not possible - because several months are necessary for the thermal leakage to be
equivalent to decay heat,
•
SFR technology cannot rely simply on DHR complementary systems,
•
The modeling by FT/ET is not designed for long periods of time,
•
Repair, on along and middle term basis, of failed components is not considered.
Therefore, dynamic PSA approaches have been investigated to extend the conventional PSA to longer periods of time by taking into account the specific characteristics of a sodium reactor
such as its great thermal inertia - which allows the operator to make interventions - and the fact that sodium circuits present risks of irreversible and temperature-sensitive failures. What
these approaches have in common is the possibility of taking into account the repair of failed components. Simplified thermal-hydraulic calculations were performed to characterize the reactor at any given moment in the accident scenario. The benefits of dynamic approaches on short periods of time will be quantitatively evaluated in 2015.
Modeling of a Flooding Induced Station Blackout for a Pressurized Water Reactor Using the RISMC Toolkit (12280)
D. Mandelli, S. Prescott, C. Smith, A. Alfonsi, C. Rabiti, J. Cogliati, R. Kinoshita
In the Risk-Informed Safety Margin Characterization (RISMC) approach we want to understand not just the frequency of an event like core damage, but how close we are (or are not)
to key safety-related events and how might we increase our safety margins. The RISMC Pathway uses the probabilistic margin approach to quantify impacts to reliability and safety by
coupling both probabilistic (via stochastic simulation) and mechanistic (via physics models) approaches. This coupling takes place through the interchange of physical parameters and
operational or accident scenarios. In this paper we apply the RISMC approach to evaluate the impact of a power uprate on a pressurized water reactor (PWR) for a tsunami-induced flooding test case. This analysis is performed using the RISMC toolkit: RELAP-7 and RAVEN codes. RELAP-7 is the new generation of system analysis codes that is responsible for simulating
the thermal-hydraulic dynamics of PWR and boiling water reactor systems. RAVEN has two capabilities: to act as a controller of the RELAP-7 simulation (e.g., system activation) and to
perform statistical analyses (e.g., run multiple RELAP-7 simulations where sequencing/timing of events have been changed according to a set of stochastic distributions). By using the
RISMC toolkit, we can evaluate how power uprate affects the system recovery measures needed to avoid core damage after the PWR lost all available AC power by a tsunami induced
flooding. The simulation of the actual flooding is performed by using a smooth particle hydrodynamics code called NEUTRINO.
An Integrated Physics-Based Risk Model for Assessing the Asteroid Threat (12351)
Samira Motiwala, Donovan Mathias, and Christopher Mattenberger
NASA Ames Research Center
Although most asteroids and other near-Earth objects (NEOs) do not pose a threat to Earth’s inhabitants, impacts from objects that are just tens of meters in diameter can cause significant
damage if they occur over a populated area. This paper forms the foundation of an effort at NASA Ames Research Center to quantify these risks and identify the greatest risk-driving parameters and uncertainties. An integrated risk model that couples dynamic probabilistic simulations of strike occurrences with physics-based models of NEO impact damage factors has been
developed to generate casualty estimates for a range of NEO impact properties.
Currently, the model focuses on the risk due to blast overpressure damage from airbursts and impacts on land. The model is first used to reproduce results from established sources, and
then is extended to perform sensitivity studies that yield greater insights into risk-driving parameters. Results show that meteor strength and entry angle play a role for small to mid-size
NEOs, and that accounting for the specific target location significantly affects casualty estimates and dominates the risk. Future work will continue to refine and expand the models to better
characterize key impact risk factors, include additional types of threats such as tsunamis and climate effects, and ultimately support assessments of potential asteroid mitigation strategies.
41
April 26-30, 2015
DISCUSSION GROUP SESSION: SEVERE WIND
Discussion Leader: Lawrence A. Twisdale, Jr., Applied Research Associates, Inc.
Nick Lovelace, Jensen Hughes
Steve Hess, EPRI
Steve Kaasalainen, Amec Foster Wheeler
Ray Schneider, Westinghouse
Art Mironenko, Duke Energy
This session will discuss the current state of the practice and issues of concern associated with performing
a high wind PSA.
42
April 26-30, 2015
SESSION 24-1: PASSIVE SYSTEM SAFETY AND RELIABILITY
Session Chair: Ricky Summitt, RSC Engineers
Reliability Analysis of Passive Systems with Multiple Competing Failure Modes Involving Performance Degradation
(11483)
Luciano Burgazzi
ENEA, Italian National Agency for New Technologies, Energy and Sustainable Economic Development
This paper offers an extension of reliability analysis of passive systems with various competing failure modes involving performance degradation.
The failure probability on a specific mode is derived. Using this probability, the dominant failure mode on the system can be predicted. A practical example is presented to analyze a passive system with two kinds of major failure modes – natural circulation stoppage due to e.g., isolation valve closure (a catastrophic failure) and heat transfer process degradation due to e.g.,
deposit thickness on component surfaces (a degradation failure). Reliability modeling of an individual failure mode and system reliability analysis are presented and results are discussed.
Results of a Demonstration Assessment of Passive System Reliability Utilizing the Reliability Method for Passive Systems
(RMPS) (12068)
Matthew Bucknor, David Grabaskas, Acacia Brunett and Austin Grelle
Argonne National Laboratory
Advanced small modular reactor designs have many benefits over the existing reactor fleet, including the use of passively driven safety systems that are arguably more reliable and cost effective relative to conventional active systems. Despite their attractiveness, a reliability assessment of passive systems can be difficult using conventional reliability methods due to the nature
of passive systems. Simple deviations in boundary conditions can induce functional failures in a passive system, and intermediate or unexpected operating modes can also occur. As part of
an ongoing project, Argonne National Laboratory is investigating various methodologies to address passive system reliability. The Reliability Method for Passive Systems (RMPS), a systematic
approach for examining reliability, is one technique chosen for this analysis. This methodology is combined with the Risk-Informed Safety Margin Characterization (RISMC) approach to assess
the reliability of a passive system and the impact of its associated uncertainties. For this demonstration problem, an integrated plant model of an advanced small modular pool-type sodium
fast reactor with a passive reactor cavity cooling system is subjected to a station blackout using RELAP5-3D. This paper discusses important aspects of the reliability assessment, including
deployment of the methodology, the uncertainty identification and quantification process, and identification of key risk metrics.
A Demonstration of Dynamic Methods for Addressing Passive Safety System Reliability (12072)
Acacia Brunett, David Grabaskas, Matthew Bucknor, and Austin Grelle
Argonne National Laboratory
Passive safety systems have become a prevalent feature of advanced reactor designs due to their simplicity and limited need for operator intervention. Lack of moving components required for successful actuation and the ability to fail functionally rather than physically, however, hinders the application of a traditional safety analysis. As part of an ongoing project, Argonne
National Laboratory is investigating various methodologies for addressing passive system reliability; simulation-based methods, which use deterministic system models to define accident
progression, are one of the approaches chosen for this task. This paper describes the simulation-based methodology implemented by Argonne; the methodology demonstration also includes
the identification and characterization of uncertainties affecting both passive and active systems. A pool-type sodium fast reactor with a reactor cavity cooling system (RCCS) was chosen as
the system model for this analysis. The reactor is subjected to a station blackout with the possibility of early to late power recovery. Results for overall system reliability are presented, and the
capabilities and limitations of the methodology are discussed.
Analyzing Non-Piping Location-Specific LOCA Frequency for Risk-Informed Resolution of Generic Safety Issue 191 (12208)
Nicholas O’Shea (1), Zahra Mohaghegh (1), Seyed A. Reihani (1), Ernie Kee (1,2), Karl Fleming (3), and Bengt Lydell (4)
1) University of Illinois at Urbana-Champaign, 2) YK.risk, LLC, 3) KNF Consulting Services, LLC, 4) SIGMA-PHASE, INC.
The NRC performed an expert elicitation study, NUREG-1829, to develop generic loss-of-coolant accident (LOCA) frequencies. In support of the Risk-Informed Resolution of Generic Safety
Issue 191 (GSI-191), Fleming and Lydell (2011) developed location-specific LOCA frequencies, utilizing NUREG-1829 and service data. Their study considered the inclusion of spatial variation
in LOCA frequency estimations; however, this was limited to piping and welded reactor coolant system (RCS) components. This paper presents the status of on-going research which investigates the contribution of non-piping RCS components to a location-specific LOCA, and follows these steps: Step (1) Searching for evidence: an extensive review of academic, industry, and
regulatory publications is performed and, based on the following, the results are reported: (a) LOCA relevancy, i.e., the potential for the failure of each component to result in a LOCA and (b)
Debris generation relevancy, i.e., the potential for the failure of a component to result in the generation of debris. Step (2) Screening by experts: the results of Step 1 are evaluated by experts
from academia and industry to investigate the significance of the non-piping components to GSI-191.
This paper reports on the initial stage of an academia-industry collaboration to advance data analytics for location-specific LOCA frequency estimations.
43
April 26-30, 2015
SESSION 16-1: OPEN PSA
Session Chair: Dominique Vasseur, EdF
The Andromeda Shell and Scripting Interface to Efficiently Treat PSA Models (12023)
Friedlhuber Thomas (1), Mohamed Hibti (2), Antoine Rauzy (3)
1) EdgeMind S.A.S, France, 2) EDF R&D, France, 3) Ecole Polytechnique, France
Working with large full scope PSA models may require appropriate tools to browse the models, to allow their modication, documentation and to perform export/import and merge
procedures that cover the needs of version management and validation processes of large PSA models or parts of them.
In this paper we introduce a shell based language that provides appropriate shell commands to handle PSA models and allow scripting over PSA-Modules for systematic procedures
and batch operations. This approach is based on an XML format between Scandpower RS-PSA format and the Open PSA Model Exchange Format.
The introduction of a shell based language reveals new efficient opportunities of automating any kind of procedures when working with PSA models. Scripts can be developed in a
generic way, what allows them to remain compact, readable and expressive at the same time. Their execution is reproducible, debug-able, testable and most important, efficient.
Scripts can be considered for updating procedures (for instance for updating system fault trees when generated automatically via artificial intelligence tools), or for comparing and
merging versions of a PSA models with divergent paths, for establishing the events cartography (to highlight dependencies over specific patterns), for revision and review procedures to
allow easy and systematic and incremental search and validate procedures to ensure a better view of the nested structures within a PSA model and for easy documenting edition.
A Method to Compare PSA Models in a Modular PSA (12103)
Friedlhuber Thomas (1), Mohamed Hibti (2), Antoine Rauzy (3)
1) EdgeMind S.A.S, France, 2) EDF R&D, France, 3) Ecole Polytechnique, France
Most Probabilistic Safety Assessment (PSA) models are typically based on the fault tree and event tree approach. Since decades, these PSA models serve as important tool for safety
demonstration and as support for regulatory issues. In some industries, for example in nuclear power plants, PSA models increased in size and complexity over the recent years as a
consequence of the scope extension to external hazards, new applications and new requirements (due post-Fukushima insights and recommendations).
Therefore, for the purpose of quality assurance, it is worth to have a precise log of any model evolutions to guaranty compliance with standards and to ensure that models reflect
the reality of plants. However, in the database architecture of currently used PSA tools, only meta data information can be obtained concerning model modifications. Analysts (users),
developers and reviewers may need to have deep insights on different model transitions (set of modifications), and then go through details in order to verify and justify (for example to
safety authorities) the set of modifications applied to a PSA model. Currently, those activities are performed manually and can be time-consuming and error-prone since PSA models
may contain dozens of thousands of model objects.
In this article, a method is presented to automatically compare PSA models. The method provides important feedback to model engineers for example to verify model modifications
applied since an ancient model state, for checking or diagnosis purposes (for instance to understand the impact and importance of individual model modifications). Further, the result
(the differences) can be used to automatically generate modification reports to trace and justify model modifications. Finally, it can serve as preliminary step for the purpose of model
fusion (the \combination” of models) which is an ultimate step to concurrent modeling. The comparison method has been implemented in Andromeda, a research software developed
at EDF R&D to develop and test new modeling approaches in a so-called \modular PSA”. A modular PSA treats models by smaller pieces (the \modules”) what constitutes a crucial
paradigm for the comparison method of this article.
Use of PSA Model XML Standard Formats for V&V (12108)
Enrique Mel´endez Asensio, Roberto Herrero Santos
Consejo de Seguridad Nuclear, Spain
The Spanish Nuclear regulatory body (CSN) has implemented a regulatory system inspired by the USNRC Reactor Oversight Process (ROP). As such, the system makes use of PSA results
and insights in several tasks. Inspection results are assessed by PSA quantification, determining the consequences of licensee performance deficiencies by mapping onto a PSA model any
failures to comply with rules and regulations. A requantification of the model yields the impact of the performance deficiency in the plant risk. The outcome is used to take decisions on
further regulatory actions. In addition, whenever applicable, inspection scope is driven by PSA importance, be it the baseline inspections or special inspections, reactive to events.
This regulatory framework requires PSA information to be disseminated throughout the organization, even among non PSA experts. A web based information system has been brought
up that presents PSA hypotheses, methods and results in a consistent manner for all Spanish plants. Inspectors have ready access to this information tool within CSN’s internal website.
The information in the web based system stems from the licensees’ PSA models. Since the Spanish NPPs use several PSA codes, a common interface to feed the web base information
system is required. The OpenPSA initiative (http: //www.open-psa.org/) proposed an XML standard format for PSA model exchange, dubbed OPSA-MEF. At CSN, an XML format derived
from the OpenPSA work, suitable for the quantification tools used at CSN has been the choice.
Moreover, the OPSA-MEF is a platform for developing tools that convert PSA models between PSA codes, allowing the same model to be viewed, modified and quantified by different
programs. This has been demonstrated by tools developed at CSN. Furthermore, as regulators, CSN staff needs independent views on licensee models. These can be best accomplished by
in-house tools that perform batch checks for consistency of the models.
44
April 26-30, 2015
SESSION 18-1: LOW POWER AND SHUTDOWN PSA
Session Chair: Vincent (Tom) Young, RSC Engineers
AES-2006 PSA Level 1 Shutdown Modes Basic Approaches and Results at FSAR Stage (12050)
Andrei Kalinkin, Aleksandr Solodovnikov, Ekaterina Shilina
JSC Atomproekt, Russia
This report represents preliminary results of PSA level 1 for AES-2006 (Leningrad NPP-2) at the FSAR stage as well as main changes in PSA model for FSAR stage in comparison
with PSA model for PSAR stage. Results for PSA level 1 at FSAR stage shows, that contribution to total fuel damage frequency from shutdown modes significantly exceeds contribution from power modes. For this reason, the report focuses on approaches and results for shutdown modes. Report contains:
• short description of AES-2006 project in LAES-2 configuration;
• methodology for carrying out of PSA level 1 for shutdown modes at FSAR stage;
• main changes in PSA model at FSAR stage in comparison with the model for PSAR stage;
• common approaches to frequency assessment for IEs, related to fuel damage during handling operations, loss of spent fuel pool cooling, and other IEs specific for
shutdown modes;
• main results for shutdown modes PSA level 1 at PSAR stage.
Experience with the ANS Standard for Shutdown PRA Model Quality (12164)
Ross C. Anderson, Raymond Dremel
ENERCON Services, Inc.
This paper reviews experience to date with the draft ANS standard on the technical adequacy of PRA models for shutdown analysis. Benefits of use are addressed, as well as
expectations for changes prior to endorsement, their implications and future use of the standard.
ASME has issued a standard for the technical adequacy of a nuclear plant Probabilistic Risk Analysis (PRA), which has been endorsed by the NRC as an acceptable means of demonstrating model quality. However, this standard does not address Low Power and Shutdown (LPSD) operation. In order to address the unique requirements of LPSD, the American
Nuclear Society is drafting a corresponding standard for shutdown PRA model development.
Maracor, the PRA division of ENERCON Services, Inc. has used this draft standard in the development of several shutdown PRA models for their clients. Although the standard is
only in draft at this time, it is still the best available template for the likely regulatory requirements for technical adequacy for LPSD analysis.
This paper discusses similarities of the LPSD standard to, and differences from, the at-power standard; the technical and regulatory benefits of use to date; and the impact of
potential changes as the currently draft version is finally endorsed.
An Approach for Assessing Low Power & Shutdown Risk (12287)
Kenneth Kiper, Rupert Weston
The Low Power and Shutdown (LPSD) probabilistic risk assessment (PRA) needs to be both comprehensive in scope and manageable in scale. Those competing goals require a
structured approach that:
• Casts a wide net to identify all the potential, logical plant operating states,
• Screens and subsumes to reduce these states to a “representative” set of states,
• Develops models that use and build off the “at-power” PRA to the maximum extent possible, and
•
Identifies the distinctions of LPSD operation and configurations, from full-power condition, that may be important to assessing the risk.
The approach is critical in making the LPSD PRA model both adequate to assess the risk and manageable size. The approach needs to be carefully considered because of the
degree of complexity added by the large number of potential plant operating states.
45
April 26-30, 2015
SESSION 12-1: EXTERNAL EVENTS ANALYSIS I
Session Chair: Donnie Harrison, NRC
Screening Analysis Approach Used in the Evaluation of External Flood and Other Hazards for the U.S. Nuclear Regulatory
Commission Full-Scope Site Level 3 Probabilistic Risk Assessment (12073)
Anders F. Gilbertson,
This paper discusses the approach used in the evaluation of external flood and other hazards for U.S. Nuclear Regulatory Commission (NRC) Full-Scope Site Level 3 PRA Project
with a focus on the progressive screening analysis. Hazards that are screened out by this process do not require the development of a hazard-specific PRA. This evaluation is part of
the Level 1, reactor, at-power probabilistic risk assessment (PRA) that is being performed for the. The term “other hazards” refers to those hazards, both internal and external, that
are not considered in the internal events, internal flood, internal fire, seismic, high winds, or external flood hazards analyses. The approach used for this external flood and other
hazards evaluation includes 1) a review of plant licensing bases and plant-specific data 2) identifying the hazards to be considered, 3) performing a progressive screening analysis,
and 4) performing a PRA for those hazards that cannot be screened out from further consideration. This paper presents a discussion of the qualitative and quantitative screening
criteria used in the evaluation as well as the bases for their derivation and comparisons with existing screening criteria.
Using Extreme Value Theory in External Event PSA of WWER440 Reactors (12111)
Zoltan Kovacs, Janka Macsadiova, Filip Osusky
RELKO Ltd, Engineering and Consulting Services, Slovakia
Extreme value theory is unique as a statistical discipline. It develops techniques and models for describing unusual events. Extreme values are scarce. Estimates are required
for levels of a process that are much greater than already have been observed. This involves an extrapolation from observed levels to unobserved levels. The extreme value theory
provides a class of models to enable such extrapolation. It is a solid theoretical basis and framework for it. The impact of extreme meteorological conditions on safety of WWER440
reactors is being evaluated in the light of Fukushima accident. Only extreme meteorological conditions can have impact on the plant safety. The nuclear power plants are protected
against all meteorological conditions that are likely to experience within the projected life time. The challenge is to estimate the frequency of such meteorological conditions which
has potential to damage the plant. Preliminary results are presented in the paper from the external event PSA of the Slovak WWER440 plants. Examples of extreme temperatures
(high and cold) and extreme wind are involved. For weather data, including temperature, a common rule of success is to have at least 30 years of daily data. Station data are measured at a single point in each plant. These data usually have high quality. For the data collection it is important to consider the location of the station, and whether it is representative for the site in question, for example the distance to it, the height over sea level of the station, and if it is close to the water.
Insights from IAEA Technical Meeting on Complementary Safety Assessment of NPP Robustness Against the Impact of
Extreme Events: Challenges and Developments (12250)
Irina Kuzmina, Artur Lyubarskiy, Anthony Ulses
International Atomic Energy Agency
The Technical Meeting held from 7 to 11 July 2014 at the IAEA headquarters in Vienna on Developing Methodologies for Complementary Assessment of Nuclear
Power Plants’ Robustness against the Impact of Extreme Events provided an opportunity to exchange information and discuss relevant national practices in Member States.
The meeting focused in particular on refined probabilistic safety analyses and other systematic approaches for complementary assessment of plant protection against extreme
events (i.e. the events that may exceed the design basis), as well as on the interface between the complementary safety assessment and the existing traditional probabilistic and
deterministic safety analyses. A formal technical report has been produced, which summarizes the discussions held and presents the papers and completed questionnaires provided
by the participants.
