APPLICATION OF THE DEFENSE-IN-DEPTH CONCEPT

The above-mentioned targets are achieved in the projects of new-generation NPPs by applying the main principles and requirements of the defence-in-depth (DiD) concept [2, 4].

2.1. Radiation sources and safety barriers

The main sources of radioactivity (RS) that contain the largest amounts of radioactive substances and present a potential hazard of inflicting radiation harm are the nuclear fuel in the reactor core (NF in the RC) and spent nuclear fuel (SNF) in the fuel pool (FP).

The design and neutron-physical characteristics of nuclear fuel and the designs of the reactor core and fuel pool exclude the occurrence of spontaneous uncontrolled chain nuclear reactions in all possible states of the NPP, including severe accidents involving complete destruction and melting of nuclear fuel.

Physical barriers preventing release of radioactive substances and radioactive radiation from radiation sources into the environment serve as safety barriers. These barriers include the following:

• the fuel matrix and claddings of fuel rods forming the nuclear fuel;

• the reactor vessel, pipelines, and other equipment containing the coolant cooling the NF in the RC;

• the FP building structures, pipelines, and other equipment containing the coolant cooling the SNF in the FP;

• the double-shell reinforced-concrete containment with a leak-tight steel liner and the inner containment prestressing system, the system for passively removing hydrogen from the inner containment volume, and with the system for passively filtering the space between the inner and outer containments; and

• the biological shielding.

67 2.2. Classification of elements according to their effect on safety

In accordance with [2], the term "elements" means buildings, structures, equipment casings, pipelines, thermal equipment, electrical equipment, instrumentation and control devices, etc.

The main objectives of carrying out classification consist of estimating the extent to which failures of elements affect safety with separating elements important to safety (EIS) and ranking them into safety classes.

In accordance with [2], EIS are subdivided into the following safety classes 1, 2, and 3, the proper (acceptable) levels of quality and reliability of which are achieved in the design, manufacture, and construction and maintained during operation by adopting the following design solutions:

• applying standards containing the most stringent requirements imposed on the quality and reliability of elements related to safety classes 1 and 2;

• using elements related to class 3 the acceptable reliability of which has been proven by field experience gained at operating NPPs;

• assurance of proper reliability levels (i.e., acceptably low levels of conditional probabilities of dependent failures) of EIS by providing sufficient safety margins with respect to loads caused by on-site and external effects;

• design, manufacture, and construction of EIS by organizations having licenses from the regulatory authority for carrying out the relevant kinds of activities, in accordance with the technical requirements specified by the NPP General Designer and the General Designer of the reactor plant; and

• keeping the acceptable reliability level during operation by monitoring the state and carrying out maintenance and repairs of EIS.

2.3. Postulated initiating events

For working out design solutions on safety assurance, full lists of PIEs are determined, the occurrence of which leads to upsetting normal operation (NO) and generates the need to actuate the protective systems of NO or safety systems (SSs) to prevent the preset damage limits of radiation sources and the limits of radiation effect (safety limits) from being exceeded.

Depending on the occurrence rates and systems the operation of which prevents the safety limits established in the design from being exceeded, all PIEs are subdivided into the following categories:

• Category 2 encompasses PIEs anticipated during NPP operation, that may occur one or more times during the power unit service life (i.e., with an occurrence rate of higher than 10^-2 1/year) as a consequence of failures of systems and elements the operation of which is necessary for implementing technological processes and conditions.

Violation of the preset operational limits and occurrence of design-basis accidents in the case of such events are prevented through the operation of the protective NO systems incorporated in the project. Such systems perform the functions of bringing the reactor into subcritical state (the reactor preventive protection system), creating the shutdown concentration of boric acid (the normal volume and boric acid control system), and removing decay heat from the reactor core (the normal heat removal

68

systems through the secondary and primary coolant circuits). Design operation of NO protective systems prevents the occurrence of PIEs of design-basis accidents and creates conditions for eliminating deviations from normal operation by restoring serviceability of failed elements with subsequently returning the power unit in the NO states at Level 1 of DiD:

• Categories 3 and 4 cover PIEs of design-basis accidents (DBAs) the occurrence rates of which lie in the range 1.0Е-04 – 1.0Е-02 1/year for category 3 and in the range 1.0Е-06 – 1.0Е-04 1/year for category 4. PIEs of DBAs encompass both single internal events (which occur as a consequence of single failures of elements or human errors), on-site events (which occur due to the effect of fires, floods, etc. in NPP premises or in the NPP site) and external events (of natural or man-made origin). The project incorporates full lists of PIEs of DBAs, including the categories of internal, on-site, and external events for all operational states of the power unit:

• operation at full or decreased power;

• startup and shutdown modes; and

• outages for refueling and planned maintenance and repair operations.

To reduce the amount of deterministic and probabilistic safety assessments, the PIEs of DBAs are united in a few groups with the same sets of required safety functions, their success criteria, and safety system configurations for individual PIEs of DBAs included in each group, the main ones being as follows:

• leaks from the primary coolant circuit inside the containment;

• primary-to-secondary leaks;

• leaks from the primary coolant circuit to outside of the containment;

• transients without leaks from the primary coolant circuit involving failures of normal heat removal systems from the reactor core;

• degradation of normal heat removal from the SNF in the FP; and

• failures of support safety systems causing loss of heat removal by active SSs to the ultimate water heat sink (water in the spray ponds).

Violation of the safety limits established for design-basis accidents and occurrence of beyond-design-basis and severe accidents in the case of such events are prevented through the operation of safety systems incorporated in the design basis with reaching control state and then safe state. Justification of reaching safe state is based on conservative acceptance criteria and design rules (Single Failure Criterion, etc.)

2.4. Beyond-Design-Basis Accident conditions

The BDBA conditions can be interpreted as IEs, which are not addressed in design basis as well as complex sequences, initiated by PIEs, but characterized by at least one event in sequence in addition to the independent failure which is postulated in accordance with Single Failure Criterion (SFC). BDBA IEs may occur with frequency less than 1.0Е-06 1/year. The BDBAs reflect the two sets of accident scenarios: first can be mitigated by operation of safety systems and extra engineering features and second that includes severe accidents.

For the first one the safety goal typically corresponds to limits established for design-basis accidents, however, assuming more flexibility in analysis methods and acceptance criteria. Among all set of these scenarios the comprehensive list, which covers scenarios with

69 largest frequency to be identified and considered in the design as Design Extension Conditions. The engineering features and means include the following:

• any engineering features available at the NPP irrespective of their initial purpose;

• supplementary engineering features and measures to control BDBAs.

3. APPLICATION OF THE DID CONCEPT IN DESIGNING SAFETY SYSTEMS