Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 1
Probabilistic Safety Assessment (PSA):Case Study Leibstadt NPP
Background
Methodological Aspects
Swiss Atomic Law
Scope of an Industrial PSA Study
Applications and Results
Conclusions
Dr. Olivier Nusbaumer
Probabilistic Safety Analysis
Kernkraftwerk Leibstadt AG
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 2
Leibstadt Nuclear Power Plant …
… largest Swiss power plant
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 3
Grundlagen der PSAVergleichstabelle natürliche / vom Menschen erzeugte Risiken
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 4
Grundlagen der PSAVerlorene Lebensjahre in Bezug auf Ursachen
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 5
Vergleich der Sicherheit KKL mit NeuanlagenEntwicklung der CDF von Kraftwerkstypen Gen. I - III
CDF Leibstadt
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 6
Background: PSA
Complement the deterministic Design Basis Requirements
Make use of probabilistic calculation tools (Fault Tree / Event Tree) and statistics (plant specific reliability data)
Give answers as to:
What can happen ?
How likely is it ?
What are the consequences ?
How large are the uncertainties ?
(“make uncertainty visible”)
What are the dominant contributors ?
Level 0 PSA
Level 1 PSA
Level 2 and 3 PSA
Risk Informed Applications
Uncertainty analysis
Imp
rove
men
t m
easu
res
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 7
Background: Modeling
Postulation of an Initiating Event (IE) and its frequency f
Modeling of the safety barriers (equipment and measures)
Quantification of phenomenological events and damage level
Level 0 PSA
Level 1 PSA
Level 2 and 3 PSA
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 8
Background: Levels of PSA
Response to initiating events,
Assessment of safety barriers
Frequency of core damage (CDF)
Physical effects, consequences
Radiological consequences(source term)
Athmospheric dispersion, potential and expected doses, dose-effect/risk relation
Frequency and quantities of environmental and
health effects
Level 1
Level 2
Level 3
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 9
Background: Approaches
Deterministic (postulative)
Events completely determined through causality chains
Effect analysis of postulated causes
Statistic (retrospective)
Experience laws derived from a large number of similar observations
Incorporation of the observations at system and event level
Probabilistic (prognostic)
Events determined by probability or frequency
Use of observations at component level (axiom of Kolmogorov)
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 10
Background: Approaches
0
0.5
1
Smallleak
Mediumleak
Largeleak
2F-Break
Pro
ba
bili
ty o
f fa
ilure
(cu
mm
ula
tiv
e)
Real leak spectrum(probabilistic)
Postulation (deterministic)
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 11
Methodological Aspects: Level 1
Fault Trees are logical models of fault combinations that could cause a mitigating system to fail to perform its function when required
Basis: all causes leading to system failure
System modeling System reliability
Event Trees depict the potential event sequences from initiating event to consequences
Basis: plant response
Modeling of accident progression Frequency of accident sequences
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 12
Methodological Aspects: Fault Trees
Which of those designs is more reliable ?(failure to inject water)
DG DG
DG
DG
A:
B:
Reliability Data
Offsite power unavailability: 15 min / yr = 0.25 / 8760 = 2.85E-5
Pump failure (mech.): 2 / 100 demands = 2E-2
Diesel Generator failure: 1 / 100 demands =1E-2
Valve failure (mech.): 2.5 / 1000 demands = 2.50E-3
Double-valve failure (mech.): 1 / 100 = 1E-2
Check valve failure: 5 / 10’000 = 5E-4
Transformer failure: 1E-8
Heat exchanger failure: 1E-8
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 13
Methodological Aspects: Fault Trees
DG DG
A:
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 14
Methodological Aspects: Fault Trees
B:
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 15
P(top) = 1.09E-2
P(top) = 9.00E-4
Design B
DG DG
DG
DG
Design A
Methodological Aspects: Fault Trees
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 16
Methodological Aspects: Risk Importance Measures
Risk Increase Factor (RIF / RAW)
Fussell-Vesely (FV)
Fractional contribution of sequences in which component x is involved
Measure of the involvement level of a given component
Differential Importance Measure (DIM)
)(
)()( 1)(
topP
topPxRIF xp
)(
)()(
xp
topPxDIM
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 17
Zuverlässigkeit von Basis Ereignissen
Component reliability
Startversagen: Q=q
Dauerversagen:
tetQ Tailort 1)(
2
1
0
2/1!