One of the conclusions of the meeting was that though the stress-test-type activities and associated safety analyses performed in Member States were an adequate response
to the Fukushima Daiichi accident, it is appropriate to continue developing a range of comprehensive systematic approaches for complementary analysis of nuclear power plant
protection against the impact of extreme events including credible hazards’ combinations and long duration accident sequences. Several examples of new methods that may assist
in performing such analyses were discussed during the meeting (e.g. Fault Sequence Analysis Method, Threat-Risk Method, etc.). In addition, a number of recommendations were
given by the participants regarding topics where additional practical guidance was needed.
The paper provides an overview of the results and insights from the Technical Meeting discussing challenges and new developments in the area of complementary safety assessment of the protection of nuclear power plants against the impact of extreme events using deterministic and probabilistic methods.
46
April 26-30, 2015
Application of the Fault Sequence Analysis Method for the Armenian NPP: Results and Insights from the Benchmarking
Study Performed under an AIEA’s Extra Budgetary Project (12276)
Shahen Poghosyan (1), Gurgen Kanetsyan (1), Sos Sargsyan (2), Tigran Sargsyan (2), Artyom Avagyan (2), Irina Kuzmina (3),
Arthur Lyubarskiy (3)
1) Nuclear and Radiation Safety Center, Armenia,2) Armenian Nuclear Power Plant – Reliability Laboratory, Armenia, 3) International Atomic Energy Agency, Austria
The accident that occurred in Japan at Fukushima nuclear power plant (NPP) on 11th March 2011 revealed the importance of external hazards analysis and plant protection
against external hazards. Impact of external hazards on the plant is characterized by simultaneous multiple equipment damage which could be a real challenge for plant design
provisions. There is a clear need to examine more closely the potential impact of extreme events for extended design basis conditions on the level of protection provided at nuclear
facilities and to identify possible weak points of the plant. It is necessary to be able to perform comprehensive safety assessment of NPPs in regard with impact of external hazards
(including combination of hazards and longer duration accident sequences – the issues, which current PSA methodology cannot effectively address). The Fault Sequence Analysis
(FSA) method and Fault Sequence Tool for Extreme Events (FAST-EE) software developed by the IAEA through an Extra-budgetary Project (EBP) funded by Norway allows to efficiently utilize the qualitative information obtained from an internal initiating events Level-1 PSA (i.e. minimal cutsets), information on the operability limits of structures, systems
and components, and the feasibility of operator actions under different severe conditions caused by extreme events. An advantage of the FSA method in comparison to traditional
safety analysis is the direct consideration of combined load conditions resulting from the simultaneous occurrence of external extreme events and possibility to examine longterm accident sequences. The Armenian NPP and Nuclear and Radiation Safety Center (NRSC) in co-operation with IAEA performed a benchmarking study aimed to apply the FSA
method and the associated software for Armenian NPP. The FSA-ANPP project’s objectives are:
• To perform a complementary analysis of plant robustness by assessing potential impact of external hazards and their credible combinations using the FSA method and the
software FAST-EE
• To provide insights for defining measures to enhance plant protection against extreme events (if found appropriate)
Implementation of the project allowed to enhance understanding of the robustness of ANPP against the impact of extreme events and their credible combinations, long duration
accident sequences, and possible cliff-edge conditions. Insights were derived by examination of the ANPP’s PSA output under the circumstances of combinations of extreme events
applicable to the ANPP site. This paper presents experience on application of FSA method for re-assessment of external hazards impact on NPP with a special focus on methodological aspects, PSA model refinements, problems encountered and recommendations made to improve the method & associated software. In addition, some qualitative insights for the
ANPP are also discussed.
47
April 26-30, 2015
SESSION 15-1: FUKUSHIMA LESSONS LEARNED I
Session Chair: David Grabaskas, ANL
Usage of MAAP5-Dose to Support Plant Habitability (11860)
Rebecca Kalfleish, Peter Maka, John Kennedy, Lisa Lam, Keith Dinnie, Michael Chai
AMEC NSS Ltd, Canada
The habitability of the control room and other vital plant areas during beyond design basis and severe accidents has a direct link to maintaining public health and safety. Plant
design bases and severe accident risk analyses typically assume that the control room operators can remain safely within the control room as well as execute appropriate mitigative
actions in the field. A key component to the successful implementation of these actions is site habitability and the acceptability of anticipated in-plant doses. The Canadian utilities
(under the auspices of CANDU Owner’s Group (COG)) have expended effort over the past several years to establish a methodology to assess plant habitability following a severe
accident. The discussed approach is consistent with that outlined in the IAEA Safety Series no. 98.
The objective of this paper is to summarize and discuss the industry recommended methodology for predicting onsite radiological conditions following a severe accident at a
nuclear power plant and assessing the plant habitability, and to discuss limitations and lessons learned from early application of this methodology.
Analysis of Potential Risk Caused by Hydrogen and Carbon Monoxide in Buildings Attached to Containment for Ascó 1&2
and Vandellós II NPPs (12094)
James P. Burelbach (1), Sung Jin Lee (1), Martin G. Plys (1), Vicente Nos (2), Juan Carlos de la Rosa (3), Joan Fornós (4)
1) Fauske & Associates, LLC, 2) Westinghouse Technology Spain, 3) Westinghouse Electric Spain, 4) Asociación Nuclear AscóVandellós
Evolution of flammable gas mixtures in buildings attached to containment is analyzed for Spanish nuclear power plants Ascó 1, 2 and Vandellós II. Flammable gas can leak
from the containment during a severe accident, and the bounding gas source rate is obtained by simulation of a postulated Station Blackout sequence using the Modular Accident
Analysis Program (MAAP). The analysis assumes a wet cavity and credits the reactor cavity flooding system as well as the filtered venting system and PARs. The leakage flow area
corresponds to the so-called allowable leakage rate, and the potential leakage locations include individual containment penetrations as well as liner “pinhole” leakage. Various
combinations of local and distributed leakage are considered. The transport and distribution of leaked flammable gas (H2 and CO) in the attached buildings is modeled using the
FATE™ code, including the significant mixing (dilution) which occurs as the released buoyant gas rises and entrains air, and accounting for the condensation of steam which acts to
concentrate flammable gas. Results indicate that for the analyzed plants the risk is low because flammable gas accumulation remains below the lower flammability limit. Based on
this result there is no need to install hydrogen mitigating systems outside containment.
Usage of MAAP5-Dose to Support Equipment Survivability Assessments (12149)
Peter Maka, John Kennedy, Keith Dinnie, Michael Chai
AMEC NSS Ltd, Canada
Appropriate Beyond Design Basis Accident (BDBA) and Severe Accident Management Guidance (SAMG) response is dependent on the availability of essential instrumentation
and equipment (I&E) to monitor and mitigate accident progression. An assessment of I&E survivability during Severe Accident (SA) conditions is needed to demonstrate with a
reasonable level of confidence that I&E will operate when required.
A technically supportable and robust approach for directly estimating environmental conditions, specifically absorbed radiation doses, under severe accident conditions
involves utilizing the Modular Accident Analysis Program 5 (MAAP5) code suite. MAAP5 contains an integrated dose model whereby radiation dose to areas of interest inside
containment can be calculated simultaneously with the progression of a severe accident.
This paper proposes the use of MAAP5/MAAP5-DOSE to support equipment survivability assessments. Its usage is expected to result in supportable and robust dose predictions. Key assumptions and limitations are discussed. Sample results from actual application of the methodology are presented.
48
April 26-30, 2015
SESSION 1-2: ACCIDENT ANALYSIS LEVEL 3
Session Chair: Valentin Rychkov, EdF R&D
Overall Accident Consequence Estimation Using the PACE Code (12085)
N. A. Higgins, S. Field, K. Ramwell
Centre for Radiation, Chemical and Environmental Hazards, Public Health England
Low probability potentially high consequence events, at a hypothetical nuclear power reactor at a notional location in the north of England, have been examined using the off-site (Level
3) Probabilistic Safety Assessment (PSA) code PACE (Probabilistic Accident Consequence Evaluation). PACE provides probabilistic estimates of a number of endpoints such as; doses that may
be received, consequences of protective actions and the overall economic effects of an accident. The latter estimates use the economic model COCO-2 (Costs of Consequences Offsite) implemented within PACE. The work supports NEA development of generic advice on the application of economic modelling as part of probabilistic nuclear accident consequence assessment.
Risk Metrics and Risk Ranking in PSA (12162)
Thomas Durin, Ludivine Pascucci-Cahen, Nadia Rahni, Jean Denis, Emmanuel Raimond, Vincent Tanchoux
IRSN, France
IRSN, acting as a Technical Safety Organization for the French Nuclear Safety Authority, has been developing L2 PSAs for many years, using its own probabilistic tool (KANT) and severe
accident code (ASTEC). In order to make the results obtained more explicit so that they can be adopted for decision making, significant efforts have been made to achieve a realistic modeling
of consequences caused by nuclear accidents. That includes the assessment of radioactive releases in the environment and the evaluation of site-specific radiological consequences.
These efforts allow IRSN to estimate the contribution to the global risk of all the initiating events or containment failure modes with various risk metrics. A preliminary study has been
performed with an outdated limited scope PSA model, in order to validate the method. The results obtained show that the choice of the risk metric is not neutral toward risk ranking. It might
also have an influence on the choice of a quantitative criterion for external events screening methods.
Probability of Being in the Situation Where Dose Assessment Software Would Promote Premature EAL/PAR Decisions
at Callaway (12207)
Zhiping Li
Ameren Missouri
On April 23, 2014, an Emergency Preparedness Coordinator discovered the Callaway Energy Center dose assessment program, MAGNEM, Management Action Guidelines for Nuclear
Emergencies (Callaway Energy Center dose assessment software) can be configured in a manner which will result in an inaccurate radiological release projection under one accident scenario
(Steam Generator Tube Rupture direct to atmosphere). This could result in recommending protective actions to the public when not warranted. Dose assessment calculations are considered
risk significant regulatory activities and must be performed accurately to protect the health and safety of the public. This could be a NRC Finding of white, yellow or red. MAGNEM in this
software configuration is not normally utilized and the conditions that would lead the user to utilize this software in this manner would require a simultaneous loss of the plant Local Area
Network (LAN) and immediately after launching the software switching to manual mode (which is not the normal mode of operation). There is a low probability this could have occurred in
a plant emergency as defined in 10CFR50.47, Emergency Plans. The probability of being in the situation where MAGNEM would produce dose projections resulting in premature EAL (Emergency Action Level) declaration or PAR (Protective Action Recommendations) is calculated to be very low. The NRC determined that the issue is properly characterized as a licensee-identified
Green NCV (Non-Cited Violation) and there is no lost or degraded planning standard function.
Key words: risk assessment, dose assessment software, MAGNEM
Strategies for Mitigating Releases During a Severe Accident (12669)
Richard Wachowiak (1), David L. Luxat (2), Alexander H. Duvall (2), Jeff R. Gabor (2), Doug E. True (2)
1) Electric Power Research Institute, 2) ERIN Engineering and Research, Inc.
In 2012, EPRI published “Investigation of Strategies for Mitigating Radiological Releases in Severe Accidents – BWR Mark I and Mark II Studies” (EPRI 1026539). This report assessed
the value of various strategies starting from the perspective that there was a core vessel breech situation without regard for how the scenario progressed to that point. The objective was to
identify strategies that could enhance containment performance.
In the current study, EPRI performed a more comprehensive evaluation of the scenarios and how they developed. This allows for state-of-knowledge to be incorporated into the potential
release scenarios. A focused scope level 3 Probabilistic Risk Assessment (PRA) was developed for Extended Loss of AC Power (ELAP) sequences to evaluate not only the releases from the
various scenarios, but also the potential for offsite consequences.
The analysis shows that near all consequence reduction can be achieved by providing a method for severe accident capable water addition to the containment in Mark I and Mark II plants.
Any other strategy provides marginal additional benefit.
In this study, EPRI used high powered computing (HPC) to explicitly transfer sequence knowledge through the analysis out to the consequence end states. More than 500 Modular
Accident Analysis Program (MAAP5) simulations were run to characterize each mitigating strategy; and more than 12000 simulations in all were performed for the study. Methods were
developed for generating the input for these simulations and presenting the output in a meaningful manner. A focus of this paper is on the presentation of output from such a large set of
simulations in a meaningful manner. Some of the more useful ways of characterizing the output are presented.
49
April 26-30, 2015
PROGRESS IN APPLYING PRA TO NON-REACTOR NUCLEAR FACILITY ISSUES
Discussion Leader: Kevin O’Kula, URS Professional Solutions, LLC
Jim O’Brien, DOE-EA 30
Jeff Shackelford, Defense Nuclear Facilities Safety Board
Karl Fleming, KNF Consulting
Dennis Henneke, GE-Hitachi
This session is a continuation of the discussion on the uses of PRA approaches to inform safety and design decisions for nonreactor nuclear facilities, systems and processes.
Since the PSA 2013 conference, two developments in the standards area alone have occurred: (1) the Department of Energy Probabilistic Risk Assessment (PRA) Standard (DOESTD-1628-2013) has been finalized; and (2) an ASME/ANS committee is forming to develop a nonreactor PRA standard. The roundtable session will discuss the impact of these two
items, and other ongoing work in the nonreactor nuclear field using PRA methods. U.S. and international organizations, safety contractors and regulatory bodies will be represented.
50
April 26-30, 2015
Wednesday, April 29, 08:30, Ram Room
SESSION 6-4: HUMAN FACTORS AND HRA IV
Session Chair: Susan Cooper, NRC
Advanced Investigation of HRA Methods for Probabilistic Assessment of Human Barriers Efficiency in Complex Systems for
a Given Organisational and Environmental Context (12020)
A. De Galizia (1), C. Duval (1), E. Serdet (1), P. Weber (2), C. Simon (2), B. Iung (2)
1) EDF R&D, France, 2) Research Center of Automatic Control of Nancy (CRAN) – Lorraine University, Vandoeuvre Lès Nancy,
France
This paper presents the major issues concerning PSA Human Reliability Analysis (HRA) as result of the first year of a PhD in the Department of Industrial Risks Management
(IRM) of Électricité de France (EDF) in the field of Integrated Risk Analysis and HRA approaches for maintenance and normal operation. In particular, we will go deep into a “stateof-the-art” of HRA methods. We will proceed to the identification of some specific analysis criteria expressly designed to compare and map methods against the criteria itself and
previous works on the good practices within HRA. Such criteria deal with key issues such as the data/information/evidence required for methods to be applied, the theoretical basis
underlying each method, PSF coverage (individual, operating crews or organizational) and so on. Then, we will discuss the major findings retained to provide an understanding on
useful features and limitations or gaps in current HRA. Examples of these limitations are lack of an adequate interface for using qualitative analysis results for quantification of HEPs
or an appropriate guidance for how to assess and use PSFs. In particular, we will focus on the problem of selecting performance influencing factors (PSFs) for the use in HRA of
nominal operation and maintenance tasks in a different manner than existing methods already developed at EDF which are used for specific PSA applications (MERMOS A). Finally,
we will present the conclusions and some perspectives concerning the development of a new methodology resulting from a cross-fertilization approach between a tool recently
developed at EDF R&D and referred as Integrated Risk Analysis (IRA) and conventional HRA. The aim of this new methodology is to probabilistically assess human barriers efficiency
in sociotechnical systems under given organizational and environmental conditions.
On the Incorporation of Spatio-Temporal Dimensions into Socio-Technical Risk Analysis (12199)
Justin Pence, Zahra Mohaghegh
University of Illinois at Urbana-Champaign
In Probabilistic Risk Assessment (PRA), the temporal dimension has been improved, and is currently being explicitly considered in simulation-based techniques. How-ever, the
spatial dimension is only being considered implicitly in Fault Trees and Event Trees through functional models. Human Reliability Analysis (HRA) does not explicitly consider spatial
dimensions of Performance Shaping Factors, except for man-machine interface, which is only partially considered in human error estimations. The Socio-Technical Risk Analysis
(SoTeRiA) framework was developed to incorporate organizational factors into HRA and PRA. This paper reports on the initial stage of re-search to advance the dimensions of space
and time in SoTeRiA. The paper reviews the dimensions of space and time in traditional engineering practices, social and organizational theories, and in the existing risk analysis
methods. It highlights the theoretical and methodological perspectives on the incorporation of spatio-temporal dimensions in SoTeRiA. The ultimate results of this research will
help (1) identify the underlying socio-technical root causes of failures associated with locations and space, (2) quantify the spatio-temporal organizational failure mechanisms by
integrating a Geographic Information System (GIS)-based modeling platform with PRA, and (3) advance quantification and visualization of socio-technical risk scenarios that will
enhance risk-informed decision making applications (e.g., Emergency Response Modeling).
Quantifying Organizational Factors in Human Reliability Analysis Using the Big Data-Theoretic Algorithm (12200)
Justin Pence (1), Zahra Mohaghegh (1), Cheri Ostroff (2), Vinh Dang (3), Ernie Kee (1, 4), Russell Hubenak (5), Mary Anne
Billings (5)
1) University of Illinois at Urbana-Champaign, 2) University of South Australia, 3) Paul Scherrer Institute, 4) YK.risk, LLC, 5) South
Texas Project Nuclear Operating Company
Probabilistic Risk Assessment (PRA) is an effective tool for estimating risk from interactions of equipment failure and human error. Human Reliability Analysis (HRA) focuses on
individual error due to internal (e.g., cognitive mode) and external (e.g., physical environmental factors, organizational factors) Performance Shaping Factors (PSFs). Current HRA
techniques include some of the external PSFs related to organizational factors, such as procedures and training, however, the organizational mechanisms associated with these PSFs
are not explicitly modeled in HRA. The incorporation of organizational models in this research is done based on the Socio-Technical Risk Analysis (SoTeRiA) theoretical framework.
The Integrated PRA (I-PRA) methodology is introduced to connect the combined effects of human error and organizational factors with classical PRA techniques (i.e., Event Trees
and Fault Trees). A novel algorithm, the big-data theoretic, is utilized to address wide-ranging, incomplete, and unstructured data. The new algorithm is applied for quantifying the
organizational mechanisms associated with the “training quality” (in nuclear power plants) that can be used as a surrogate node for “training” PSF, inside HRA. This re-search helps
develop a more realistic and plant-specific estimation of human error. In addition, it facilitates explicit modeling for the sources of dependencies among PSFs.
51
April 26-30, 2015
Wednesday, April 29, 08:30, Sawtooth Room
SESSION 13-3: FIRE ANALYSIS AND NFPA 805 III
Session Chair: Raymond Gallucci, NRC
Modeling Main Control Room Abandonment in Fire PRAs (12193)
Paul J. Amico, Erin P. Collins
Jensen Hughes
The issue of how to adequately model main control room abandonment scenarios in fire PRAs has become an area of much concern and contention. Most plants calculate abandonment
CCDPs outside the model and apply them to the scenarios, usually as a generic value or to scenario bins. This leads to the potential for missing some key elements, including both random and
fire-induced failures that result in conditions that preclude successful shutdown or the impact of timing on the operator actions, as model changes and refinements are made. The authors
propose a more effective approach that fully integrates the abandonment case into the PRA model and separates the human failure events into an overriding cognitive error portion that fails
abandonment and a series of individual HFEs associated with the recovery of each failed function in the scenario.
Focusing the Scope of Fire PRA Human Reliability Analysis Using Top Event Prevention (TEP) (12358)
Wes Brinsfield (1), Jeffrey Voskuil (2)
1) Applied Reliability Engineering, Inc., 2) Entergy
A number of US nuclear power plants are transitioning to performance-based fire protection programs in accordance with NFPA 805. Numerous operator actions may be identified that
mitigate the potential impacts of postulated fires in a plant. Inserting each of these operator actions and supporting instrumentation into the fire probabilistic risk assessment (FPRA) adds
complexity to the logic models, and increases the requirements for human reliability analyses (HRAs), documentation, and model maintenance. As the number of human failure events
(HFEs) in the FPRA grows, so does the effort required to complete human failure dependency evaluations. In addition, a plant’s Operations and Training departments could benefit from a riskinformed list of safety significant actions from which procedure and training plans could be developed. To focus and potentially reduce the HRA and related efforts, PRA analysts can utilize a
technique known as Top Event Prevention (TEP) to identify the minimum set of fire-related operator actions that are effective in managing safety for the fire areas analyzed using the fire PRA.
