THE OPT WITHIN THE FRAMEWORK OF THE ISAM 1. Introduction

As anticipated, the role and place of the OPT within the context of the ISAM needs to be discussed in order to point out the interactions with the other ISAM tools [1]:

• with the QSR to check the compliance with principles requirements and guidelines,

• with the PIRT for the identification of the initiators to be considered for the design of the installation, and

• with the DPA safety analysis which allow checking the meeting of safety objectives.

Finally the OPT has to be considered as a preliminary step for the preparation and the realization of the PSA.

5.2. OPT and Qualitative Safety Features Review (QSR)

As indicated within [2], the Qualitative Safety Features Review (QSR) is a new tool that provides a systematic means of ensuring and documenting that the evolving Gen IV system concept of design incorporates the desirable safety-related attributes and characteristics as identified by the available references. QSR is structured following the logic of the defence in depth, and merges a comprehensive set of qualitative foreseen characteristics and features which translate principles, requirements and guidelines applicable to future reactors. Such check list is helping the designer to qualitatively assess and select among different safety options and practical solutions (i.e. the provisions / LOP) those which, while allowing achieving the requested mission and meeting the safety objectives, will best guarantee the correspondence of the final result with the principles and the "good practices" suggested by the available references. The previous paragraphs illustrate how, through the OPT approach,

53 the designer is led to identify the missions and, once these missions defined, select the provisions / LOP which, once integrated into the safety architecture, will achieve them to satisfy the safety objectives. The systematic and parallel use of the QSR allows to check the compatibility of the selected provisions / LOP with the available principles, requirements and guidelines, and if several solutions are offered, select the one (s) that best meet these principles, requirements and guidelines. Moreover, as noted above, highlighting any weaknesses will allow the designer to give adequate priority to their resolution or, where appropriate, motivate the abandonment of the solution.

5.3. OPT and the Phenomena Identification and Ranking Table (PIRT)

Following [1], the method provides a “discipline for identifying those issues that will undergo more rigorous analysis using the other tools that comprise the ISAM. As such, the PIRT forms an input to both the Objective Provision Tree (OPT) analyses, and the Probabilistic Safety Analysis (PSA). The PIRT is particularly helpful in defining the course of accident sequences, and defining safety system success criteria”. The PIRT is recognized essential in helping to identify phenomena areas in which additional research may be helpful to reduce uncertainties.

Discussing the OPT, the previous paragraphs illustrate how, once the challenges defined the designer is led to identify the mechanisms and phenomena which, for the plant under examination, materialize these challenges. In this logic the interactions between the OPT and PIRT are of double nature. On one side the PIRT, for a given challenge and considering the characteristics of the process, will help to identify the mechanisms / phenomena which shall be controlled by the safety architecture and, on the other side, it will allow ranking the corresponding phenomena in terms of importance and degree of knowledge. The latter contribution is essential for, within the context of the design / assessment of the provisions and the safety architecture, defined with the help of the OPT, the PIRT will allow: 1) to prioritize confirmatory research activities to address the safety-significant issues, 2) to inform decisions regarding the development of independent and confirmatory analytical tools for safety analysis, 3) to assist in defining test data needs for the validation and verification of analytical tools and codes, and 4) to provide insights for the review of safety analysis and supporting data bases. Themes 2, 3 and 4 generate essential interactions with another ISAM tool: the Deterministic and Phenomenological Analyses (DPA).

5.4. OPT and Deterministic and Phenomenological Analyses (DPA)

Deterministic and Phenomenological Analyses (DPA), which support the detailed safety analysis both for the design and sizing of the provisions / LOP, as well as for the safety assessment of the whole safety architecture, constitute a vital part of the overall Gen IV ISAM.

DPA is the natural complement of the work achieved with the OPT for, at the very end, DPA will allow sizing of the entire safety architecture and its provisions / LOP and proving that this architecture can meet, as requested, the safety objectives. Moreover, the DPA bring the quantitative assessment for the consequences of the design basis conditions and, as such, it will provide essential inputs into the PSA. Aside from the implementation of deterministic rules (e.g. single failure criterion) which define the framework for the analysis, DPA typically involve the use of familiar deterministic safety analysis codes whose degree of adequacy will be evaluated also with the inputs from the PIRT. Within [1], it is anticipated that DPA will be used “from the late portion of the pre-conceptual design phase through ultimate licensing and regulation of the Generation IV system”. This is due to the fact that preliminary PIRT analysis

54

and OPT implementation will allow defining, and preliminarily sizing, the skeleton of the architecture on which the DPA can apply.

5.5. OPT and the Probabilistic Safety Assessment (PSA)

Probabilistic Safety Analysis (PSA), as indicated by [1], “is the centerpiece of the ISAM” for it can address in an exhaustive manner “both internal and external events, and models potential accident phenomena from the hypothetical occurrence of an initiating event through the point at which accident progression is either arrested, or offsite consequences are realized”. Obviously PSA can only be meaningfully applied to a design that has reached a sufficient level of maturity and detail²².