)1(11)1(/1i
iTailorT
Tt T
i
TeTdteTQ
dttNtNNd )())(( 0
t
tQttQ
tQrateFailure
t
Survived
)()(lim
)(1
1:
0
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 18
Methodological Aspects: Reliability Data
Plant specific observations:
6 failures out of 10’000 demands = 6.0E-4
1.E
-09
1.E
-08
1.E
-07
1.E
-06
1.E
-05
1.E
-04
1.E
-03
1.E
-02
1.E
-01
1.E
+0
0
Generic or international data (observations)
5% 95%
Bayesian Update
PSA model
Data specialization
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 19
Methodological Aspects: Reliability Data
Bayesian Law
…can be derived for continuous functions
)()()()( HpHEpEpEHp
)()(
)(
0)(
)()()()()(
pEpEp
Ep
dfEdEfdEf
H: Hypothesis (here: λ)
E: Evidence (observations)
rates failurefor
failuresfor
with
!
1)!(!
!
r
Te
rnr
n
Er
T
rnr
1.E
-09
1.E
-08
1.E
-07
1.E
-06
1.E
-05
1.E
-04
1.E
-03
1.E
-02
1.E
-01
1.E
+00
Prior
Posterior
1.E
-09
1.E
-08
1.E
-07
1.E
-06
1.E
-05
1.E
-04
1.E
-03
1.E
-02
1.E
-01
1.E
+00
dλ
λ
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 20
Methodological Aspects: Seismic Hazards
Earthquake likelihood is given by an hazard curve
“Fragility” is a function of the sustained earthquake magnitude
r
um
Qaa
QaF
)()ln(),(
1 where:
ø(): Gaussian cumulative functionQ: confidence level (0..1)am: median ground-acceleration capacityβu: uncertainty in capacityβr: randomness in earthquake and effectsa: sustained ground motion level.
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 21
Methodological Aspects: Other types of data
Other types of data assessment include
Human Reliability Analysis (HRA)
• In Switzerland: THERP / SLIM
Common Cause Failures (CCF)
• Also subject to Bayesian updates !
Equipment unavailabilities
Impacts (example: fire, airplane crash, wind, …)
Initiating Event (IE) frequencies
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 22
Defense in depth
Rea
cto
r sh
utd
ow
n
HP
Co
re C
oo
ling
Em
e. D
epre
ssu
riza
tio
n
LP
Co
re C
oo
ling
Co
nta
inm
ent
Co
olin
g
Initiator
Co
re D
amag
e
How reliable is the safety barrier = ?