Top event prevention analysis is a deterministic application of PRA that identifies the minimum sets of equipment and operator actions in a power plant that are important to preventing
or mitigating an accident. This paper provides a description of the application of TEP in a FPRA to identify operator actions upon which logic modeling and human reliability analysis should be
focused.
Fire Risk Trends and Contributions – A Heuristic Method to Extrapolate US Nuclear Plant Fire Risk (13020)
Deepak Rao
Entergy Services, Inc.
The US NRC established a prescriptive fire protection framework following the 1975 fire at the Browns Ferry Nuclear Power Station to assure adequate protection of public health and
safety from nuclear power plant fires. In 2004, the NRC modified its fire protection regulations in 10 CFR 50.48 (Reference 4) to allow licensees to adopt, on a voluntary basis, National Fire
Protection Association Standard 805, “Performance-Based Standard for Fire Protection for Light-Water Reactor Electric Generating Plants” (NFPA 805), in lieu of their existing fire protection
licensing basis. This approach offers plants the opportunity to use a new and scientifically sound way of reducing fire risks further. With just over one half of the US nuclear power plant
licensees adopting the risk informed performance based NFPA 805 approach, fire probabilistic risk analyses (PRAs) have been or are in the final stages of development by a majority of the
US plants. Almost all of these Fire PRA models use the NUREG/CR-6850 approach and indicate that fire risk is very significant and is equal to or higher than internal events core damage risk.
However, one can heuristically investigate the operating experience relating to fire events for the US industry and make conclusions about the trends and contribution of fire events compared
to internal events based on the operating history.
This paper investigates and characterizes the number of accident precursors to fire related core damage accidents in US commercial power plant operation history in the last three or so
decades. One can objectively look at the frequency and nature of these precursor events that have occurred to evaluate whether the fire event was a particularly debilitating one (one that had
impact on safety systems) or relatively benign (one that impacted only the balance of plant equipment).
Fire PRA Maturity and Realism: A Discussion and Suggestions for Improvement (12118)
Nathan Siu, Kevin Coyne, Selim Sancaktar, Nicholas Melly
Fire PRA has often been characterized as being less mature and less realistic than internal events PRA. Perceptions of immaturity can affect stakeholders’ use of fire PRA information.
Unrealistic fire PRA results could affect fire-safety related decisions and improperly skew comparisons of risk contributions from different hazards. In this paper, we address the issue of technical maturity through the identification of a number of key indicators and the issue of realism through quantitative and qualitative comparisons of fire PRA results with operational event data.
Based on our analysis, we judge that fire PRA is in an intermediate-to-late stage of maturity (albeit less mature than internal events analysis) and that fire PRAs, as performed using current
guidance, may be providing conservative quantitative results. However, our results cannot confidently support estimates of the degree of conservatism. We also observe that the qualitative
results of fire PRAs are generally consistent with operational experience. We conclude with a number of suggestions for activities to enhance fire PRA realism.
52
April 26-30, 2015
Wednesday, April 29, 08:30, Columbine Room
SESSION 15-2: FUKUSHIMA LESSONS LEARNED II
Session Chair: John Nakoski, NRC
Feasibility Assessment of Coping Strategies for Beyond-Design-Basis External Events (12059)
Jaewhan Kim, Soo-Yong Park, Kwang-Il Ahn
An extended loss of all electric power occurred at the Fukushima Dai-ichi nuclear power plant by a large earthquake and subsequent tsunami. This event led to loss of reactor
core cooling and containment integrity functions at several units of the site, ultimately resulting in large release of radioactive materials into the environment. In order to cope with
so-called beyond-design-basis external events (BDBEEs), nuclear power plants nowadays require more strengthened accident management (AM) capabilities extending existing
AM measures. This study suggests preliminary coping strategies for BDBEEs, and evaluates the feasibility of the suggested coping strategies. The coping strategies, named iROCS
(integrated, RObust Coping Strategies), provides AM measures for various plant damage conditions beyond an extended loss of AC power. The plant damage conditions considered in our study include combinations of the following conditions of the critical safety functions: (1) an extended loss of AC power, (2) an extended loss of DC power (loss of the
monitoring and control function at control rooms), (3) loss of RCS inventory, and (4) loss of secondary heat removal function. Feasibility assessment has been conducted for some
fundamental strategies based on the accident analysis results and staffing analysis.
External Hazards in the PRA of Olkiluoto NPP Units 1 and 2 and Interim Storage for Spent Nuclear Fuel – Ongoing Actions
in the Light of the Fukushima Accident (12285)
Tiia Puukka, Jari Pesonen, Antti Tarkiainen, Hannu Tuulensuu
Teollisuuden Voima Oyj (TVO), Finland
According to the experiences perceived of the Fukushima Dai-ichi accident, the knowledge of the role of external hazards in nuclear safety has been increased. All identifiable
external hazards should be included in the probabilistic risk assessment (PRA) of the nuclear power plant units and spent nuclear fuel storage facilities. This is required by the Finnish
Regulatory Guides.
Shortly after the Fukushima Dai-ichi accident in 2011, The Finnish Ministry of Employment and the Economy required all Finnish utilities to carry out a status analysis of response
arrangements for natural phenomena and loss of electric power supply at Finnish nuclear power plants and interim spent fuel storages. PRA-results from external hazards and
seismic studies were extensively used in the Finnish utility’s Teollisuuden Voima Oyj (TVO) response on this analysis.
TVO has recently updated the PRA analysis of external hazards for Olkiluoto 1 and 2 power plant units and developed a new full-scope PRA for the interim spent fuel storage. The
paper will present the results of these analyses touching on how lessons learned from the Fukushima accident were taken into account in the analysis. The paper will also present the
status of the ongoing and future planned plant modifications in Olkiluoto.
Overview of a System Reliability Study for the On-Site Electrical Distribution System in NPPs (12098)
Gary Wang, John Nakoski
The Nuclear Regulatory Commission (NRC) and Idaho National Laboratory (INL) have undertaken a joint-study to review the functional reliability of electrical distribution systems
in nuclear power plants (NPPs) starting in October 2014.
Numerous electrical transients that occurred in NPPs over the past years indicated weaknesses in the general understanding of electrical power source failures to systems and
components that are important to safe operation. Actual operation experience data has revealed failures in electrical systems and components, including offsite power systems,
transformers and components failures, electrical fires, and other failures that have affected nuclear plant safety. Hence there is a need to better understand the behavior of electrical
sub-systems and components in terms of initiating event frequencies involved in reliability and risk-related analysis to address the concerns of common cause failure or related
electrical components to plant safety operation.
The four areas of concern in the electrical systems and components risk study are: (1) to better estimate unreliability based on operating experience, (2) to compare estimates
with the assumptions, model, and data based on operating experience used in probabilistic risk assessments (PRA) and individual plant examinations (IPEs), (3) to evaluate the
engineering aspects of operating experience relating to causes, recovery, and methods of detection, and (4) to evaluate the impact of key industry and regulatory programs on plant
performance.
In addition, in the aftermath of the Fukushima Dai-ichi NPP accident, station blackout (SBO) became a more significant challenge at NPPs. Therefore, this study will also include
the restoration of electrical power strategies and how to cope without permanent electrical power sources for an indefinite amount of time while keeping the reactor core and spent
fuel cool, and protecting the containment building.
53
April 26-30, 2015
Wednesday, April 29, 08:30, Limelight A
SESSION 23-1: MODELING AND SIMULATION I
Session Chair: Diego Mandelli, INL
Assessment of the Structural Importance Measure with Monte Carlo Sampling (12084)
Andrija Volkanovski
Jožef Stefan Institute, Slovenia
Qualitative importance measures evaluate the importance of the components considering their location and function within the given system.
In this paper method for the assessment of the structural measure of importance (SMI) as a qualitative importance measures is developed and presented. The method is based
on the application of the Monte Carlo sampling and utilizes minimal cut sets (MCS) assessed from the fault tree of the analyzed system. The number of critical states Bk for a given
basic event k is used as qualitative importance measure.
The developed method is applied on two test systems. First test system represents standards test system used in the reliability studies. The second test system represents safety
system of a real nuclear power plant.
Assessment of the structural importance measure and ranking of the components is done. Ranking of the components based on assessed structural importance measure is
compared to the ranking by standard quantitative importance measure. Applicability of the obtained qualitative importance measure for improvement of the reliability and safety
of the systems and nuclear power plants is discussed.
Bayesian Calibration of Safety Codes Using Data from Separate- and Integral-Effects Tests (12335)
Joseph P. Yurko (1), Jacopo Buongiorno (1), Robert Youngblood (2)
1) Massachusetts Institute of Technology, 2) Idaho National Laboratory
Large-scale system codes for simulation of safety performance of nuclear plants may contain parameters whose values are not known very accurately. In order to be able to use
the results of these simulation codes with confidence, it is important to learn how the uncertainty on the values of these parameters affects the output of the codes. New information from tests or operating experience is incorporated into safety codes by a process known as calibration, which reduces uncertainty in the output of the safety code, and thereby
improves its support for decision-making. Modern analysis capabilities afford very significant improvements on classical ways of doing calibration, and the work reported here
implements some of those improvements. The key innovation has come from development of safety code surrogate model (code emulator) construction and prediction algorithms.
A surrogate is needed for calibration of plant-scale simulation codes because the multivariate nature of the problem (i.e., the need to adjust multiple uncertain parameters at once to
fit multiple pieces of new information) calls for multiple evaluations of performance, which, for a computation-intensive model, makes calibration very computation-intensive. Use
of a fast surrogate makes the calibration processes used here with Markov Chain Monte Carlo (MCMC) sampling feasible. Moreover, most traditional surrogates do not provide uncertainty information along with their predictions, but the Gaussian Process (GP) based code surrogates used here do. This improves the soundness of the code calibration process.
Results are demonstrated on a simplified scenario with data from Separate and Integral Effect Tests.
Quantifying Safety Margin Using the Risk-Informed Safety Margin Characterization (RISMC) (12067)
David Grabaskas (1), Matthew Bucknor (1), Acacia Brunett (1), Marvin Nakayama (2)
1) Argonne National Laboratory, 2) New Jersey Institute of Technology
The Risk-Informed Safety Margin Characterization (RISMC), developed by Idaho National Laboratory as part of the Light-Water Reactor Sustainability Project, utilizes a
probabilistic safety margin comparison between a load and capacity distribution, rather than a deterministic comparison between two values, as is usually done in best-estimate
plus uncertainty analyses. The goal is to determine the failure probability, or in other words, the probability of the system load equaling or exceeding the system capacity. While this
method has been used in pilot studies, there has been little work conducted investigating the statistical significance of the resulting failure probability. In particular, it is difficult to
determine how many simulations are necessary to properly characterize the failure probability.
This work uses classical (frequentist) statistics and confidence intervals to examine the impact in statistical accuracy when the number of simulations is varied. Two methods are
proposed to establish confidence intervals related to the failure probability established using a RISMC analysis. The confidence interval provides information about the statistical accuracy of the method utilized to explore the uncertainty space, and offers a quantitative method to gauge the increase in statistical accuracy due to performing additional simulations.
54
April 26-30, 2015
Wednesday, April 29, 08:30, Limelight C
SESSION 29-2: RISK-INFORMED DECISION-MAKING II
Session Chair: Mike Frank, URS Corp.
From Risk Representation to Risk Acceptability: How Risk Representation Tools Shape Decision Making (12216)
Flauw Yann, Demeestere Marion, Mazri Chabane
INERIS – Institut National de l’Environnement industriel et des RISques Parc Technologique, FRANCE
When it comes to land use planning, risk acceptability can be assessed thanks to different types of representations: FN curves, individual or societal mapping. Whatever the
representation tool adopted, it has to consider simultaneously risk assessments performed by experts on one hand and risk perceptions constructed by various stakeholders on the
other hand. This paper will explore how the very choice of the risk representation tool is already influencing decision makers by highlighting some risk features over other ones.
After deploying a risk assessment approach on a case study following the policies from various European countries, we will underline how the decision making fits quite well with
the risk representation tool used. In addition, we will show that it would have been very difficult to enforce policies with different goals by using the same risk representation tools.
Consequently, the paper acknowledges that when a risk governance policy is created, the decision-makers should first define very precisely the goals of the policy they want to
enforce in order to select the tool which best fits their needs.
The Seven Paradoxes (12223)
Romney B Duffey
DSM Associates Inc.
Humans often underestimate the risk or chance of an adverse outcome arising as a natural part of human progress, innovation, technological advancement, thrillseeking and
individual development. Errors and mistakes occur, and all software, hardware, firmware, mechanical and social systems remain prone to failure and exposed to risk. The attitudes
and norms towards risk, risk taking, safety and rewards define the personal, societal and managerial “culture”. This complex interrelationship of systems, technologies, society and
individuals, referred to as “trans-science” by Susuki and Weinberg, emerge in seven interwoven major risk paradoxes or truths:
Paradox 1: Without having the events we want to avoid we cannot learn
Paradox 2: All events are preventable but only afterwards
Paradox 3: Events are acceptable to society until they actually occur
Paradox 4: Complexity and disorder are necessary for learning to emerge
Paradox 5: Physical, legal and procedural barriers are necessary but not sufficient Paradox 6:Rare or unknown events do not allow learning so always surprise
Paradox 7: In risk management and assessment we must expect the unexpected
We illustrate the implications of these “truths” for modern risk assessments and safety management, using actual events and data coupled with learning theory, and discuss
the implications for the future of risk assessment.
The Relationship between CDF and LERF in Risk-Informed Regulations (12365)
Yan Wang (1), Zhijian Zhang (1), John C. Lee (2)
1) Harbin Engineering University, China, 2) University of Michigan
The risk management will be used in future regulations of nuclear safety and acceptable risk criteria are expected to play an important part in the framework. There are several
metrics used in probabilistic risk assessment (PRA) to represent the risk. Core Damage Frequency (CDF) and Large Early Release Frequency (LERF) are two common metrics used in
the risk-informed and performance-based regulations. With no publications are available for clearly addressing the relationship between CDF and LERF. We review in this paper the
development of the definitions for CDF, Large Release Frequency (LRF) and LERF, together with the acceptable risk criteria. Our review of PRA data for five nuclear plants studied in
NUREG-1150 indicates the equivalence between LRF and LERF because they are both defined by early fatalities (EF) before the evacuation. Based on this observation, we present
linear relationship between CDF, LRF, LERF and EF for the five NUREG-1150 plants in double logarithmic scales. Thus the development of acceptable risk criteria may use the relationship between CDF and LERF. This study also proposes a new metric, Large Late Release Frequency (LLRF), representing the large release after the evacuation. The LLRF may be used
to regulate the radioactive contamination for the off-site areas in serious accidents, e.g. the Fukushima and Chernobyl accidents. A hierarchical important analysis is also proposed to
address issues that normal importance analysis may not properly represent for systems contributing to the LRF.
55
April 26-30, 2015
Wednesday, April 29, 08:30, Boiler Room
RISK-INFORMED MARGINS MANAGEMENT
Discussion Leaders: Curtis Smith, Idaho National Laboratory, Steve Hess, Electric Power Research Institute
As NPP operating lifetimes are extended, the effective management of their safety and operational margins will be an increasingly important element of ensuring safe and
economic operation. In this roundtable, application of the Risk-Informed Safety Margin Characterization (RISMC) approach to assess and manage these margins will be discussed.
This session will highlight recent results from ongoing research, particularly those obtained from the US DoE Light Water Reactor Sustainability and the EPRI Long Term Operations
programs.
56
April 26-30, 2015
SESSION 20-3: SEISMIC III
Session Chair: Don Wakefield, ABS Consulting
Status and Path Forward on Near-Term Task Force Recommendation 2.1 – Seismic (12076)
Donnie Harrison
Following the March 2011 accident at Fukushima Dai-ichi a task force was formed at the Nuclear Regulatory Commission (NRC) to review relevant regulatory requirements, programs, and processes, and their implementation, to recommend whether the agency should make improvements to the regulatory system. One recommendation (NTTF R2.1) of the
task force involves re-evaluating the seismic and flooding hazards at operating reactor sites. This paper will describe the seismic-related activities being pursued to address NTTF R2.1.
Advanced Seismic Probabilistic Risk Assessment Using Nonlinear Soil-Structure Interaction Analysis (12100)
Justin Coleman (1), Mohamed Talaat (2), Philip Hashimoto (2), and Curtis Smith (1)
1) Idaho National Laboratory, 2) Simpson Gumpertz & Heger, Inc.
The objective is to provide advanced seismic probabilistic risk assessment (SPRA) methods with the goal of removing large uncertainties, to the extent possible, and to provide
“best estimate” seismic risk numbers. The concern is that large uncertainties in traditional SPRAs will mask other potential sources of risk and focus disproportionate time and
money on mitigating seismic risk.
This paper is not proposing to change the process for characterizing the seismic hazard at a given nuclear power plant site. However, there are two potential areas to remove
conservatism in the SPRA process (again we want best estimate risk numbers with appropriate treatment of uncertainties so that other risks, such as risk of flooding, are not
masked). One source of conservatism is in the seismic fragility approach, which comes primarily from assuming that the structure response scales linearly with ground motion level.
This source of conservatism can be removed by using nonlinear soil-structure interaction (NLSSI) analysis to explicitly model the interaction between the soil and structure (i.e. the
structure will slide during larger ground motions). The second source of conservatism is the response of the soil will be nonlinear for larger ground motions and NLSSI will account
for this.
On Modeling the Risk from Seismically Induced Fires and Floods (12187)
G. Martinez-Guridi (1), J. Lehner (1), S. Sancaktar (2)
1) Brookhaven National Laboratory, 2) U.S. Nuclear Regulatory Commission,
Seismic events at or near a nuclear power plant (NPP) potentially can cause substantial damage. In addition, they can induce adverse consequential events, such as inducing
separate fires or floods in multiple locations at the plant. These induced events can further degrade the capability of the NPP’s components, and impede operators’ actions intended
to mitigate the events. Currently, there is no generally accepted method for modeling and quantitatively evaluating the risk to an NPP from seismically induced fires and internal
and external floods (SI-F&IEF). Hence, the potential contribution of these scenarios to the risk of a NPP usually remains highly uncertain. This paper has two main objectives: 1) To
summarize a workshop that took place in December 2013 on SI-F&IEF, and, 2) to describe the initial activities of a project to study the feasibility of obtaining a better estimate of risk
from SI-F&IEF in NPPs such that the U.S. Nuclear Regulatory Commission (NRC) can make informed decisions about the appropriate next steps to take.
57
April 26-30, 2015
SESSION 30-3: RISK-INFORMED REGULATION III
Session Chair: Allen Moldenhauer, Dominion Resource Services
Risk-Informed Determinism: An Alternative to Risk-Informed Regulation for Establishing New or Totally Replacing Existing Licensing Bases (12044)
Raymond H.V. Gallucci
Since the NRC and nuclear industry adopted the philosophy to incorporate probabilistic risk assessment (PRA) insights as “risk-informed regulation (RIR),” there have been many
success stories when applied on a limited basis. Instrumental has been the use of RG 1.174, An Approach for Using PRA in Risk-Informed Decisions on Plant-Specific Changes to the
Licensing Basis, although not intended for establishing totally new or replacing in toto existing licensing bases. When so applied, difficulties are encountered. I have learned that a
different framework is appropriate for establishing a new or totally replacing an existing licensing basis. Call it “risk-informed determinism (RID),” admitting that it could have elements of being “risk-based” depending upon how well the traditionally “qualitative” PRA aspects can be quantified. RID would use PRA, including quantification of defense-in-depth
and safety margin to the extent possible, to establish deterministic quantitative criteria for the licensing basis. This paper examines four previously published examples in the area of
fire protection/PRA of just how this might work.