Nevertheless the exhaustiveness of the description is not an intrinsic characteristic of the tool and it must be provided through the input data. This is why the interaction between OPT and PSA are so essential: the former will provide the whole safety architecture that will be, with all its internal interactions, analytically described by the PSA.

While OPT will strongly contribute to check the consistency versus requirements such as, for example, the principles of the defence in depth (full coverage of all the levels, independence between the levels, etc.), only the PSA can allow the designer to verify the compliance with essential requirements such as the progressiveness of the safety response and the balance among the design conditions versus, for example, the risk for core degradation.

6. CONCLUSIONS

Critical analysis of the contents of the OPT and of the steps for its implementation allows to better identify what may be the role of the tool, especially for the identification of the initiators of incidents and accidents that the designer has to take into account for the design of the safety architecture.

The benefits from the implementation of OPT are even stronger when it is considered within the whole context of interaction with the other ISAM tools:

• with the QSR to allow checking the compliance of provisions, LOP and architecture with principles requirements and guidelines; this compliance is an essential step for the optimization of the selection among the possible technical solutions;

• with the PIRT for the identification of the initiators to be considered for the design and sizing of provisions, LOP and the architecture of the installation, and the ranking of these phenomena / mechanisms in terms of importance and degree of knowledge; this ranking is essential to prioritize the supporting R&D effort;

• with the DPA safety analysis which allow sizing the provisions and LOP, and demonstrating the quantitative compliance of the whole safety architecture with the safety objectives;

• with the PSA for which the OPT represents an essential input in terms of detailed presentation of the whole safety architecture which, once available, will be analytically described and assessed by the PSA.

In this context Objective Provision Tree (OPT) and the related concept of Line Protection (LOP) appear to be instruments well suited to articulate the work of design and

22 So called “Living PSA” can be organized, and used as a key decision tool, in an early design stage but they can only apply to a system whose skeleton, in terms of safety architecture is already available and preliminarily defined and when data on reliability of different provisions can be generated with an adequate degree of uncertainties.

55 assessment of future Gen IV systems in which innovative options - active systems and passive, intrinsic characteristics, etc. - come in to organize safety architectures that one would expect to be simpler and more optimized. OPT/LOP can be implemented alone for punctual studies but the real interest, for the design and assessment of Gen IV systems, raises from the synergy with other ISAM tools and from the iterative way in which those tools are applied at different design development stages.

REFERENCES

[1] GENERATION IV INTERNATIONAL FORUM (GIF), An Integrated Safety Assessment Methodology (ISAM) for Generation IV Nuclear Systems, GIF - Risk and Safety Working Group (RSWG), Version 1.1, June (2011).

[2] INTERNATIONAL ATOMIC ENERGY AGENCY, Considerations in the Development of Safety Requirements for Innovative Reactors: Application to Modular High Temperature Gas Cooled Reactors, IAEA-TECDOC-1366, IAEA, Vienna (2003).

[3] INTERNATIONAL ATOMIC ENERGY AGENCY, Assessment of Defence in Depth for Nuclear Power Plants, IAEA Safety Reports Series No. 46, IAEA, Vienna (2005).

[4] INTERNATIONAL ATOMIC ENERGY AGENCY, Safety of Nuclear Power Plants:

Design, IAEA Safety Standards, Specific Safety Requirements No. SSR-2/1, IAEA, Vienna (2012).

[5] INTERNATIONAL NUCLEAR SAFETY ADVISORY GROUP (INSAG), Defence in Depth in Nuclear Safety, INSAG-10, INSAG Series No. 10, IAEA, Vienna (1996).

[6] WESTERN EUROPEAN NUCLEAR REGULATORS ASSOCIATION (WENRA), WENRA Statement on Safety Objectives for New Nuclear Power Plants, November (2010).

[7] WESTERN EUROPEAN NUCLEAR REGULATORS ASSOCIATION (WENRA), Safety of New NPP Designs, Study by Reactor Harmonization Working Group (RHWG/WENRA), March (2013).

[8] INTERNATIONAL ATOMIC ENERGY AGENCY, Safety Assessment for Facilities and Activities, IAEA Safety Standards, General Safety Requirements Part 4, No. GSR Part 4, IAEA, Vienna (2009).

[9] INTERNATIONAL NUCLEAR SAFETY ADVISORY GROUP (INSAG), Basic Safety Principles for Nuclear Power Plants, 75-INSAG-3 Rev. 1, INSAG Series No. 12, IAEA, Vienna (1999).

[10] GENERATION IV INTERNATIONAL FORUM (GIF), Basis for the Safety Approach for Design & Assessment of Generation IV Nuclear Systems, GIF/RSWG/2007/002 Revision 1, November (2008).

56

HOW TO REINFORCE THE “DEFENCE-IN-DEPTH” IN NPP BY TAKING