Initiating Event
Frequency [/yr]
Core Damage Frequency
(CDF)
Earthquake
LOCA
(T)LOOP
Load rejection
Loss of BM
Drainage RDB
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 23
Methodological Aspects: Event Trees
Result
52%
24%
12%
1%
10%
2%2%
98% 90% 99% 60%
70%
10%
1%
40%
30%
Break
Accident
OK
Road wet
Girl draws aside(recovery action)
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 24
Methodological Aspects: Event Trees
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 25
Methodological Aspects: Level 2
Containment Response
Accident progression and phenomenology
Calculation of radiological consequences (source term)
Uncertainty assessment
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 26
Methodological Aspects: Integral Risk
Core Damage Frequency [yr-1]
(non-cumulative)
Accident A
Accident D
Accident B
Accident CAccident E
Consequences [Bq]
1E-06
1E-07
1E-08
i
iii KCPIEfR likelihood State End
)(
f(IEi): Initiating event frequencyCPi: Conditional ProbabilityKi: Consequenceα: Weighting factor (≈1)
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 27
Swiss Atomic Law
Swiss Atomic Law (KEG)
Law for peaceful use of atomic energy
No claim about PSA in the text
Swiss Atomic Ordinance (KEV)
Came into effect in February 2005
Defines basic requirements on PSA
Detailed in guidelines ENSI-A05 und A06
Safety goals(as IAEA and NRC)
1E-4 for Core Damage Frequency (CDF)1E-5 for Large Early Release Frequency (LERF)
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 28
Regulatives Umfeld PSA in der Integrierten Aufsicht
PSA ist (nur) ein Element der Integrierten Sicherheitsbewertung
KEG
KEV
ENSI-A05
ENSI-A06
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 29
+PSA =
Auslösende EreignisseSystemmodelle
Unfallabläufe
Zuverlässigkeitsdaten von Komponenten
Menschliche Zuverlässigkeit
(SFA, SFV, SAMG)
Brandanalysen
Überflutungsanalysen
Erdbeben-analysen
Containmentverhalten
Stufe 2 PSA(Freisetzung)
Umfangreiches Computer-Modell
der Anlage
Überblick über die KKLPSA Umfang einer PSA
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 30
Scope of an Industrial PSA Study
Analysis Scope (ENSI-A05, www.ensi.ch)
Fullpower
• Internal, external and area events
• Level 1: Calculation of Core Damage Frequency (CDF)
• Level 2: Calculation of radiological consequences
Low power and Shutdown (KKL: 12 Plant Operating States)
• Internal, external and area events
• Level 1: Calculation of Fuel Damage Frequency (FDF)
• Level 2: Calculation of radiological consequences (New !)
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 31
Scope of an Industrial PSA Study: Types of Events
Internal Events
Transients (24)
Loss of Coolant Accidents (LOCA) (37)
External Events
Earthquakes, extreme winds, tornadoes, external flooding and aircraft
crashes (20)
Area Events (internal hazards)
Fires (85)
Flood (35)
Turbine missile (1)
202
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 32
Scope of an Industrial PSA Study
Component failure modes: ~ 10’000
Human actions: ~ 400
Fault trees: ~ 2000
Up to 80 depth levels
Event Trees: ~ 300
Common Cause Failure Groups: ~350
Man-power
Development & maintenance: 3 Man-Yr / Yr
Applications: 1 Man-Yr / Yr
Documentation: ~ 10’000 pages
>1M CHF / yr
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 33
Applications and Results
Application scope (ENSI-A06, www.ensi.ch)
Evaluation of the Safety Level (CDF < 1E-5)
Evaluation of the Balance of the Risk Contributors
Evaluation of the Technical Specifications
Evaluation of Changes to Structures and Systems
Risk Significance of Components (FV ≥ 1E-3 or RIF ≥ 2)
Evaluation of Operational Experience
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 34
Applications and Results: Risk Contributors
All LOCA Events; 3%Turbine Missile;
0%
Transients and special initiators;
6%
Earthquakes; 47%
Flood; 20%
Fire; 22%
High winds and tornadoes; 1%Airplane crash;
0%
Weir failure; 0%
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 35
Root Cause Analysis Fukushima - First steps
M-9 class earthquakes in the past 100 years
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 36
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 37
Wave height distribution as for 21.04.11. Red circle: inundation depth. Blue triangle: run‐up height.
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 38
Vergleich der Sicherheit KKL mit NeuanlagenEntwicklung der CDF von Kraftwerkstypen Gen. I - III
CDF Leibstadt
CDF Fukushima (?)
Probabilistic Safety Assessment (PSA): Case Study Leibstadt NPP Folie 39
Conclusions
PSA aim to realistically describe risk and safety levels; assess safety barriers
Give insights about the performance of safety measures; indentify weak points
Assess the relative important of accident sequences, optimize the use of available resources
Enable safety assessment of operating aspects and operating experience