Overview of Significant Probabilistic Risk Assessment Research Activities at the U.S. Nuclear Regulatory Commission
(12090)
Kevin Coyne
The U.S. Nuclear Regulatory Commission (NRC) Office of Nuclear Regulatory Research (RES) conducts research activities in Probabilistic Risk Assessment (PRA) to support the
oversight of operating nuclear power plants; extend PRA technology to new technologies and reactor designs; and advance the PRA state-of-the art. These research goals support
the Commission’s 1995 PRA Policy Statement policy of increasing the use of PRA technology in all regulatory matters to the extent supported by the state-of-the-art in PRA methods and data and in a manner that complements the NRC’s traditional deterministic approach and supports the defense in depth philosophy. In support of nuclear plant oversight
activities, the NRC continues to maintain and develop the agency’s Standardized Plant Analysis Risk (SPAR) models and the Systems Analysis Programs for Hands-on Integrated
Reliability Evaluations (SAPHIRE) PRA computer code. Recent accomplishments include development of new all-hazards SPAR models and enhanced SAPHIRE model integration
capabilities. Research into incorporating digital instrumentation and control (I&C) systems into nuclear plant PRAs extends modeling capabilities into an evolving technology and is
intended to provide methods suitable for supporting future risk-informed decision-making. Research projects associated with development of PRA methods for seismically induced
fires and floods and the integrated site Level 3 PRA project serve to both advance the state-of-the-art in PRA methods and improve the NRC’s regulatory decision-making capabilities. This paper will summarize key research goals, recent accomplishments, and challenges for each of these projects.
Approaches for Making New PRA Methods Available For Regulatory Application (12343)
Paul Amico (1), Victoria Anderson (2), Ashley Lindeman (3), Roy Linthicum (4), Bob Rishel (5)
1) Jensen-Hughes, Inc., 2) Nuclear Energy Institute, 3) Electric Power Research Institute, 4) Exelon Corporation, 5) Duke Energy
This paper will present an overview and discussion of a joint U.S. nuclear industry and Nuclear Regulatory Commission (NRC) approach to better streamline the process for making Probabilistic Risk Assessment (PRA) methods and data available for use in regulatory applications. As part of an effort to improve clarity in expectations for technical adequacy
expectations for PRAs supporting licensing applications, a process for evaluation of new methods and data was developed. It is intended that this approach will be used in the near
future to improve stability and predictability in risk-informed regulation in the U.S.
58
April 26-30, 2015
SESSION 28-1: PSA STANDARDS
Session Chair: Stanley Levinson, Areva
Taking a Trial Use Approach to Issuing New Probabilistic Risk Assessment Standards (12183)
Barry Sloane
The ASME/ANS Joint Committee on Nuclear Risk Management (JCNRM) is responsible for development and maintenance of standards and related guidance on nuclear facility
probabilistic risk assessment (PRA) and risk management. The JCNRM Subcommittee on Standards Development (SC-SD) has responsibility of developing new PRA standards in
accordance with JCNRM-adopted guidelines, and there are currently five new PRA standards in development and in various stages of the consensus ballot process. The JCNRM has
recently implemented a process whereby a new standard that has been approved by technical committee consensus ballot and received administrative approval from both the
ASME and ANS standards boards may be initially issued for a designated trial use period. The purpose of the trial use period, during which the standard, although approved within
the ASME and ANS process, is not an ANSI (American National Standards Institute) standard, is to: (a) allow standard users and other stakeholders the opportunity to “test out” the
standard and provide feedback to the SC-SD and writing groups regarding technical difficulties, application difficulties, editorial issues, and so forth; and (b) obtain feedback from
stakeholders on selected technical issues that have been identified by the standards writers as possibly involving limitations related to state of technology, lack of consensus, and
so forth but were deemed not so monumental as to preclude issuance of the standard. As of this submittal, one trial use standard has been issued (Non-Light Water Reactor PRA
Standard) and four others are planned to be issued for trial use within 18-24 months. This paper summarizes the current status of trial use standards and issues the SC-SD is evaluating regarding implementation of the trial use process, and provides initial feedback on how the process has been working to date.
Screening of External Hazards per Part 6 of the PRA Standard for the AP1000® Plant (12169)
David S. Teolis, Rachel A. Solano, Nataliya Povroznyk, Raymond E. Schneider
Westinghouse Electric Company has completed screening of external hazards per Part 6 of the ASME/ANS PRA Standard for the AP1000® plants currently under construction
in the United States. Specifically this was done for units 3 and 4 at the Vogtle site in Georgia for Southern Nuclear Company and for units 2 and 3 at the V. C. Summer site in South
Carolina for South Carolina Electric and Gas. This paper describes how screening was accomplished. Potential external hazards were first identified based on various industry related
tabulations and supplemented as needed for each site. Screening was then performed in three stages. First, each of the identified hazards was evaluated per preliminary screening
criteria that are based on evaluating the damage potential of the hazard, annual frequency of the hazard, proximity of the hazard to the site, being included in another hazard, and
available response time to eliminate the potential threat posed by the hazard. The second stage was to perform a more detailed qualitative assessment of the remaining hazards
based on additional site-specific considerations. The final stage was to perform a conservative quantitative assessment to screen the remaining hazard.
Keywords: AP1000® Plant, External Hazards
Low Power Shutdown Probabilistic Risk Assessment Lessons Learned and Industry Issues with Draft Standard
Implementation (12338)
John J. Haugh (1), Mark A. Wilk (1), Michael J. Wittas (2)
1) Westinghouse Electric Company, 2) Palo Verde Nuclear Generating Station
The field of low power and shutdown (LPSD) risk analysis is emerging as one of new opportunity for future probabilistic risk assessment (PRA) analysis and potential plant
safety improvements. Current industry efforts include steps toward the standardization of LPSD PRA requirements and the associated methods of implementation. Over the past 18
months, the PRA staff at Palo Verde Nuclear Generating Station (PVNGS) have partnered with Westinghouse Electric Company resources to develop a site-specific LPSD PRA model in
alignment with current LPSD Draft Standard ANS/ASME-58.22. Through the course of this effort a number of lessons learned, potential concerns and issues with the Draft Standard,
and areas for future industry research have been identified. This paper serves to share and distribute these items in order to aid future LPSD analysts and encourage industry awareness, interest, and development of necessary LPSD methodologies and guidance.
59
April 26-30, 2015
SESSION 31-1: RISK-INFORMED MAINTENANCE
Session Chair: Jeff Shackelford, DNFSB
Assessing the Suitability of MR Performance Criteria Using the Sensitivity Method (12167)
Joseph Lavelline (1), Ashley Peterman (2)
1) ENERCON Services, Inc., 2) XCEL Energy, Inc.
An important aspect of a plant site’s Maintenance Rule (MR) program is the establishment and verification of the suitability of Performance Criteria (PC). There are several methods that are used in the industry for verifying the suitability of performance criteria. The method that is presented in this paper is called the “Sensitivity Method”. The rationale for the
selection of this method is that it is deemed to be a good choice for assessing the integrated effects of all of the performance criteria.
The overall objectives of analyses which use the “Sensitivity Method” are:
1. Ensure established performance criteria are compliant with 10CFR50.65.
2. Ensure that guidance in NUMARC 93-01 for the establishment of performance criteria is followed.
3. Ensure that Maintenance Rule performance criteria are appropriately structured to maintain adherence to accepted nuclear safety concepts.
4. Ensure that the established performance criteria aid in the identification of equipment performance “outliers”.
5. Ensure that performance criteria strike the appropriate balance between equipment availability and reliability.
6. Ensure (to the extent practical) that the performance criteria established do not place unnecessary burdens on the operation and maintenance of the plant (within the
confines of Items 1 through 5 above).
Staggering Testing for the Refueling Surveillance Requirements (12322)
Gerald R. Andre, Andrea Maioli, and Rachel Solano
The approach for changing Technical Specification surveillance frequencies requires the relocation of the periodic surveillance frequencies to a licensee controlled program; the
Surveillance Frequency Control Program. After relocation, changes can be made to the Surveillance Frequencies following NEI 04-10, Rev. 1 guidance. This guidance requires an
assessment of the impact of the proposed change on plant risk, as well as an assessment of the impact on defense-in-depth and safety margins. Other considerations include
reviewing the operating experience of the impacted systems and components, component conditioning effects of the surveillance, component operating environment, requirements
in industry codes and standards, and regulatory requirements. This paper focuses on extending the refueling surveillance frequencies to a staggered basis and applies the approach
to the Integrated Engineered Safety Features/Loss of Offsite Power test at the Vogtle Electric Generating Station, Units 1 and 2.
Key Words: Surveillance, Risk-Informed, Application, Technical Specifications, NEI 04-10
Availability-Based Inspection, Testing, and Maintenance Requirements for Fire Protection Systems (12710)
Kaushik Chatterjee, Kumar Bhimavarapu
FM Global
Consensus standards prescribe Inspection, Testing, and Maintenance (ITM) requirements for components of fire protection systems. Generally, these requirements include the
frequency and procedure for conducting the ITM. Most of the ITM requirements prescribed in consensus standards do not rely on a defined system availability and systematic evaluation of failure modes/mechanisms of each component.
This paper presents an approach to establish the ITM requirements for components of fire protection systems based on the failure modes/mechanisms of interest, reliability of
components, and desired availability of the system. The key steps of the approach include (1) identification of the credible failure modes of the components, the causes of failures,
and their effects on the system; (2) development of a fault tree model to determine the logic leading to the unavailability of the system; and (3) iterative availability analysis to
establish the reliability targets and ITM requirements for components to achieve the desired availability of the system.
This paper also presents the results of a case study that uses the developed approach to evaluate the ITM requirements for critical components of a foam-water sprinkler fire
protection system. The approach developed in this study can help to understand the effects of ITM requirements on the availability of a fire protection system, so that rational and
justifiable ITM requirements can be prescribed for the critical components of the system.
60
April 26-30, 2015
SESSION 6-5: HUMAN FACTORS AND HRA V
Session Chair: Jeffrey Joe, INL
Workload Measurement and Balancing Strategy for Operators in Advanced Main Control Room (12295)
Seunghwan Kim*, Yochan Kim and Wondea Jung
In an advanced main control room (MCR) of an APR1400 (Advanced Pressurized Reactor-1400), with the employing of a high-tech control/warning device system, the
behaviors of crews have been changed. The main features of the advanced MCR are computer-based procedure (CBP) systems, advanced alarm systems, group-view display with
large display panels (LDP), soft controls, an advanced communication system and computerized operator support system. However, though the working environment of operators
has been changed a great deal, digitalized interfaces can also change the cognitive tasks or activities of operators. It is revealed that the new features of advanced control rooms may
require new operational tasks for manipulating screens, and changes of communication methods between operators, which have not yet been observed in conventional main control rooms. Hence, new operational control strategies of CBPs are necessary for load balancing of operator’s workload in APR1400. In this research, we proposed operational strategy
to mitigate the imbalanced workload of operators. In order for workload balancing of operators, two types of CBP usages, SS oriented usage and SS-BO collaborative usage, were
defined and the effects of these usages on the workloads were investigated. The obtained results indicated that the workloads between operators in a control room can be balanced
according to the CBP usages by assigning control authority to the manipulators.
The Importance of Operator Input to Human Reliability Analysis (12318)
Claire Taylor
OECD Halden Reactor Project
A recent study by the Halden Reactor Project, titled “Improving Scenario Analysis for Human Reliability Analysis (HRA)” explored the importance of operator input to HRA,
particularly to the qualitative assessment part of the analysis. Qualitative assessment is typically based on information obtained from documentation, previous analyses, operator
interviews, observations of simulated training exercises, etc. The HRA practitioners interviewed for the Halden study also stressed the importance of talking through scenarios with
operating personnel to ensure that the HRA reflects the plant “as operated” rather than “as built”.
Operators can provide valuable insights into the reality of responding to plant events, and the factors that can affect human performance, which may not be evident from other
information sources used by the HRA practitioners. There are, however, challenges associated with obtaining operator input, such as availability of knowledgeable and experienced
personnel, the trustworthiness of the information received, etc.
In this paper, we explore the importance of operator input to HRA, describe some of the associated challenges for obtaining this input, and list the good practices that have been
implemented by experienced HRA practitioners to overcome these challenges.
CAP1000 Human Reliability Analysis and Application in Plant Operating Procedure Optimization (13032)
Qiu Yongping, Zhuo Yucheng
Shanghai Nuclear Engineering Research and Design Institute
Human Reliability Analysis (HRA) is an important element in probabilistic safety assessment (PSA) for nuclear power plants. Usually three types of human interactions (HIs) are
defined, i.e., pre-initiating event HIs, initiating event-related HIs, and post-initiating event HIs. In this paper, a simplified introduction of the HRA for CAP1000 nuclear power plant
is first presented. Then based on the risk-important human actions obtained from the results of CAP1000 PSA/HRA, two of the human actions are studied in detail with qualitative
analysis of human error probability versus the steps of operating procedures. Finally some proposals for optimization of the relevant procedure steps are discussed. The CAP1000
operating procedures are still under developing, and the study will provide an effective way for procedure optimization.
61
April 26-30, 2015
SESSION 7-3: DATA AND PARAMETER ESTIMATION III
Session Chair: Jan Stiller, GRS
Eliciting Expert Judgment – Peer Review Observations from a Recent Exercise and Future Plans (12117)
Nathan Siu (1), Jing Xing (1), Gabriel Taylor (1), Rob Cavedo (2)
1) U.S. Nuclear Regulatory Commission, 2) Exelon Generation
Considerable guidance exists for eliciting expert judgment in support of probabilistic risk assessment (PRA). However, as illustrated by a recent exercise addressing the likelihood and
duration of fire-induced electrical circuit failures, there appears to be room for improvement. More broadly, the current guidance provides considerable flexibility in implementation that
could lead to different elicitation approaches, leading to different sets of information provided to decision makers. The U.S. Nuclear Regulatory Commission (NRC) staff, per Commission
direction, is currently developing comprehensive guidance regarding the use of formal expert judgment in regulatory applications. The staff intends to pilot that guidance in its assessment of the likelihood of interfacing systems loss of coolant accidents, performed as part of the NRC’s ongoing Level 3 PRA project for the Vogtle plant.
Using Generic Data to Establish Dormancy Failure Rates for Space Missions (12142)
Bruce C. Reistle, Roger L. Boyer
NASA, Johnson Space Center
Many hardware items are dormant prior to being operated during space missions. The dormant period might be especially long, for example during missions to the moon or Mars. In
missions with long dormant periods, the risk incurred during dormancy can exceed the active risk contribution. Probabilistic Risk Assessments (PRAs) need to account for the dormant risk
contribution as well as the active contribution.
A typical method for calculating a dormant failure rate is to multiply the active failure rate by a constant, the dormancy factor. For example, some practitioners use a heuristic and
multiply the active Mean Time To Failure (MTTF) by 30 to obtain an estimate of the dormant MTTF. To obtain a more empirical estimate of the dormancy factor, this paper uses the recently
updated database NPRD-2011 [1] to arrive at a set of distributions for the dormancy factor. The resulting dormancy factor distributions are significantly different depending on whether the
item is electrical, mechanical, or electro-mechanical. Additionally, this paper will show that using a heuristic constant fails to capture the uncertainty of the possible dormancy factors.
Techniques for Managing Growing Datasets in PRA (12146)
Mark B. Wishart, Jacob R. True, Steven D. Collins
ERIN Engineering & Research, Inc.
As probabilistic risk assessment (PRA) models and analysis become more complex, the need for advanced data collection, storage, and analytical capabilities is required. The
exponential growth of data (known as ‘Big Data’) is a current topic of interest in many industries, including the nuclear industry. Given these large datasets, it can become difficult to
understand what utility the data presents, and develop appropriate strategies to generate meaningful information (i.e., understand important trends and insights). Tasks such as data
organization and storage also become cumbersome when large datasets are considered. This paper focuses on a review of data collection, storage, and analytical techniques.
Insights from the Estimation of RPS/ESFAS Component Demand Failure Probabilities Based on Performance Monitoring
Data after a Risk Informed Surveillance Test Interval Extension (12326)
Young G. Jo
Southern Nuclear Operating Company
In the risk evaluations to support a RI STI extension at a reference plant, it was assumed that the demand failure probabilities of Reactor Protection System/Engineered Safety Feature
Actuation System (RPS/ESFAS) components would increase by a factor of N as their STIs are increased by a factor of N. Such an assumption is believed to produce an upper bound failure
probability because not all causes of a components failure are time-dependent.
The purpose of this study was to see what actually happened to the demand failure probabilities of the affected RPS/ESFAS components after the RI STI extensions. The reference
plant specific experience data collected from a four-year-long performance monitoring for the affected components after the RI STI extension and demand failure probabilities before
the STI extensions, which were based on the experience data from the reference plant and other similar plants, were obtained for this study. A null Hypothesis, that the demand failure
probability of a selected RPS/ESFAS component after the STI extension remains the same as the value before the STI extension, was tested. The null hypothesis was not rejected for all of
the selected RPS/ESFAS components. Based on the insight from the hypothesis tests, the demand failure probabilities before the STI extension were chosen as the prior distributions for
the Bayesian data updates for the selected RPS/ESFAS components. The Bayesian updates showed that the demand failure probabilities of the affected RPS/ESFAS components remained
almost the same for all components but one whose failure probability increased by 7%.
In conclusion, for the selected RPS/ESFAS components, the demand failure probabilities did not seem to increase by a factor of N when their STIs had been increased by a factor N.
Rather, the probabilities after the STI extensions seem to remain close to the probabilities before the STI extension. A continuous monitoring and Bayesian update would provide better
insights for the demand failure probabilities after the RI STI extensions. It should be noted that the insights and conclusions from this study may not be directly applicable to other type of
components and also they are not applicable to the case where an STI is extended to such an extent that aging effects take effect during the extended STI.
62
April 26-30, 2015
SESSION 9-3: DYNAMIC PSA III
Session Chair: Kaushik Chatterjee, FM Global
Dynamic Simulation Probabilistic Risk Assessment Model for an Enceladus Sample Return Mission (12345)
Christopher J. Mattenberger, Donovan L. Mathias, and Ken Gee
NASA Ames Research Center
Enceladus, a moon of Saturn, has geyser-like jets that spray plumes of material into orbit. These jets could enable a free-flying spacecraft to collect samples and return them to
Earth for study to determine if they contain the building blocks of life. The Office of Planetary Protection at NASA requires containment of any unsterilized samples and prohibits
destructive impact of the spacecraft upon return to Earth, with a sample release probability of less than 1 in 1,000,000 as a recommended goal.
This paper describes a probabilistic risk assessment model that uses dynamic simulation techniques to capture the physics-based, time- and state-dependent interactions
between the sample return system and the environment, which drive the risk of sample release. The dynamic approach uses a Monte Carlo-style simulation to integrate the many
phases and sources of risk for a sample return mission.
The model is used to assess the achievability of the planetary protection reliability goal. This is accomplished by performing sensitivity studies assessing the impact of modeling
assumptions to identify where uncertainties drive the risk. These results, in turn, are used to examine the feasibility of meeting key design and performance parameters that are
needed to achieve the reliability goal for a given architecture with existing technologies.
Conditional Modeling for Variable Success Criteria (12309)
Nathan Larson
Westinghouse Electric Company: Comanche Peak Nuclear Power Plant
Fault tree modeling has traditionally been performed on a functional level where the system success criteria are largely static; e.g. power distribution system/train is functionally
modeled to provide power to all components associated with its system/train. However, under certain specific circumstances, conditions may exist where a function will be limited
or expanded variably. The precise limitations differ but are generally associated with procedural restraints and equipment restrictions under explicitly defined conditions (specific
initiators/accident sequences, timing, component failure combinations, condition specific design limitation, etc.). Existing methods to address variable success criteria include postprocessing of quantification results or developing additional event tree logic. These methods can result in inaccurate component/basic event risk importance measures (importance
values can be over/under estimated) or large and redundant fault tree top (accident sequence) logic. An alternate method for treatment of variable success criteria can be addressed
by modeling system fault tree logic conditionally through the use of mutually exclusive logic models. The conditional modeling uses modified system fault trees that contain multiple functions in tandem with mutually exclusive logic acting to dynamically control the accident scenarios where each of the functions is applied. The resulting conditional modeling method produces accurate component/basic event risk importance values and can significantly simplify the amount of modeling associated with event tree top logic expansion,
creation of postprocessing files and corresponding mutually exclusive logic updates. It should be noted this method was developed for use with CAFTA based fault tree models.
Hybrid Dynamic Event Tree Sampling Strategy in RAVEN Code (12363)
A.Alfonsi, C. Rabiti, D. Mandelli, J. Cogliati, R. Kinoshita
The RAVEN code has been under development at the Idaho National Laboratory since 2012. Its main goal is to create a multi-purpose platform for the deploying of all the
capabilities needed for Probabilistic Risk Assessment, uncertainty quantification and data mining analysis. RAVEN is currently equipped with three different sampling strategies:
Once-through samplers (Monte Carlo, Latin Hyper Cube, Stratified and Grid Sampler), Adaptive Samplers (Adaptive Point Sampler) and Dynamic Event Tree samplers (Traditional
and Adaptive Dynamic Event Trees).
The main subject of this paper is about the development of a Dynamic Event Tree (DET) sampler named “Hybrid Dynamic Event Tree” (HDET). As other authors have already
reported, among the different type of uncertainties, it is possible to discern two principle types: aleatory and epistemic uncertainties. The classical Dynamic Event Tree is in charge of
treating the first class (aleatory) uncertainties; the dependence of the probabilistic risk assessment and analysis on the epistemic uncertainties are treated by an initial Monte Carlo
sampling (MCDET). From each Monte Carlo sample, a DET analysis is run (in total, N trees). The Monte Carlo employs a pre-sampling of the input space characterized by epistemic
uncertainties. The consequent Dynamic Event Tree performs the exploration of the aleatory space.
In the RAVEN code, a more general approach has been developed, not limiting the exploration of the epistemic space through a Monte Carlo method but using all the oncethrough sampling strategies RAVEN currently employs. The user can combine a Latin Hyper Cube, Grid, Stratified and Monte Carlo sampling in order to explore the epistemic space,
without any limitation. From this pre-sampling, the Dynamic Event Tree sampler starts its aleatory space exploration.
63
April 26-30, 2015
Wednesday, April 29, 13:30, Limelight C
SESSION 8-2: DIGITAL I&C SAFETY AND RISK ANALYSIS II
Session Chair: Kevin Coyne, NRC
AES-2006. Results and Main Approaches to ESFAS Function Modeling During PSA Level 1 Performing at FSAR Stage (12115)
Ekaterina Shilina, Aleksandr Solodovnikov,
JSC «Atomproekt»
In June 2014 at PSAM 12 conference there was introduced the report, containing main results of the performance of PSA level 1 for AES-2006 project at PSAR stage. At this
report, the need for detailed PSA modeling posited as one of most important direction for PSA model upgrade at FSAR stage. Herewith there was emphasis for more detailed I&C
functions modeling. This report represents results and main approaches to ESFAS function modeling, during PSA level 1 performing at FSAR stage for AES-2006 project.
Development of a Bayesian Belief Network Model for Quantifying Software Failure Probability of a Protection System
(12139)
T.L. Chu (1), A. Varuttamaseni (1), M. Yue (1), S. J. Lee (2), H. S. Eom (2), H. G. Kang (3), M. C. Kim (4), H. S. Son (5), S. Yang (6)
1) Brookhaven National Laboratory, 2) Korea Atomic Energy Research Institute, 3) Korea Advanced Institute of Science and
Technology, 4) Chung-Ang University, South Korea, 5) Joongbu University, South Korea, 6) NUV Technology, LLC
A Bayesian Belief Network model for quantifying the probability of failure on demand of a protection system due to software failures is presented. It is based on the assumption
that the quality in carrying out the software development activities determines the reliability of the software. The oval BBN model is a generic one that can be applied to any safety
critical software. It uses the quality evaluation and debugging data of a specific software program to estimate the number of faults injected and the number of faults detected and
removed in each phase of the development process. The estimated number of faults is then converted into a software failure probability using a Fault Size Distribution.
Software and Human Reliability: Error Reduction and Prediction (12221)
Lance Fiondella (1), Romney B. Duffey (2)
1) University of Massachusett, 2) DSM Associates Inc.
The reliability of software is improved when humans detect and correct errors in the coding of logic, inputs, and programming during the various stages of the engineering lifecycle, including development, testing and operation. We postulate that these methods are the same as, and reflect the neural learning processes that dominate theories of human
reliability.
Our previous research has demonstrated that new dynamic laws derived from the learning hypothesis govern the observed behavior of humans in the process of learning and
correcting errors. The data used to validate this theory were classic data sets taken from the cognitive psychology literature for error correction and response times. Developing the
mental skills of error correction, learning, decision making, and problem solving all reflect the neural connectivity and patterns that correspond to the emergence of order from
disorder and randomness. The statistical methods and probabilistic distributions that can characterize these behaviors arise naturally from the processing of complexity as measured
by the information entropy.
We examine software reliability and testing data, using learning theory to demonstrate with both data and theoretical analysis that there is indeed a direct and proportional
relation between response times for processing complexity and correcting mistakes by developing learning patterns. Our results indicate that response times decrease slightly faster
than error correction rates.
We also demonstrate a high degree of consistency between individual learning, error correction, skill acquisition rates, and responses with strong trends exhibited through learning and error reduction during the testing of large software applications as well as their operation in field environments.
64
April 26-30, 2015
SESSION 6-6: HUMAN FACTORS AND HRA VI
Session Chair: Zhegang Ma, INL
Development and Application of a Methodology to Apply Human Reliability Analysis to an Independent Spent Fuel Storage Installation (12088)
P. Díaz, D. Lomeña, J. Dies, C. Tapia, A. De Blas, M. Asamoah
Nuclear Engineering Research Group (NERG), Technical University of Catalonia-Barcelona Tech (UPC)
Human performance plays a considerable role in Independent Spent Fuel Storage Installations handling operations. Human error probabilities should be introduced into ISFSIs’
PSAs. An HRA methodology has been developed, based on ATHEANA, in which relying upon experts is not mandatory. ATHEANA’s quantification process, which is carried out by
Expert Elicitation, is modified by introducing an estimation algorithm. The aim is to obtain the HEPs of Human Failure Events from elemental and generic human failure probability
values. Human Failure Event Trees are introduced as the base for the description, delineation and quantification of HFEs. The structure of HFETs is formed by human failure basic
events called Unsafe Actions. A classic model is used to quantify generic UAs. SPAR-H is introduced into the algorithm to assess PSFs. The estimation algorithm modifies the way
ATHEANA is applied. The analysts’ efforts have to be placed on deeply analyzing the Operation Procedures and the context of study rather than applying the Elicitation process. The
methodology has been applied to a specific ISFSI and the results are consistent with the Operative Experience present in NUREG-1774 and NUREG-0612. The delineation of HFETs
has demanded a considerable effort.
Estimation of Human Error Probabilities Based on Operating Experience of Loviisa Nuclear Power Plant (12120)
Rasmus Hotakainen
Fortum Power and Heat Oy, Finland
A procedure used worldwide to analyze human reliability in a Probabilistic risk assessment (PRA) is the ASEP-HRA procedure developed by Alan D. Swain. A modified version of it
is also used in the PRA of Loviisa nuclear power plant. The procedure is mainly based on expert judgment and it does not necessarily represent the reality in all situations well.
Operating experiences of Loviisa NPP and the ICDE (International Common Cause Data Exchange) database were used to estimate measurement calibration error and valve
erroneous position probabilities. These values were compared to those obtained using the ASEP-HRA procedure to be able to verify or adjust the ASEP values for the Loviisa NPP. The
estimation was based on the use of a PREB (Parametric robust empirical Bayes) method and a method used by Fortum to analyze common cause failures.
The results suggest that the unavailabilities caused by measurement calibration errors do not need to be changed in Loviisa PRA, while the basic human error probability can be
changed from BHEP = 5·10−2 to the value of BHEP = 5·10−3 regarding the analyzed valves. The risk estimate of Loviisa 1 at power decreases with nearly one per cent due to the
change.
Upgrade of the PSA for NPP Paks to Model the Effects of New Low Power and Shutdown Emergency Operating Procedures
(12301)
Attila Bareith (1), David Hollo (1), Tamas Javor (1), Zoltan Karsa (1), Tibor Kiss (2), Laszlo Nagy (2), Peter Ruckert (2), Peter
Siklossy (1), Tamas Siklossy (1), Eva Tothne Laki (2), Zoltan Vida (2)
1)NUBIKI Nuclear Safety Research Institute, Hungary, 2) Paks Nuclear Power Plant Ltd, Hungary
Level 1 PSA models for low power and shutdown (LPSD) conditions are available for the Paks Nuclear Power Plant in Hungary since 1997. Until 2011, post-initiator operator
actions (so-called Type C human interactions) in LPSD situations were determined on the basis of event-based emergency operating procedures (EOPs). After the implementation
of symptom-oriented EOPs for full power operation in 2003, a similar approach was adopted in 2011 for LPSD conditions as well. Consequently, the whole area of HRA for Type C
actions had to be reconsidered and renewed. PSA model development and re-quantification in view of EOP improvement were completed in 2013. Besides modifications induced
by EOP changes, the assessment identified several other potential model upgrades, primarily with respect to refinements in the definition of adequate emergency responses to
plant transients in LPSD conditions. This paper presents an overview of the low power and shutdown PSA upgrade for the Paks NPP performed due to the implementation of the
new emergency operating procedures. Important methodological aspects are summarised. Model upgrades made within and beyond HRA relevance are highlighted. Key analysis
findings are discussed as well.
65
April 26-30, 2015
SESSION 12-2: EXTERNAL EVENTS ANALYSIS II
Session Chair: Fernando Ferrente, NRC
A Unique Method for Prioritizing Spatial Analysis Scenario Refinements (12152)
Mark B. Wishart, Gregory T. Zucal
ERIN Engineering & Research, Inc.
Probabilistic risk assessments (PRAs) that require spatial analysis for scenario development (e.g., internal fire and flood) become increasing complex as additional scenarios are
incorporated into the model. Advancements in computational modeling capabilities facilitate scenario refinement, but this effort does not always provide a commensurate risk
reduction. This paper presents a method for assessing the potential risk reduction of scenario refinements, by constructing a multidimensional risk metric. This metric can provide a
basis for prioritizing scenario refinements, and is applicable to the modeling of various hazards. This paper outlines the methodology used to generate the risk metric.
Assessing the Zone of Vulnerability of a Nuclear Plant to External Events (12334)
J. Roy (1), A. Del Rosso (1), A. Lindeman (1), F. Rahn (2)
1) Electric Power Research Institute, 2) Whitney Research Services
The accident at Fukushima Daiichi and the tornado event impacting Browns Ferry in 2011 highlight the importance of reliable off site power to nuclear power plant safety. INPO
has identified grid reliability (e.g. reliability of offsite power) as a key concern related to safety at nuclear plants. Indeed, nuclear plant risk and grid instability are interrelated. The trip
of a NPP can contribute to system instability, and instability conditions in the grid can result in the tripping of the plant.
Traditionally, the nuclear side has looked at the risks to the nuclear plant of a loss of offsite power, and the power delivery side has looked at issues of grid reliability. Therefore,
the need for an integrated approach to assess system reliability considering the interface between NPP and the transmission grid comes up. Means to apply probabilistic reliability
assessment (PRA) methods have been identified. These same techniques can be easily extended to other off-site events affecting off-site power such as tornados and hurricanes.
EPRI is producing a methodology for transmission grid operators and individual nuclear plant operators to identify particular single vulnerabilities often due to external events
that will have major consequences to the operation of system or plant. Based on the possible external event vulnerabilities that may affect a NPP, a methodology for evaluating the
border of the vulnerability zone of transmission system events on a nuclear plant was developed. The methodology is been currently tested with a case study in a generic power
system model, which includes a representative model of a nuclear power plant for the analysis. A generic 200 bus power system model has been set up of this purpose.
The risk evaluation would use the PRA tools, primarily Computer Aided Fault Tree Analysis System (CAFTA), to identify where a single failure can create a disruption of the grid
system. In addition to identifying the locations where these risks exist, CAFTA will provide a numerical estimate of its probability of occurrence. By using another risk tool called
Equipment Out-of-Service (EOOS), which keeps real-time track of the configuration and operating condition of systems and components, transmission system congestions can be
tracked and alternate operating strategies evaluated and implemented in real time by the system operators to reduce overall risk to the transmission grid.
The methodology will operate real time, responding to changing environment and system configurations, will include ways to reduce risk, and will provide ways to restore a risk
margin or assist a system recovery. The methodology will also consider the impact of nuclear plant trip to the power grid (NPP-to-Grid interface/disturbance).
Approaches, Illustrative Findings and Recommendations in Tsunami Risk and Fragility Modeling (12350)
Robert T. Sewell (1), Biswajit Dasgupta (2), Ron Janetzke (2), Debashis Basu (2), Kaushik Das (2), John Stamatakos (2)
1) R.T. Sewell Associates, 2) Center for Nuclear Waste Regulatory Analyses, Southwest Research Institute
A general framework for tsunami probabilistic risk analysis (TPRA) is outlined, and concise descriptions of probabilistic tsunami hazard assessment (PTHA) and tsunami fragility
analysis (TFA) are given. Two specific details of PTHA and TFA are then elaborated:
(1) Calibration of tsunami wave models in PTHA; procedure and motivation for statistical, versus deterministic, model calibrations are explained.
(2) A fundamental TFA approach adapted from existing methodology for seismic fragility analysis; illustration of the TFA approach is provided via parameter study using a simple
physical, nonlinear structural-mechanics model.
In describing the TFA parameter study, wave characteristics, issues and solutions potentially useful to TFA studies for more realistic physical models are highlighted, including: (a)
valid engineering characterization of tsunami waves; (b) representative values of fragility (i.e., capacity probability distribution) parameters; and (c) influences of wave rise time (as
simple descriptor of wave dynamics), the structure’s governing lateral load in terms of seismic design basis, and variation in structural yield strength.
Lastly, some conclusions are provided, with a summary of key general recommendations and needs for further development in TPRA.
66
April 26-30, 2015
TUTORIAL SESSION: BAYESIAN INFERENCE IN PRA
Presented by: Curtis Smith
This one-session workshop covers the application of Bayesian inference methods in Probabilistic Risk Assessment (PRA). The objective is for participants to be able to describe
inference processes as part of PRA applications. We will describe how to update Bayesian priors and apply tools such as OpenBUGS using the techniques described in the Springer
book Bayesian Inference for Probabilistic Risk Assessment (coauthored by the lecturer, Dr. Curtis Smith). In the workshop, we will address a variety of issues related to using probabilistic models for estimating PRA parameters. We will provide background to the analysis framework, then proceed to demonstrate the analysis of varying-complexity problems from
traditional conjugate-types of inference through applications including uncertain data and trending.
67
April 26-30, 2015
Wednesday, April 29, 15:30, Boiler Room
SESSION 10-1: PSA STUDIES AND APPLICATIONS
Session Chair: Roger Boyer, NASA
Creating an Effective Technical Infrastructure for Efficient Risk-Informed Performance-Based Applications and
Implementation (12144)
James K. Liming
ABSG Consulting Inc.
This paper summarizes a practical approach for creating the technical infrastructure required to support effective and efficient implementation of risk-informed performance-based
applications (RIPBAs) using probabilistic safety assessment (PSA) or probabilistic risk assessment (PRA) as a foundation. RIPBAs provide a way for nuclear utilities to leverage some of the
substantial investments they have made in developing PSAs to reap significant cost savings over the remaining lives of their power plants. RIPBAs include programs that require approval
from one or more regulators, as well as applications that require no approval or monitoring from organizations outside the utility company. Some examples of cost-saving RIPBAs include:
• Industry Initiative 4B – Risk-Managed Technical Specifications (RMTS) Programs
• Industry Initiative 5B – Risk-Informed Surveillance Frequency (RI-SFCP) Control Programs
• 10 CFR 50.69 – Risk-Informed Graded Quality Assurance (RI-GQA) Programs
• Risk-Informed In-Service Inspection (RI-ISI) Programs (e.g., for piping)
• Risk-Informed In-Service Testing (RI-IST) Programs
• Risk-Informed Containment Integrated and Local Leak Rate Testing
• Risk-Informed Fire Protection Programs (e.g., National Fire Protection Association [NFPA] 805 Implementation)
• GSI-191 (Containment Sump Issue) Resolution Support
• Risk-Informed Plant Security Management Programs
• Risk-Informed Performance-Based Asset Management (RIPBAM)
Key Words: Probabilistic Safety Assessment (PSA), Risk-Informed Performance-Based Applications (RIPBAs)
Heavy Load Movement Risk Evaluation and Management during the Prairie Island Unit 2 Steam Generator
Replacement Outage (12214)
Thomas A. Morgan (1), Jayne E. Ritter (2)
1) ENERCON Services, Inc. (Maracor), 2) Xcel Energy
To support a steam generator replacement outage on the Xcel Energy Prairie Island Nuclear Generating Plant’s Unit 2, an Outside Lifting System (OLS) was to be installed near the Unit
2 Containment Building equipment hatch. As various heavy load lifts and movements were conducted in that area during the outage, an evaluation was performed to determine what
the potential risk impacts of these lifts might have been on the two-unit station, and what potential Risk Management Actions (RMAs) could be considered to offset any risk increases.
There were a number of possible operating states each unit could be in during the time when the OLS was in use. Each scenario that could occur during each operating state was
categorized. Conditional core damage probabilities were calculated for certain scenarios that could impact Unit 1 while it was in operation. Most evaluated scenarios were able to be classified into low risk categories; however, several specific scenarios were identified as having a heightened risk level.
Possible RMAs were identified for key scenarios, and the feasibility of these RMAs was reviewed with the Steam Generator Replacement Project and Operations staff. The majority
of the proposed RMAs were able to be implemented. Based on the positive experience from the steam generator replacement project, additional analyses are being conducted for the
plant’s Main Generator and Main Transformer replacement projects.
EPRI PRA Documentation Assistant (PRA DocAssist) Status – Current Use and Future Plans (12252)
Joe Edom (1), Sarah Zafar (1), Aaron Young (2), Jeff Riley (3)
1) ERIN Engineering and Research, Inc., 2) Scientech, 3) EPRI
This paper provides a summary of the current status of PRA DocAssist and future plans for further development of the software.
Using PRA DocAssist and SYSIMP to Enhance PRA Model Rollout Tasks (12253)
Joe Edom
This paper provides a method for enhancing the model rollout process using two EPRI Risk and Reliability software tools, PRA DocAssist and SYSIMP. The enhancement establishes an
infrastructure for various risk ranking applications such as MOV ranking, AOV ranking and Maintenance Rule Function significance. Once established, this combination of software tools
allows for a rapid completion of routine tasks from the Model Of Record (MOR) rollout process.
68
April 26-30, 2015
Thursday, April 30, 08:30, Ram Room
SESSION 6-7: HUMAN FACTORS AND HRA VII
Session Chair: Allen Moldenhauer, Dominion Resource Services
Methodology for System Reliability Analysis during the Conceptual Phase of Complex System Design Considering Human
Factors (12166)
Marcelo Ramos Martins (1), Paulo Fernando F. Frutuoso e Melo (2), Marcos Coelho Maturana (1)
1) Escola Politécnica, Universidade de São Paul, 2) COPPE, Universidade Federal do Rio de Janeiro
PSA (Probabilistic Safety Assessment) is an industrial plant approach that has evolved with the complexity of systems. Initially, tools and techniques have been developed with
the main purpose of analyzing operational plants, enabling the identification of phenomena and fault mechanisms hitherto not highlighted. With the evolution of accidents studies,
some techniques applicable to pre-operational phases were developed in order to reduce the risks in operation. Therefore, a number of techniques adequate to analyze ready or near
completion designs can be found. The same is not observed for the early design phase. Despite this, more and more experts in the risk assessment field suggest that safety considerations are most effective when assessed over the whole life of critical systems, including the early stages of its design. These considerations are extended to HRA (Human Reliability
Analysis), i.e., there are few tools that consider operational aspects, especially human performance, during the design phase. The recognized contribution of the human factor in
accidents involving complex systems – sometimes attributed to the lack of suitable tools for its consideration in the design phase – further highlights this gap. In this context, this
paper presents a methodology developed for the early consideration of human reliability in the design of complex systems. It is based on the use of quantitative data from HRA
models and expert opinions expressed in published PSAs. The development of this methodology has prioritized the easy understanding of its steps and results, i.e., its intelligibility
for people involved in the system design has been sought, with expertise on HRA or not.
A Case Study of Human Error Probability in Commercial Aviation (12192)
Y. James Chang (1), Anita Cheng (2)
1) U.S. Nuclear Regulatory Commission, 2) Wootton High School, Rockville, Maryland
This paper provides a case study on analyzing the aviation events registered in the U.S. National Transportation Safety Board (NTSB) aviation accident database and synopsis
system and the flight statistics published by the U.S. Research and Innovative Technology Administration (RITA) of the Bureau of Transportation Statistics (BTS) to calculate human
error contribution to aviation events. From January 1, 2002 to December 31, 2013, there are 686 aviation events registered in the NTSB database for about 1.25 × 108 commercial
flights under the 14 CFR part 121 regulations. All of the flights discussed in this paper are fix winged commercial flights run by large certified carriers. Two analyses were performed
to provide indications of the reliability of performing the highly reliable human tasks of complex system operations. This paper also discusses how the analysis results can be used to
inform human error probabilities of different industries.
Insights on Human Error Probability from Cognitive Experiment Literature (13031)
Jing Xing, James Chang, and Nathan Siu
In this paper, we present a human error causal framework based on cognitive and neuroscience literature. The framework considers human cognitive limits as important root
causal factors in errors while performance influencing factors (PIF) such as human system-interfaces, procedures, training, and experience provide mechanisms for humans to cope
with the cognitive limits in complex task performance. Under this framework, we reviewed and synthesized the literature on human cognitive limits, PIF indicators that challenge
human cognitive limits, and the trends of human error rates varying with single or combination of PIF indicators. The framework also provides insights on the application of nonnuclear experimental findings to human performance in NPP control rooms, and the application of part-task simulation results to complex, operational NPP scenarios. Together the
results presented in this paper could be an indication that cognitive research suggests a different treatment of PIFs than used in most human reliability analysis (HRA) models to
date. This paper presents the work in progress, and we are still developing the framework and the work needs to be validated.
69
April 26-30, 2015
Thursday, April 30, 08:30, Sawtooth Room
SESSION 13-4: FIRE ANALYSIS AND NFPA 805 IV
Session Chair: Robert Budnitz, LBNL
A Method for Explicit Modeling of Barrier Failures in Multi-Compartment Fire Scenarios (12190)
Greg Rozga, Eric Jorgenson
Enercon Services Inc.
A fire PRA plant response model is to be capable of identifying significant contributors to CDF and LERF, including plant initiating events, accident sequences, and equipment
unavailabilities. Multi-compartment fire scenarios consist of a fire initiating event and fire damage occurring in one physical analysis unit, followed by propagation of effects from
the fire to one or more additional physical analysis units (PAUs) due to barrier failure or unavailability. Based on peer review observations, multi-compartment fire scenario modeling quantifies the likelihood for multi-compartment impacts typically in side calculations, and the contributions from barrier unavailabilities are not explicitly captured as a result.
This approach can still meet Capability Category II of the ASME / ANS PRA Standard, if the scenarios in the base model are not risk-significant. This is typically difficult to know in
advance, and rework is needed later if any multi-compartment scenario is risk-significant.
Furthermore, any PRA applications would need to revisit the risk-significance of multi-compartment scenarios, particularly applications that involve fire barriers. An effective
alternative is presented that performs cutset post-processing that explicitly models the exposing compartment scenarios and barrier unavailabilities for all unscreened multicompartment scenarios and typically requires no additional analysis resources.
Probabilistic Concept for Modeling Early Stages of Fire Growth and Progression Using Fire Event Data (12284)
Patrick W. Baranowsky
This paper presents a probabilistic concept for treating early phase fire growth from fire ignition to detection, suppression, and resultant fire severity in a PRA framework that
estimates the likelihood of damaging fires in a manner more consistent with the operating experience fire data. The concept and data analysis were developed for fires in electrical
cabinets. The data shows that the current approach used in fire PRAs does not realistically represent the early stage fire growth in timing, magnitude and damage likelihood. An
event tree approach has been adopted using insights from the data for electrical cabinet fires from EPRI’s Fire Events Data Base to estimate the likelihood that early stage fires (pre
T-squared fire growth) will develop into more risk significant fires. The conceptual approach comports well with the operating experience data by design, showing a substantial
reduction in the likelihood of early stage electrical cabinet fires progressing to more risk significant conditions.
Multicompartment Analyses: Limitations and Recommendations (12320)
Francisco Joglar and Susan LeStrange
Jensen Hughes
The guidance available in NUREG/CR-6850 for incorporating the risk of multicompartment fires in Fire PRAs has not been superseded as a whole or in part by any subsequent
publication. However, through the development of numerous Fire PRAs, a number of “requests for additional information” (RAIs) have been issued by the US NRC associated with
this topic. Consequently, a review of the guidance in NUREG/CR-6850 in light of the specific RAIs and the corresponding responses to these requests may suggest clarifications
and improvements to the existing methodology. The purpose of this paper is to provide a comprehensive review of the Multicompartment Fire PRA. The review will include a 1)
summary of plant fire events resulting in fire spread outside the room of fire origin generating damage, 2) a summary of existing guidance for incorporating the contribution of
multicompartment fires into the Fire PRA, 3) a discussion on the limitations of existing guidance and 4) recommendations for additional guidance in areas where the existing methodology may be improved. Specific examples of areas where the methodology can be improved include 1) credit for suppression activities in the preliminary screening of potential
multicompartment scenarios, and 2) the fire barrier counting process for apportioning the barrier failure probabilities.
70
April 26-30, 2015
Thursday, April 30, 08:30, Columbine Room
SESSION 3-2: COMMON CAUSE FAILURES II
Session Chair: Ricky Summitt, RSC Engineers
Common Cause Failures Exceeding CCF Groups (11925)
J. C. Stiller, M. Leberecht, G. Gänßmantel, A. Wielenberg, A. Kreuser, C. Verstegen
Gesellschaft für Anlagen- und Reaktorsicherheit (GRS) gGmbH
In probabilistic risk assessments (PRA) common cause failures (CCF) are usually postulated for so-called CCF groups which normally comprise the redundant components of the
same type of one system. An analysis of the German operating experience of pressurized water reactors (PWR) up to the year 2002 shows that approximately 10% of all CCF events
affected components which according to current German PRA guidelines are modelled in different component groups. Such CCF have been observed for many different component
types including pilot valves and other valves, batteries, relays, breakers, transducers, diesel generators and ventilators. An existing PRA for a German PWR has been modified in
order to quantitatively assess the possible influence of such CCF on PRA results. It has been found that the impact may be significant: For example, if a CCF of all emergency diesel
generators (“normal” emergency diesel generators and partly diverse additional emergency diesels driving generators and emergency feedwater pumps) is taken into account, the
estimated rate of hazard states may increase significantly. Such common cause failures exceeding CCF groups may potentially affect large numbers of components (e.g. all components containing identical subcomponents like a specific type of switch or actuator) which are, however, typically partly diverse. Therefore the PRA methods for CCF modelling and
CCF quantification including quantitative operating experience analysis have to be further developed. Different approaches to accomplish this have been developed.
Modeling Common Cause Failures of Thrusters on the International Space Station (ISS) Visiting Vehicles (12274)
Megan Haught (1), Bruce Reistle (2)
1) ARES Technical Services, 2) National Aeronautics and Space Administration (NASA)
This paper discusses the methodology used to model common cause failures of thrusters on the International Space Station (ISS) Visiting Vehicles. The ISS Visiting Vehicles each
have as many as 32 thrusters, whose redundancy and similar design make them susceptible to common cause failures. The Global Alpha Model (as described in NUREG/CR-5485)
can be used to represent the system common cause contribution, but NUREG/CR-5496 supplies global alpha parameters for groups only up to size six. Because of the large number
of redundant thrusters on each vehicle, regression is used to determine parameter values for groups of size larger than six. An additional challenge is that Visiting Vehicle thruster
failures must occur in specific combinations in order to fail the propulsion system; not all failure groups of a certain size are critical.
Note that the example illustrated in this paper is not specific to an existing propulsion system and is intended to explain general methodology without disclosing vehicle-specific
details.
An earlier version of this paper was published June 22, 2014 by Probabilistic Safety Assessment and Management Conference (PSAM) 2014.
71
April 26-30, 2015
Thursday, April 30, 08:30, Limelight A
SESSION 23-2: MODELING AND SIMULATION II
Session Chair: Andrea Maioli, Westinghouse Electric Company
Incorporating Dynamic 3D Simulation into PRA (12346)
Steven Prescott, Curtis Smith, Ramprasad Sampath
Through continued advancement in computational resources, development that was previously done by trial and error production is now performed through computer simulation. These virtual physical representations have the potential to provide accurate and valid modeling results and are being used in many different technical fields. Risk assessment
now has the opportunity to use 3D simulation to improve analysis results and insights, especially for external event analysis. However, the static nature of traditional PRA methods
hinders the direct use of time dependent dynamic simulations. This paper first briefly discusses how 3D simulation methods can be used to improve the modeling approach. In addition, we show how a state based PRA model, based on discrete event simulation, is equivalent and in some cases better than results from traditional fault tree evaluation methods.
Finally, how to successfully incorporate physics based 3D simulation events at runtime to enhance overall results.
Comparing Simulation Results with Traditional PRA Model on a Boiling Water Reactor Station Blackout Case Study (12330)
Zhegang Ma, Diego Mandelli, Curtis Smith
A previous study used RELAP and RAVEN to conduct a boiling water reactor station black-out (SBO) case study in a simulation based environment to show the capabilities of
the risk-informed safety margin characterization methodology. This report compares the RELAP/RAVEN simulation results with traditional PRA model results. The RELAP/RAVEN
simulation run results were reviewed for their input parameters and output results. The input parameters for each simulation run include various timing information such as diesel
generator or offsite power recovery time, Safety Relief Valve stuck open time, High Pressure Core Injection or Reactor Core Isolation Cooling fail to run time, extended core cooling
operation time, depressurization delay time, and firewater injection time. The output results include the maximum fuel clad temperature, the outcome, and the simulation end time.
A traditional SBO PRA model in this report contains four event trees that are linked together with the transferring feature in SAPHIRE software. Unlike the usual Level 1 PRA
quantification process in which only core damage sequences are quantified, this report quantifies all SBO sequences, whether they are core damage sequences or success (i.e., non
core damage) sequences, in order to provide a full comparison with the simulation results.
Three different approaches were used to solve event tree top events and quantify the SBO sequences: “W” process flag, default process flag without proper adjustment, and default
process flag with adjustment to account for the success branch probabilities. Without post-processing, the first two approaches yield incorrect results with a total conditional probability greater than 1.0. The last approach accounts for the success branch probabilities and provides correct conditional sequence probabilities that are to be used for comparison.
To better compare the results from the PRA model and the simulation runs, a simplified SBO event tree was developed with only four top events and eighteen SBO sequences
(versus fifty-four SBO sequences in the original SBO model). The estimated SBO sequence conditional probabilities from the original SBO model were integrated to the corresponding sequences in the simplified SBO event tree. These results were then compared with the simulation run results.
Dynamic and Classical PRA: a BWR SBO Case Comparison (12362)
Diego Mandelli, Zhegang Ma, Curtis Smith
As part of the Light-Water Sustainability Program (LWRS), the purpose of the Risk Informed Safety Margin Characterization (RISMC) Pathway research and development is to
support plant decisions for risk informed margin management with the aim to improve economics, reliability, and sustain the safety of current NPPs. In this paper, we describe the
RISMC analysis process illustrating how mechanistic (i.e., dynamic system simulators) and probabilistic (stochastic sampling strategies) approaches are combined in a dynamic PRA
fashion in order to estimate safety margins. We use the scenario of a “station blackout” (SBO) wherein offsite power and onsite power are lost, thereby causing a challenge to plant
safety systems. We describe the RISMC approach, illustrate the station blackout modeling, and compare this with traditional risk analysis modeling for this type of accident scenario.
In the RISMC approach the dataset obtained consists of set of simulation runs (performed by using codes such as RELAP5/3D) where timing and ordering of events is changed accordingly to the stochastic sampling strategy adopted. On the other side, classical PRA methods, which are based on event tree (ET) and fault-tree (FT) structures, generate minimal
cut sets and probability values associated to each ET branch. The comparison of the classical and RISMC approaches is performed not only in terms of overall core damage probability
but also considering statistical differences in the actual sequence of events. The outcome of this comparison analysis shows similarities and dissimilarities between the approaches
but also highlights the greater amount of information that can be generated by using the RISMC approach.
72
April 26-30, 2015
Thursday, April 30, 10:30, Ram Room
SESSION 20-4: SEISMIC IV
Session Chair: Ray Fine, First Energy Nuclear Operating Company
On Relay Chatter Circuit Analysis (12147)
James C. Lin
ABSG Consulting Inc.
Relays are typically not structurally damaged during a seismic event. However, due to the low seismic ruggedness of the relay contacts, vibration induced actuation of certain
relays could occur during an earthquake potentially resulting in an undesired equipment operation or change in equipment position/state. Relay chatter could also actuate the
lockout devices associated with the supply breakers for essential buses and the emergency diesel generator (EDG) output breakers, thus requiring manual operator reset before
these breakers can be re-closed. The most vulnerable portion of the control circuits that may cause the adverse effects of seismic relay chatter include the seal-in function of
motor-operated valves, seal-in feature of time overcurrent trips for medium voltage electrical loads (e.g., pumps and other medium voltage bus breakers), lockout design of the
supply breakers for essential buses and the EDG output breakers. Most of the non-relay contact devices are not prone to chatter. However, mercury and sudden pressure switches on
large power transformers, and small sensitive operator micro switches should still be evaluated in the seismic relay chatter analysis. These devices are typically located in the control
circuits for the non-essential equipment and therefore not likely to cause adverse impact on accident mitigation equipment, except for the potential lockout of auxiliary transformers
and possible loss of offsite power resulting from the activation of sudden pressure relays due to earthquake induced pressure pulses.
An Approach to Seismic Probabilistic Risk Assessment Systems, Structures, and Components Screening (12160)
Donald J. Wakefield, (1), Farzin R. Beigi (1), K. Raymond Fine (2)
1) ABSG Consulting Inc., 2) FirstEnergy Nuclear Operating Company
The ASME/ANS combined standard (ASME/ANS Ra-Sb-2013) states that seismic fragilities are to be developed for all systems, structures, and components (SSCs) which appear
on the seismic equipment list. The combined standard also permits screening of such fragilities. Some have proposed an individual SSC seismic failure frequency criterion of 5x10-7
per year, or a criterion to limit the screened SSCs’ contribution to less than 3-4% of the seismic core damage frequency (CDF).
An alternate approach to SSC screening is proposed. The fragility team is tasked to evaluate fragilities for a reduced set of SSCs judged to have potentially less than 0.5g high
confidence of low probability of failure (HCLPFs).
Once available, the initial seismic probabilistic risk (PRA) model is used to evaluate the conditional probability of core damage (CCDP) in each discrete seismic interval covering
the entire hazard exceedance curve. The plant response team then computes the “success” seismic interval frequency and cumulatively sums these interval frequencies to obtain a
seismic hazard “success” exceedance curve. The maximum frequency that could be added to the seismic CDF can be read directly from the revised seismic hazard “success” exceedance curve. If the success exceedance frequency corresponding to 3-4% of the seismic CDF is at 0.5g peak ground acceleration (PGA) or smaller, then the screening is complete. If
the corresponding acceleration is instead higher, say 0.6g PGA, then only those SSCs judged to have HCLPFs between 0.5g PGA and 0.6g PGA need be considered further by the
fragility team.
A Preliminary Approach to PRA for Seismically-Induced Internal Fires and Floods (12177)
Paul J. Amico (1), Pierre Macheret (1), Robert P Kassawara (2)
1) Jensen Hughes, 2) Electric Power Research Institute
Until the occurrence of the Great Tohoku earthquake and the effects observed at nuclear plants in Japan, hazards in PRA have been addressed individually, and evaluations of
induced hazards have been cursory. This has changed, and now there is a significant interest in correlated hazards, with most of the near-term emphasis on seismically-induced
internal fires and internal floods. There is currently very little guidance in this area. A review of current US and international standards and guidance documents has shown that the
treatment of these events tends to be mostly qualitative. This paper reports on an EPRI project that takes the first steps to allowing quantification, and identifies addition activities
that are need in order to bring the analysis of these events up to the same level as seismic PRA in general The project found that most of the technical aspects of incorporating these
events into a PRA are doable with current capabilities and data, including insights that resulted in development of a screening approach for fire and flood sources The key missing
piece is quantified data on the conditional probability of a fire given seismic failure of a SSC. In the interim, a sensitivity analysis quantification process is proposed.
73
April 26-30, 2015
Thursday, April 30, 10:30, Sawtooth Room
SESSION 30-4: RISK-INFORMED REGULATION IV
Session Chair: Young Jo, Southern Company
Overview and Comparison of Risk-Informed Efforts to Resolve Generic Issue 191 (12123)
C.J. Fong
Efforts to resolve Generic Safety Issue 191 have proven to be extremely challenging. This paper describes several on-going efforts to examine this problem in a risk-informed
context and to use risk insights to resolve the issue. The NRC staff has not yet completed its review of these approaches and this paper is strictly informational; no statements about
their acceptability are made or implied.
Note: This paper was prepared, in part, by an employee or employees of the U.S. Nuclear Regulatory Commission on his or her own time apart from his or her regular duties. NRC
has neither approved nor disapproved its technical content.
Concepts for Demonstrating Compliance with Safety Limits (12132)
Richard Denning (1) Tunc Aldemir (2), Ji Hyun Lee (2), David Grabaskas (3)
1) Former faculty The Ohio State University, 2) The Ohio State University, 3) Argonne National Laboratory
The U.S. Nuclear Regulatory Commission is currently considering significant changes in reactor regulation. Potential regulatory changes associated with severe accident scenarios
are partially planned in response to the Fukushima accident. In addition, research results relating to cladding embrittlement at high burnup raise questions regarding the adequacy
of existing emergency core cooling criteria. New approaches to the treatment of safety limits for both design basis and beyond design basis events for further consideration are
examined.
Assessing Fire Risk for the Significance Determination Process (12303)
Michelle Kichline, George T. MacDonald, Antonios M. Zoulis
The Nuclear Regulatory Commission established the Reactor Oversight Process to oversee and regulate U.S. nuclear plants using risk-informed and performance-based measures.
As part of that process, inspection findings are evaluated using the significance determination process in accordance with Inspection Manual Chapter 0609, “Significance Determination Process.” Findings related to fire are complex and can be especially challenging when the licensee does not have a fire probabilistic risk assessment. In this paper, the authors
evaluate a finding involving a postulated fire scenario in which all of the service water pumps for a dual-unit site could be compromised due to a single fire in the emergency
switchgear room. Inspection Manual Chapter 0609, Appendix F, “Fire Protection Significance Determination Process,” NUREG-1805 and Supplement 1 to NUREG-1805, “Fire Dynamic
Tools (FDTs): Quantitative Fire Hazard Analysis Methods for the U.S. Nuclear Regulatory Commission Fire Protection Inspection Program,” NUREG/CR-6850, “Fire PRA Methodology for
Nuclear Power Facilities,” and NUREG/CR-6850, Supplement 1, “Fire Probabilistic Risk Assessment Methods Enhancements” were used to assess the significance of the finding. Separate risk evaluations were performed for each unit’s emergency switchgear room fire scenarios using risk information from both the Standardized Plant Analysis Risk Model, which
is used by the Nuclear Regulatory Commission and developed and maintained by the Idaho National Laboratory, and the licensee’s internal probabilistic risk assessment model. This
paper illustrates the use of simple fire modeling tools to determine the final significance of the finding.
74
April 26-30, 2015
Thursday, April 30, 10:30, Columbine Room
SESSION 19-1: NEXT GENERATION REACTOR PSA
Session Chair: Cheryl Eddy, RSC Engineers
Anticipated Analysis of Flamanville 3 EPR Operating License - Status and Insights from Level 1 PSA Review (11804)
Gabriel Georgescu, Dupuy Patricia, Francois Corenwinder
Institute for Radiological Protection and Nuclear Safety (IRSN)
The first generation III reactor in France (EPR) is under the final phase of construction at Flamanville (EPR-FA3).For the EPR reactor, the probabilistic studies were developed
beginning with the early design and then evolved during the different design phases. These studies were intensively used by both EDF and IRSN, as a complement of other more
traditional deterministic methods, leading to many design and studies improvements. It is expected that the plant operator (EDF) will send soon to the Safety Authority the request
for operating license of this new reactor. Taking into account the difficulties to assess a new evolutionary design in a rather short term, most of the safety related subjects were
already analyzed by IRSN, in the frame of so called “anticipated examination” of the operating license request. In this context, the updated versions of the Level 1 probabilistic studies
for internal events and hazards were analyzed by IRSN.
Consideration of Physical Behavior and Possibility of Repair in the Long Term Reliability Evaluation of Decay Heat
Removal Systems (11919)
Michel Marquès, Florence Curnier, Paul Gauthé
CEA, DEN, DER,
This paper deals with the “practical elimination” approach of situations corresponding to the complete and timely unlimited failure of the DHR (Decay Heat Removal) function for
the ASTRID Sodium cooled Fast Reactor.
The practical elimination of this situation is addressed, in complement of classical fault tree analyses, via a dynamic approach taking into account the physical behavior of the DHR
systems and the possibility of their repair.
The first objective of the approach is to perform a reliability analysis of the DHR systems, with the classical definition of reliability: probability that DHR systems fulfill their
mission on a given mission time. Therefore, for each considered sequence of DHR systems unavailability, the probability of failure of the DHR function, that is to say the probability of
achieving an unacceptable situation, will be assessed. For this, quantitative evaluations of sodium temperature and cumulative damage are carried out with a simplified thermalhydraulic code and the obtained maximal values are compared with safety criteria.
The second objective of the proposed approach is to evaluate the influence of possible repair of the DHR systems and in particular to try to define an acceptable repair time
enabling to reach a target reliability for the DHR function.
Benefits and Challenges of Performing Fire PRA on a Pre-Operational Plant (12129)
Michele Osterrieder and Clarence Worrell
Westinghouse Electric Company, LLC
Westinghouse Electric Company (WEC), South Carolina Electric and Gas (SCE&G), and Southern Nuclear Company (SNC) are currently developing an at-power internal fire
Probabilistic Risk Assessment (PRA) of the AP1000®(A) plant. AP1000 plants are currently under construction at the Virgil C. Summer and Alvin W. Vogtle sites, and a fire PRA of each
plant is required prior to fuel load to support initial plant operation. This paper discusses several challenges and benefits encountered while performing a fire PRA for the AP1000
plants under construction.
While the basic AP1000 plant design is complete and licensed, many of the design aspects required for a detailed fire PRA (e.g., meeting ASME/ANS RA-Sa-2009 at Capability
Category II) do not stabilize until the final stages of the construction process. For example, fire is a spatial hazard, and detailed modeling of the risk significant plant areas requires
knowledge of the spatial relationship between ignition sources, secondary combustibles, and targets (including cables). This spatial geometry evolves throughout the construction
process, requiring iterative fire PRA model development that starts conservative (and is less reliant on spatial geometry details) and iteratively improves modeling realism as the
construction proceeds.
The AP1000 plant, being an advanced plant, has some additional elements to the fire PRA that are not encountered with operating plants. For example, there is uncertainty
surrounding how digital instrumentation and control systems will respond when exposed to fire. While it is suspected that these systems are less vulnerable to fire-induced spurious
operation, as compared to analog systems common at operating plants, there is little operating experience or testing currently available to support realistic modeling.
Despite the challenges, performing fire PRA on a pre-operational plant provides one tremendous benefit: opportunity to risk-inform the plant design. This is particularly true for
fire, since many of the design details (e.g., spatial geometry and cable layout) do not finalize until relatively late in the construction process. This paper discusses several areas where
the plant design has benefited from the incorporation of fire risk insights as well as the challenges experienced during the process.
75
April 26-30, 2015
Preliminary Level 1 Probabilistic Safety Assessment for China LEAd-based Research Reactor (13034)
Jiaqun WANG, Yazhou LI, Jin WANG, Fang WANG, Liqin HU
Key Laboratory of Neutronics and Radiation Safety, Institute of Nuclear Energy Safety Technology Chinese Academy of Sciences
China LEAd-based research Reactor (CLEAR-I) is a pool-type advanced fast breeder research reactor, using liquid Lead-Bismuth Eutectic alloy (LBE) as coolant. CLEAR-I has dualmodes operation capabilities to test critical LBE cooled fast reactor and accelerator driven subcritical reactor technology, which cause great challenge for the accident analysis and
the development of Probabilistic Safety Assessment (PSA) model. A preliminary level 1 PSA was completed for CLEAR-I, different accident sequences for two operation modes were
modeled in event trees, and passive systems reliability were included in PSA model. The risk of normal operation of CLEAR-I was quantified using generic reliability data, and was
found to be very low for both critical and subcritical operation modes.
76
April 26-30, 2015
Keywords: Probabilistic Safety Assessment, China LEAd-based research Reactor, Risk
Thursday, April 30, 10:30, Limelight A
SESSION 14-1: FLOODING PSA
Session Chair: Cassandra Ruch, RSC Engineers
Modeling of Internal Flood Scenarios Using Mathcad (11190)
Robert J. Wolfgang
Erin Engineering and Research, Inc.
An internal flood PRA involves scenarios in which a pipe rupture can result in the release of a large volume of water over a short period of time. Given the size of the flow rate and
the available space available for water accumulation, the rise in water height as a function of time is necessary to be computed in order to determine the time available for operator
intervention before extensive damage is experienced. To determine the available time before a critical water height is achieved, it is desired that a simplified, yet consistent, approach
be used to help determine the height of water rise as a function of time due to water inflow and outflow. Accounting for area drainage and propagation of water from one adjoining
compartment to another must also be taken into account in order to realistically model a given internal flood scenario. A mathematical model using mass balance equations can be
used to model flow of water into and out of multiple adjoining areas subject to an internal flood event using a set of linked differential equations that define the change in water
height as a function of time for each affected space. Various restrictions and openings that exist between compartments and allow propagation of water from one area to another
can be modeled using a consistent set of fluid flow equations to estimate flow rates and simulate the postulated scenario as a function of time. An example showing the use of such
equations for a given pipe rupture is presented to best show how a simplistic model can be created to estimate water height versus time for various rooms connected via propagation flowpaths. The use of such information can yield the available time for operator mitigation before the equipment in affected rooms is damaged due to water submergence.
External Flooding in Regulatory Risk-Informed Decision-Making for Operating Nuclear Reactors
in the United States (12026)
Fernando Ferrante
The United States (US) Nuclear Regulatory Commission (NRC) has made significant recent efforts in understanding the safety risk of various regulatory activities that include
the impact of external flooding via insights from Probabilistic Risk Assessment (PRA) methods. In part, this stems from multiple actions taken after the Fukushima nuclear accident
related to inspection findings and activities on flood re-evaluations in the United States. Hence, the NRC is currently engaged in reevaluating and enhancing its risk-informed tools,
including the use of PRA modeling, in terms of improving the assessment of inspection activities with respect to regulatory decision-making in the area of external flooding.
Efforts in this area were initiated prior to the Fukushima nuclear accident in 2011, as the treatment of external flooding in risk analysis has long posed challenges not yet fully addressed for implementation in PRA. It is recognized, for example, that for different natural phenomena the maturity of available methodologies and data for assessing the likelihood
of occurrence of hazards that may challenge plant safety varies significantly for different flooding mechanisms, and can involve wide uncertainty in both the intensity and frequency
of an event. Specific findings related to flooding protection for a number of sites led to considerations on flooding frequency analysis in general, as well as the probabilistic treatment
of specific flooding mechanisms, such as dam failures. Additionally, the actual flooding events in the Missouri River in April 2011 which challenged the flooding protection of Fort
Calhoun Station also provided additional insights into flooding response and mitigation.
After the Fukushima accident, the NRC established a Task Force to review insights from this event and subsequent activities are on-going, which includes the reevaluation of potential flooding hazards for nuclear facilities regulated by the NRC. The NRC has also directly engaged other US government institutions in pursuing methodologies to both develop
and establish a common understanding in the area of Probabilistic Flooding Hazard Assessment (PFHA) in terms of advancing and using risk tools a risk-informed decision making
framework. This paper will include a discussion of relevant findings and events, the approaches used by the NRC in obtaining risk insights using readily available tools and methods,
their relationship with the Fukushima Lessons-Learned activities, and areas of research.
First Set of Methodological Elements for Graded Probabilistic Assessment of External Flooding at EdF (12040)
C. Luzoir, M. Gallois, E. Serdet, D. Vasseur, S. Peron
EDF R&D
EDF has to analyze the relevance and develop probabilistic risk assessments for external hazards that haven’t been screened out.
The following article aims at describing the general methodology under development at EDF R&D for a graded approach to probabilistic risk assessment of natural hazards. It
more accurately describes exploratory methodological work for the first phase of this Graded Approach applied to external flooding.
Graded Approach is a set of methods for analyzing probabilistic risk estimation. It implements analysis with more and more detailed levels of hazards, consequences, and accident sequences. It is structured in three phases, from the most simplified analysis to more detailed analysis, and ultimately leading to the development of model close to a Standard
77
April 26-30, 2015
PSA (Probabilistic Safety Analysis) model ([ASME]). Each phase contains the identification for various scenarios, the estimation of frequency for each scenario, the modeling of the
sequences and the quantification of risk.
The first phase of the Graded Approach has been applied on a pilot study for External River flooding. Currently the methodology is only focused on the reactor building, with the
classical 24 hours PSA duration and only for core damage risk.
• Step 1 – Scenarios Identification
The different Flood Scenarios are developed by the identification of critical levels toward protection, and also toward mitigation capabilities. The objective is to establish water
levels corresponding to different loss of materials important for safety. Preventive human actions (the implementation of protection …) are included in this scenarios analysis. Their
reliability has been quantified.
• Step 2 – Frequency Estimation for each scenario
Starting from a given water level on the site, we determine the rate leading to this level. We use a 2D hydrodynamic model where different hydrological scenarios are simulated
based on realistic assumptions. Then, we assign a frequency of occurrence of the most disadvantageous scenario. This approach is the opposite of the usual used in deterministic
studies where, for a given return period, the water level on the platform is evaluated.
• Step 3 – Sequences modeling
We use the Internal Events PSA models because their level of details allows understanding of the transient and of the real impact on risk, especially the risk of core damage.
Modeling is therefore to adapt the PSA model. This is done by introducing the frequency initiators and introducing the loss of the material based on scenarios developed and also by
modifying some mitigation actions.
• Step 4 – Risk quantification
In phase 1 conservative assumption are made when quantifying (e.g. probability of occurrence of hazard induced by flooding). Post-initiators operator actions (i.e. local actions)
that are affected are analyzed using procedures and their failure is quantified. The risk of core damage is quantified for each scenario.
This methodology is a prospective one. It has not been subject to any industrial validation. It is developed as part of a pilot study.
The future R&D program includes flooding methodology for seaside plant, other hazards methodology (for instance for extreme winds) and methodology for spent fuel pool and
long term. We also have to develop the methodology for the more detailed phases and to evaluate the gain obtained.
Key Words: PSA, External hazards, flooding
78
April 26-30, 2015
NOTES
79
April 26-30, 2015
NOTES
80
April 26-30, 2015
NOTES
81
April 26-30, 2015
NOTES
82
April 26-30, 2015
NOTES
83
April 26-30, 2015
NOTES
84
April 26-30, 2015
NOTES
85
April 26-30, 2015
86
April 26-30, 2015
87
April 26-30, 2015
PSA 2015 Program At-A-Glance - Sunday, April 26 & Monday, April 27
Sunday, April 26
Time
Room
Event
0800-1800 Continental Room
Exhibit Setup
0800-1745 Limelight C
INMM Workshop on Safety-Security Risk-Informed Decision-Making
0900-1700 Limelight A
RAVEN Workshop
1400-1830 Limelight Promenade
Registration
1745
Limelight Promenade
Main Entrance
1800-2000 River Run Ski Lodge
Free Shuttle Service to Opening Reception begins
Welcome Reception - Sponsored and Hosted by Jensen Hughes, Inc.
Monday, April 27
Time
Room
Event
0700
Limelight B
Continental Breakfast - Monday Presenters and Chairs
0700-1500
Limelight Promenade
Registration
1200-1600
Continental Room
Exhibit Hall Open
0830-0945
Opera House
Opening Plenary Session sponsored by Idaho National Laboratory
88
Welcome to PSA 2015
Mr. Martin Sattison, INL, PSA 2015 General Chair
Guest Speaker
Dr. George Apostolakis, Head, Nuclear Risk Research Center, Japan
0945-1015
Opera House
Break
1015-1200
Opera House
Plenary Technical Discussion Group Session - The Future of PSA
Chair: Mr. Martin Sattison, INL, PSA 2015 General Chair
Discussion Group Members: Dr. George Apostolakis, Mr. Dennis Henneke, Dr. Jan-Erik Holmberg, Dr. Nathan Siu, Prof. Akira Yamaguchi
1200-1330
Limelight B
Lunch Buffet - Sponsored by Erin Engineering and Reseach, Inc.
1330-1500
Ram Room (40)
(TSM1) Session 6-1: Human Factors and HRA I
12042, Blowing Up Safety Culture - The Lure and Trap of Accident Investigation and Continuous Improvement, by Blackman
12058, Enhancing Employee Wellbeing by Shaping a Total Safety Culture, by van Loggerenberg and Nienaber
12131, Determining Resilience Thresholds for Nuclear Power Plants, by Nelson and Martin del Campo
1330-1500
Sawtooth Room (40)
(TSM2) Session 13-1: Fire Analysis and NFPA 805 I
11923, Development of a Hazard Curve Evaluation Method for a Forest Fire as an External Hazard, by Okano and Yamano
12087, Fire-Related Systems and Key Safety Functions Unavailability Matrix Development and Assessment, by Diaz, et al
12281, Implementing the NFPA 805 Process: Observations of a Technical Reviewer, by Short, et al
1330-1500
Columbine Room (36)
(TSM3) Session 7-1: Data and Parameter Estimation I
12055, A Study on the Effect of the State-of-Knowledge Correlation on Interfacing System Loss-of-Coolant Accident Frequency, by Kim et al
12331, Component Repair Times Obtained from MSPI Data, by Eide and Cadwallader
12342, Development, Implementation, and Impact of Convolution Factors for Offsite Power Recovery in Dominion PRA Models, by Sutton, et al
1330-1500
Limelight A (40)
(TSM4) Session 1-1: Accident Analysis Level 2
12046, Improving the Level 2 PRA Modelling of Basemat Failure, by Andersson, et al
12206, PSA Level 2 with Dynamic Event Trees: Lessons Learned and Perspectives, by Rychkov and Kawahara
12310, Assessment of Offsite Power Non-Recovery for Level 2, by Trull
1330-1500
Limelight C (40)
(TSM5) Session 29-1: Risk-Informed Decision-Making I
12116, Knowledge Engineering Tools - Ready to Support Risk-Informed Decision Making?, by Siu, et al
13029, MSPI Driven Safer Nuclear Power Plant – Callaway Energy Center, by Jiang and Li
14509, The Development of Safety Function Capability Analysis Methodology to Enhance Defense-In-Depth, by Li, et al
1330-1500
Boiler Room (40)
(TSM6)
1500-1530
Continental Room
Break
1530-1700
Ram Room (40)
(TSM7) Session 20-1: Seismic I
12158, Development of Seismic Probabilistic Safety Assessment Model for OPR-1000 Reactor in Korea, by Park, et al
12288, Dam Failure - Nuclear Plant Seismic PRA Model - Modeling Correlations & Uncertainty, by McCann, et al
1530-1700
Sawtooth Room (40)
(TSM8) Session 30-1: Risk-Informed Regulation I
11801, Use of Risk Information in French Technical Specifications, by Georgescu, et al
12105, Improving the Processes Associated with Establishing the Technical Adequacy of Probabilistic Risk Assessments - Status and Path Forward, by Harrison
12283, Graded Approach in Supervision Program and Strategies at SSM, by Hellström
12356, Recent and Future Activities of the OECD Working Group on Risk Assessment (WGRISK), by Roewekamp, et al
1530-1700
Columbine Room (36)
(TSM9) Session 9-1: Dynamic PSA I
12155, Dynamic Reliability Modeling of Reactor Trip System, by Hua, et al
12236, ADAPT-MAAP4 Coupling for a Dynamic Event Tree Study, by Rychkov and Kawahara
12296, DYMS: A Monte Carlo Code for Dynamic Fault Tree Analysis on Nuclear Power Plants, by Liu, et al
1530-1700
Limelight A (40)
(TSM10) Session 11-1: Severe Wind PSA I
12074, High Wind PRA Development and Lessons Learned from Implementation, by Mironenko and Lovelace
12086, Tornado Missile Strike Calculator: An Excel-based Stochastic Model of Tornado-Driven Missile Behavior for Use in High Winds PRA, by Hope, et al
12291, High Wind PRA Failure Calculations, Error Estimates and Use of CAFTA, by Twisdale, et al
1530-1700
Limelight C (40)
(TSM11) Session 2-1: Multi-Unit Risk
12230, Multi-Unit Nuclear Plant Risks and Implications of the Quantitative Health Objectives, by Modarres
12275, On the Risk Significance of Seismically-Induced Multi-Unit Accidents, by Fleming
12286, A Framework for Addressing Site Integrated Risk, by Kiper and Maioli
12305, Framework for Assessing Integrated Site Risk of Small Modular Reactors Using Dynamic Probabilistic Risk Assessment Simulation, by Dennis et al
1530-1700
Boiler Room (40)
(TSM12)
April 26-30, 2015
PSA 2015 Program At-A-Glance - Tuesday, April 28
Time
Room
Event
0700
Limelight B
Continental Breakfast - Tuesday Presenters and Chairs
0730-1600
Limelight Promenade
Registration
0930-1600
Continental Room
Exhibit Hall Open
0830-1000
Ram Room (40)
(TST1)
11965,
12138,
12364,
Session 6-2: Human Factors and HRA II
Estimating Time Information to Conduct a Seismic Human Reliability Analysis (HRA) Based on Human Performance Data Simulated Against Non-seismic DBAs, by Park, et al
Nuclear Power Plant Seismic Probabilistic Risk Assessment Human Reliability Analysis - A Practical Approach, by Liming and Reddington
Three HRA Case Studies on Plant Shutdown Following Main Control Room Abandonment, by Odell and Worrell
0830-1000
Sawtooth Room (40)
(TST2)
12051,
12181,
13059,
Session 13-2: Fire Analysis and NFPA 805 II
Statistical Characterization of the Advanced Notification in Detection Time for Very Early Warning Fire Detection in Nuclear Plant Electrical Enclosures, by Taylor, et al
Alternate Approach to Calculating LERF for Fire PRA Models, by Hirt, et al
Research on the Installation of VEWFDS in Passive NPP Based on Fire PRA, by Li, et al
0830-1000
Columbine Room (36)
(TST3)
11611,
11953,
12262,
Session 3-1: Common Cause Failures I
Common Cause Failure Parameters Estimation with Coloured Petri Nets, by Deleuze, et al
A Risk-Informed Approach to Address Diversity Requirements in the Design of New Reactors, by Sorel and Gonul
A New Approach for Estimation of Common Cause Failure Parameters in the Context of Incomplete Data, by Le Duy and Vasseur
0830-1000
Limelight A (40)
(TST4)
12163,
12237,
12279,
Session 5-1: Configuration Risk Management
Point Estimates for Components in 10CFR50.65(a)(1), by Anderson and Lavelline
Evalluation of Fire Risk in the Configuration Risk Management Process for XCEL Energy's Monticello and Prairie Island Nuclear Generating Plants, by Morgan and Biersdorf
Nuclear Power Plant Configuration Risk Management: EPRI CRMF Research - Recent Shutdown Risk Management Research, by Morgan, et al
0830-1000
Limelight C (40)
(TST5) Discussion Group Session: Attitudes and Beliefs Regarding PRA - Where Are We Now?
Discussion Leaders: Nathan Siu and Valerie Barnes
0830-1000
Boiler Room (40)
(TST6)
12353,
13033,
13035,
1000-1030
Continental Room
Break
1030-1200
Ram Room (40)
(TST7)
12031,
12191,
12222,
12312,
1030-1200
Sawtooth Room (40)
(TST8) Discussion Group Session: Risk Communications
Discussion Leader: Laura Hermann
1030-1200
Columbine Room (36)
(TST9)
12153,
12114,
12148,
1030-1200
Limelight A (40)
(TST10) Session 11-2: Severe Wind PSA II
12242, High Wind PRA Plant Walkdown Insights and Recommendations, by Sciaudone, et al
12254, Experience with Implementing Part 7 of the ASME PRA Standard (High Wind): Canadian Perspective, by Kaasalainen, et al
12290, Advances in Wind Hazard and Fragility Methodologies for HW PRAs, by Twisdale, et al
1030-1200
Limelight C (40)
(TST11) Session 8-1: Digital I&C Safety and Risk Analysis I
11781, Oconee Digital Protection System PSA Model, by Allen and Enzinna
11961, Coupling Model Checking and PRA for Safety Analysis of Digital I&C Systems, by Bjorkman, et al
12092, NRC Research on Digital System Modeling for Use in PRA, by Li and Coyne
12110, Nordic Experience and Experiments of Modelling Digital I&C Systems in PSA, by Holmberg, et al
1030-1200
Boiler Room (40)
(TST12) Session 21-1: Non-Nuclear PSA
12134, Probability of Loss of Crew Achievability Studies for NASA's Exploration Systems Development, by Boyer, et al
13028, Dynamic Modeling of Ascent Abort Scenarios for Crewed Launches, by Bigler and Boyer
1200-1330
Limelight B
Lunch Buffet - Sponsored by Maracor, A Division of ENERCON Services, Inc.
Speaker: Laura Hermann, Potomac Communications Group, Inc.
1330-1500
Ram Room (40)
(TST13) Session 20-2: Seismic II
11967, Seismic Margins Assessment Systems Analysis Insights for Seismic PRA, by Anoba
12324, Seismic PRA Insights and Lessons Learned, by Maioli, et al
12325, Evolution of the Seismic Portion of the PRA Standard, by Maioli, et al
1330-1500
Sawtooth Room (40)
(TST14) Session 30-2: Risk-Informed Regulation II
11932, Risk-Informed Prioritization of Nuclear Power Plant Issues and Activities, by Dube, et al
11970, A New Regulatory (?) Direction for Level 3 PRAs: NRC Pilot and Beyond, by Levinson
12071, Subsequent License Renewal and PRA, by Hayner and Snedeker
1330-1500
Columbine Room (36)
(TST15) Session 9-2: Dynamic PSA II
12156, Symbiosis of Static and Dynamic Probabilistic Approaches to Support the Design Process and Evaluate the Safety of SFR Reactors, by Curnier, et al
12280, Modeling of a Flooding Induced Station Blackout for a Pressurized Water Reactor Using the RISMC Toolkit, by Mandelli, et al
12351, An Integrated Physics-Based Risk Model for Assessing the Asteroid Threat, by Motiwala, et al
1330-1500
Limelight A (40)
(TST16) Discussion Group Session: Severe Wind
Discussion Leader: Lawrence Twisdale
1330-1500
Limelight C (40)
1330-1500
Boiler Room (40)
1500-1530
Continental Room
Break and ice cream social - Sponsored by Maracor, a Division of ENERCON Services, Inc.
1530-1700
Ram Room (40)
(TST19) Session 18-1: Low Power and Shutdown PSA
12050, AES-2006 PSA Level 1 Shutdown Modes Basic Approaches and Results at FSAR Stage, by Kalinkin, et al
12164, Experience with the ANS Standard for Shutdown PRA Model Quality, by Anderson and Dremel
12287, An Approach for Assessing Low Power and Shutdown Risk, by Kiper and Weston
1530-1700
Sawtooth Room (40)
(TST20) Session 12-1: External Events Analysis I
12073, Screening Analysis Approach Used in the Evaluation of External Flood and Other Hazards for the U.S. Nuclear Regulatory Commission Full-Scope Site Level 3 Probabilistic Risk
Assessment, by Gilbertson
12111, Using of Extreme Value Theory in External Event PSA of WWER440 Reactors, by Kovacs, et al
12250, Insights from IAEA Technical Meeting on Complementary Safety Assessment of NPP Robustness Against the Impact of Extreme Events: Challenges and Developments, by Kuzmina,
et al
12276, Application of the Fault Sequence Analysis Method for the Armenian NPP: Results and Insights from the Benchmarking Study Performed under an IAEA's Extra Budgetary Project, by
Poghosyan, et al
1530-1700
Columbine Room (36)
(TST21) Session 15-1: Fukushima Lessons Learned I
11860, Usage of MAAP5-Dose to Support Plant Habitability, by Kalfleish, et al
12094, Analysis of Potential Risk Caused by Hydrogen and Carbon Monoxide in Buildings Attached to Containment for Ascó 1&2 and Vandellós II NPPs, by Burelbach, et al
12149, Usage of MAAP5-Dose to Support Equipment Survivability Assessments, by Maka, et al
1530-1700
Limelight A (40)
(TST22) Session 1-2: Accident Analysis Level 3
12085, Overall Accident Consequence Estimation Using the PACE Code, by Higgins, et al
12162, Risk Metrics and Risk Ranking in PSA, by Durin, et al
12207, Probability of Being in the Situation Where Dose Assessment Software Would Promote Premature EAL/PAG Decisions at Callaway, by Li
12669, Strategies for Mitigating Releases During a Severe Accident, by Wachowiak, et al
1530-1700
Limelight C (40)
(TST23) Discussion Group Session: Progress in Applying PRA to Non-Reactor Nuclear Facility Issues
Discussion Leader: Kevin O'Kula
1530-1700
Boiler Room (40)
(TST24)
Session 4-1: Computer Codes
Fuel Reliability Analysis Using BISON and RAVEN, by Rabiti, et al
Multiple Models Support in Probabilistic Safety Assessment Program RiskA, by Chen, et al
Design and Implementation of Probabilistic Safety Assessment Program Based on C/S Architecture, by Xu, et al
Session 6-3: Human Factors and HRA III
Modeling Human Failure Event Dependencies in the Columbia PRA Update, by Jorgenson and Manning
Focusing the Scope of Human Error Dependency Analysis, by Blanchard, et al
Extreme Events: Causes and Prediction, by Duffey
How to Explain Post-Core-Damage Operator Actions for Human Reliability Analysis (HRA): Insights From a Level 2 HRA/PRA Application, by Cooper, et al
Session 7-2: Data and Parameter Estimation II
PRA Parameter Estimation for NPPs in Japan (I) Parameter Estimation Overview, by Hashimoto, et al
PRA Parameter Estimation for NPPs in Japan (II) Parameter Estimation Methodology, by Soga, et al
PRA Parameter Estimation for NPPs in Japan (III) Parameter Estimation Experience, by Oya, et al
(TST17) Session 24-1: Passive System Safety and Reliability
11483, Reliability Analysis of Passive Systems with Multiple Competing Failure Modes Involving Performance Degradation, by Burgazzi
12068, Results of a Demonstration Assessment of Passive System Reliability Utilizing the Reliability Method for Passive Systems (RMPS), by Bucknor, et al
12072, A Demonstration of Dynamic Methods for Addressing Passive System Reliability, by Brunett, et al
12208, Analyzing Non-Piping Location-Specific LOCA Frequency for Risk-Informed Resolution of Generic Safety Issue 191, by O'Shea, et al
(TST18) Session 16-1: Open PSA
12023, The Andromeda Shell and Scripting Interface to Efficiently Treat PSA Models, by Thomas, et al
12103, A Method to Compare PSA Models in a Modular PSA, by Thomas, et al
12108, Use of PSA Model XML Standard Formats for V&V, by Asensio and Santos
89
April 26-30, 2015
PSA 2015 Program At-A-Glance - Wednesday, April 29
Time
90
Room
Event
0700
Limelight B
Continental Breakfast - Wednesday Presenters and Chairs
0730-1600
Limelight Promenade
Registration
0930-1600
Continental Room
Exhibit Hall Open
0830-1000
Ram Room (40)
(TSW1) Session 6-4: Human Factors and HRA IV
12020, Advanced Investigation of HRA Methods for Probabilistic Assessment of Human Barriers Efficiency in Complex Systems for a Given Organisational and Environmental Context, by de
Galizia, et al
12199, On the Incorporation of Spatio-Temporal Dimensions into Socio-Technical Risk Analysis, by Pence and Mohaghegh
12200, Quantifying Organizational Factors in Human Reliability Analysis Using the Big Data-Theoretic Algorithm, by Pence, et al
0830-1000
Sawtooth Room (40)
(TSW2) Session 13-3: Fire Analysis and NFPA 805 III
12193, Modeling Main Control Room Abandonment in Fire PRAs, by Amico and Collins
12358, Focusing the Scope of Fire PRA Human Reliability Analysis Using Top Event Prevention (TEP), by Brinsfield and Voskuil
13020, Fire Risk Trends and Contributions - A Heuristic Method to Extrapolate US Nuclear Plant Fire Risk, by Rao
12118, Fire PRA Maturity and Realism: A Discussion and Suggestions for Improvement, by Siu, et al
0830-1000
Columbine Room (36)
(TSW3) Session 15-2: Fukushima Lessons Learned II
12059, Feasibility Assessment of Coping Strategies for Beyond-Design-Basis External Events, by Kim, et al
12285, External Hazards in the PRA of Olkiluoto NPP Units 1 and 2 and Interim Storage for Spent Nuclear Fuel - Ongoing Actions in the Light of the Fukushima Accident, by Puukka, et al
12098, Overview of a System Reliability Study for the On-Site Electrical Distribution System in NPPs, by Wang and Nakoski
0830-1000
Limelight A (40)
(TSW4) Session 23-1: Modeling and Simulation I
12084, Assessment of the Structural Importance Measure with Monte Carlo Sampling, by Volkanovski
12335, Bayesian Calibration of Safety Codes Using Data from Separate- and Integral-Effects Tests, by Yurko, et al
12067, Quantifying Safety Margin Using the Risk-Informed Safety Margin Characterization (RISMC), by Grabaskas, et al
0830-1000
Limelight C (40)
(TSW5) Session 29-2: Risk-Informed Decision-Making II
12216, From Risk Representation to Risk Acceptability: How Risk Representation Tools Shape Decision Making, by Flauw, et al
12223, The Seven Risk Paradoxes, by Duffey
12365, The Relationship between CDF and LERF in Risk-Informed Regulations, by Wang, et al
0830-1000
Boiler Room (40)
(TSW6) Discussion Group Session: Risk-Informed Margins Management
Discussion Leaders: Curtis Smith and Steve Hess
1000-1030
Continental Room
Break
1030-1200
Ram Room (40)
(TSW7) Session 20-3: Seismic III
12076, Status and Path Forward on Near-Term Task Force Recommendation 2.1 - Seismic, by Harrison
12100, Advanced Seismic Probabilistic Risk Assessment Using Nonlinear Soil-Structure Interaction Analysis, by Coleman, et al
12187, On Modeling the Risk from Seismically Induced Fires and Floods, by Martinez-Guridi, et al
1030-1200
Sawtooth Room (40)
(TSW8) Session 30-3: Risk-Informed Regulation III
12044, Risk-Informed Determinism: An Alternative to Risk-Informed Regulation for Establishing New or Totally Replacing Existing Licensing Bases, by Gallucci
12090, Overview of Significant Probabilistic Risk Assessment Research Activities at the U.S. Nuclear Regulatory Commission, by Coyne
12343, Approaches for Making New PRA Methods Available for Regulatory Application, by Amico, et al
1030-1200
Columbine Room (36)
(TSW9) Session 28-1: PSA Standards
12183, Taking a Trial Use Approach to Issuing New Probabilistic Risk Assessment Standards, by Sloane
12169, Screening of External Hazards per Part 6 of the PRA Standard for the AP1000 Plant, by Teolis, et al
12338, Low Power Shutdown Probabilistic Risk Assessment Lessons Learned and Industry Issues with Draft Standard Implementation, by Haugh, et al
1030-1200
Limelight A (40)
(TSW10) Session 31-1: Risk-Informed Maintenance
12167, Assessing the Suitability of MR Performance Criteria Using the Sensitivity Method, by Levelline and Peterman
12322, Staggering Testing for the Refueling Surveillance Requirements, by Andre, et al
12710, Availability-Based Inspection, Testing, and Maintenance Requirements for Fire Protection Systems, by Chatterjee and Bhimavarapu
1030-1200
Limelight C (40)
(TSW11)
1030-1200
Boiler Room (40)
(TSW12)
1200-1330
Limelight B
Lunch Buffet - Sponsored by Westinghouse Electric Company
1330-1500
Ram Room (40)
(TSW13) Session 6-5: Human Factors and HRA V
12295, Workload Measurement and Balancing Strategy for Operators in Advanced Main Control Room, by Kim, et al
12318, The Importance of Operator Input to Human Reliability Analysis, by Taylor
13032, CAP1000 Human Reliability Analysis and Application in Plant Operating Procedure Optimization, by Qiu and Zhuo
1330-1500
Sawtooth Room (40)
(TSW14)
1330-1500
(TSW15) Session 7-3: Data and Parameter Estimation III
12117, Eliciting Expert Judgment - Peer Review Observations from a Recent Exercise and Future Plans, by Siu, et al
12142, Using Generic Data to Establish Dormancy Failure Rates for Space Missions, by Reistle and Boyer
Columbine Room (36)
12146, Techniques for Managing Growing Datasets in PRA, by Wishart, et al
12326, Insights from the Estimation of RPS/ESFAS Component Demand Failure Probabilities Based on Performance Monitoring Data after a Risk Informed Surveillance Test Interval
Extension, by Jo
1330-1500
Limelight A (40)
(TSW16) Session 9-3: Dynamic PSA III
12345, Dynamic Simulation Probabilistic Risk Assessment Model for an Enceladus Sample Return Mission, by Mattenberger, et al
12309, Conditional Modeling for Variable Success Criteria, by Larson
12363, Hybrid Dynamic Event Tree Sampling Strategy in RAVEN Code, by Alfonsi, et al
1330-1500
Limelight C (40)
(TSW17) Session 8-2: Digital I&C Safety and Risk Analysis II
12115, AES-2006 Results and Main Approaches to ESFAS Function Modeling During PSA Level 1 Performing at FSAR Stage, by Shilina and Solodovnikov
12139, Development of a Bayesian Belief Network Model for Quantifying Software Failure Probability of a Protection System, by Chu, et al
12221, Software and Human Reliability: Error Reduction and Prediction, by Fiondella and Duffey
1330-1500
Boiler Room (40)
(TSW18)
1500-1530
Continental Room
Break
1530-1700
Ram Room (40)
(TSW19) Session 6-6: Human Factors and HRA VI
12088, Development and Application of a Methodology to Apply Human Reliability Analysis to an Independent Spent Fuel Storage Installation, by Diaz Bayona, et al
12120, Estimation of Human Error Probabilities Based on Operating Experience of Loviisa Nuclear Power Plant, by Hotakainen
12301, Upgrade of the PSA for NPP Paks to Model the Effects of New Low Power and Shutdown Emergency Operating Procedures, by Bareith, et al
1530-1700
Sawtooth Room (40)
(TSW20) Session 12-2: External Events Analysis II
12152, A Unique Method for Prioritizing Spatial Analysis Scenario Refinements, by Wishart and Zucal
12334, Assessing the Zone of Vulnerability of a Nuclear Plant to External Events, by Roy, et al
12350, Approaches, Illustrative Findings and Recommendations in Tsunami Risk and Fragility Modeling, by Sewell, et al
1530-1700
Columbine Room (36) (TSW21)
1530-1700
Limelight A (40)
(TSW22) Tutorial Session: Bayesian Inference in PRA, by Curtis Smith
1530-1700
Limelight C (40)
(TSW23)
1530-1700
Boiler Room (40)
(TSW24) Session 10-1: PSA Studies and Applications
12144, Creating an Effective Technical Infrastructure for Efficient Risk-Informed Performance-Based Applications and Implementation, by Liming
12214, Heavy Load Movement Risk Evaluation and Management during Prairie Island Unit 2 Steam Generator Replacement Outage, by Morgan and Ritter
12252, EPRI PRA Documentation Assistant (PRA DocAssist) Status - Current Use and Future Plans, by Edom, et al
12253, Using PRA DocAssist and SYSIMP to Enhance PRA Model Rollout Tasks, by Edom
1800-2100
Limelight B
PSA 2015 Banquet: Western Barbeque Sponsored by RSC Engineers, Inc.
April 26-30, 2015
PSA 2015 Program At-A-Glance - Thursday, April 30
Time
Event
Room
0700
Limelight B
Continental Breakfast - Thursday Presenters and Chairs
0730-0900
Limelight Promenade
Registration
0830-1000
Ram Room (40)
(TSTh1) Session 6-7: Human Factors and HRA VII
12166, Methodology for System Reliability Analysis during the Conceptual Phase of Complex System Design Considering Human Factors, by Martins, et al
12192, A Case Study of Human Error Probability in Commercial Aviation, by Chang and Cheng
13031, Insights on Human Error Probability from Cognitive Experiment Literature, by Xing, et al
0830-1000
Sawtooth Room (40)
(TSTh2) Session 13-4: Fire Analysis and NFPA 805 IV
12190, A Method for Explicit Modeling of Barrier Failures in Multi-Compartment Fire Scenarios, by Rozga and Jorgenson
12284, Probabilistic Concept for Modeling Early Stages of Fire Growth and Progression Using Fire Event Data, by Baranowsky
12320, Multicompartment Analyses: Limitations and Recommendations, by Joglar and LeStrange
0830-1000
(TSTh3) Session 3-2: Common Cause Failures II
Columbine Room (36) 11925, Common Cause Failures Exceeding CCF Groups, by Stiller et al
12274, Modeling Common Cause Failures of Thrusters on the International Space Station (ISS) Visiting Vehicles, by Haught and Reistle
0830-1000
Limelight A (40)
(TSTh4) Session 23-2: Modeling and Simulation II
12346, Incorporating Dynamic 3D Simulation into PRA, by Prescott, et al
12330, Comparing Simulation Results with Traditional PRA Model on a Boiling Water Reactor Station Blackout Case Study, by Ma, et al
12362, Dynamic and Classical PRA: a BWR SBO Case Comparison, by Mandelli, et al
0830-1000
Limelight C (40)
(TSTh5)
0830-1000
Boiler Room (40)
(TSTh6)
0830-1815
Limelight Promenade
Main Entrance
Technical Tour of Idaho National Laboratory (pre-registration required)
1000-1030
Continental Room
Break
1030-1200
Ram Room (40)
(TSTh7) Session 20-4: Seismic IV
12147, On Relay Chatter Circuit Analysis, by Lin
12160, An Approach to Seismic Probabilistic Risk Assessment Systems, Structures and Component Screening, by Wakefield, et al
12177, A Preliminary Approach to PRA for Seismically-Induced Internal Fires and Floods, by Amico, et al
1030-1200
Sawtooth Room (40)
(TSTh8) Session 30-4: Risk-Informed Regulation IV
12123, Overview and Comparison of Risk-Informed Efforts to Resolve Generic Safety Issue 191, by Fong
12132, Concepts for Demonstrating Compliance with Safety Limits, by Denning, et al
12303, Assessing Fire Risk for the Significance Determination Process, by Kichline, et al
1030-1200
(TSTh9) Session 19-1: Next Generation Reactor PSA
11804, Anticipated Analysis of Flamanville 3 EPR Operating License - Status and Insights from Level 1 PSA Review, by Georgescu, et al
Columbine Room (36) 11919, Consideration of Physical Behavior and Possibility of Repair in the Long-Term Reliability Evaluation of Decay Heat Removal Systems, by Marques, et al
12129, Benefits and Challenges of Performing a Fire PRA on a Pre-Operational Plant, by Osterrieder and Worrell
13034, Preliminary Level 1 Probabilistic Safety Assessment for China LEad-based Research Reactor, by Wang, et al
1030-1200
Limelight A (40)
(TSTh10) Session 14-1: Flooding PSA
11190, Modeling of Internal Flood Scenarios Using Mathcad, by Wolfgang
12026, External Flooding in Regulatory Risk-Informed Decision-Making for Operating Nuclear Reactors in the United States, by Ferrante
12040, First Set of Methodological Elements for Graded Probabilistic Assessment of External Flooding at EdF, by Luzoir, et al
1030-1200
Limelight C (40)
(TSTh11)
1030-1200
Boiler Room (40)
(TSTh12)
91
April 26-30, 2015
OUR SPONSORS
PLATINUM
GOLD
SILVER
92
BRONZE

Conference Schedule - 2015 International Topical Meeting on

Transcription

Similar documents

- Highland Church

Bioanalytical Laboratories

A REPRINT of a July 1991 Report to Congress, Executive Summary

PraChapter40 Newsletter May 08.pmd

Yogyakarta

Session C14-Preparing Your Students for Career in Energy

Books of Note - Arms Control Association

Naval Nuclear Propulsion Program

160226 - WorldCover

Tips for creating a PSA What is a PSA? Get visual