contents of the presentation
play

Contents of the presentation Practical method of objective trees for - PowerPoint PPT Presentation

Enhancing Human and Organizational Factors in Defence in Depth Jozef Misak, UJV Rez a.s., Czech Republic, e-mail: Jozef.Misak@ujv.cz, phone number: +420 602 293 882 Germaine Watts, Intelligent Organizational Systems, Canada, e-mail:


  1. Enhancing Human and Organizational Factors in Defence in Depth Jozef Misak, UJV Rez a.s., Czech Republic, e-mail: Jozef.Misak@ujv.cz, phone number: +420 602 293 882 Germaine Watts, Intelligent Organizational Systems, Canada, e-mail: germainewatts@intelorgsys.com, phone number: 1-506-333-7093

  2. Contents of the presentation Practical method of objective trees for assessment of comprehensiveness of DiD Consideration of links between technological systems and human factors for identification of weaknesses in DiD Applying the Objective Trees for Assessment of Internal/External HOF in DiD and identification of improvements Ways for strengthening HOF in nuclear safety Examples of post-Fukushima enhancements of objective trees How a Systemic perspective supports the realization of DiD provisions

  3. Background • Defence in depth (INSAG-10) – hierarchical deployment of different levels of equipment and procedures to maintain the effectiveness of physical barriers placed between radioactive material and workers, the public or the environment, in normal operation, anticipated operational occurrences and, for some barriers, in accidents at the plant • Defence in depth – ensures that the safety functions are reliably achieved with sufficient margins to compensate for equipment failure and human errors Defence in depth is generally recognized as an effective way for preventing and mitigating consequences of accidents in nuclear power plants Provisions for compliance with defence in depth include both technological items as well as human controlled or influenced items Defence in depth is often oversimplified focusing on engineering aspects (barriers and their integrity) while “soft” aspects are much weaker Human and organizational issues including safety culture are associated with large uncertainties, while they can affect several levels of defence at the same time (similarly as external hazards)

  4. IAEA Fundamental Safety Principle No.8 3.31. The primary means of preventing and mitigating the consequences of accidents is ‘defence in depth’ . Defence in depth is implemented primarily through the combination of a number of consecutive and independent levels of protection that would have to fail before harmful effects could be caused to people or to the environment. If one level of protection or barrier were to fail, the subsequent level or barrier would be available. When properly implemented, defence in depth ensures that no single technical, human or organizational failure could lead to harmful effects, and that the combinations of failures that could give rise to significant harmful effects are of very low probability. The independent effectiveness of the different levels of defence is a necessary element of defence in depth. 3.32. Defence in depth is provided by an appropriate combination of: • An effective management system with a strong management commitment to safety and a strong safety culture. • Adequate site selection and the incorporation of good design and engineering features providing safety margins, diversity and redundancy, mainly by the use of: o Design, technology and materials of high quality and reliability; o Control, limiting and protection systems and surveillance features; o An appropriate combination of inherent and engineered safety features. • Comprehensive operational procedures and practices as well as accident management procedures. 3

  5. DiD approach: Elaboration on the original table form INSAG-10 – HOF means to be specifically added? Objective Essential design means Level of Essential operational means defence Level 1 Prevention of abnormal operation and Conservative design and high Operational rules and failures quality in construction of normal normal operating procedures operation systems, including monitoring and control systems Level 2 Control of abnormal operation and detection Limiting and protection systems Abnormal operating of failures and other surveillance features procedures/emergency operating procedures Level 3 Control of design basis accidents Engineered safety features Emergency operating (postulated single initiating events) (safety systems) procedures Level 4 Control of design extension conditions Safety features for design Complementary (postulated multiple failures events) extension conditions. Technical emergency operating including prevention of accident progression Support Centre procedures/ severe and mitigation of the consequences of accident management severe accidents guidelines Level 5 Mitigation of radiological consequences of On-site and off-site emergency On-site and off-site significant releases of radioactive materials response facilities emergency plans

  6. Correlation of levels of defence and success criteria Success: Challenges to Level 1 Normal operation dealt with by Failure of Level 1 provisions of Level 1 an event sequence Success: is initiated Return to normal operation, prevention of DBA FREQUENCY Failure of Level 2 an accident sequence is initiated Success: Consequences within design basis Failure of Level 3 Acceptance criteria Success: Provisions Containment for DBAs exceeded integrity Failure of Level 4 prompt off-site measures needed CONSEQUENCES LEVEL 5 LEVEL 4 LEVEL 3 LEVEL 1 LEVEL 2 5

  7. Defence in depth addressed in a number of background IAEA documents

  8. Method of objective trees: Screening of comprehensiveness of defence in depth • Possible interpretation of the term “defence in depth” is too broad: all NPPs have physical barriers and means to protect the barriers, while their level of defence can be very different • A practical tool for detailed assessment of the comprehensiveness of the provisions for ensuring defence in depth was needed • A screening method using so called “objective trees” has been developed by the IAEA several years ago to respond to the need • The reference approach for checking the completeness and quality of implementation of the concept of defence in depth, which includes a comprehensive overview of challenges /mechanisms/provisions for all levels of defence • Graphical form of objective trees helps to understand the links between safety provisions and challenges to safety objectives at different levels of defence • At the same time the objective trees also illustrate that the means for protection of the physical barriers against releases of radioactive substances include much more than just NPP technological systems and procedures

  9. Selected definitions • Safety Function: A specific purpose that must be accomplished for safety in operational states, during and following DBA and, to the extent practicable, in, during and following the considered NPP conditions beyond the DBA Fundamental Safety Functions: 1) controlling the reactivity, 2) cooling the fuel, 3) confining the radioactive material and control of operational discharges, as well as limitation of accidental releases • Safety Principles: Commonly shared safety concepts stating how to achieve safety objectives at different levels of defence in depth (INSAG definition) • Mechanisms: Elementary physical processes or situations whose consequences might create challenges to the performance of safety functions

  10. Selected definitions • Challenges: Generic processes or circumstances (conditions) that may impact the intended performance of safety functions; a set of mechanisms having consequences which are similar in nature • Provisions: Inherent plant characteristics, safety margins, system design features and operational measures contributing to the performance of the safety functions; aimed at prevention of the mechanisms to occur • Objective Tree: Graphical presentation, for each of the five levels of defence, of the following elements, from top to bottom: 1) the objective of the level, 2) the relevant safety functions, 3) the identified challenges, 4) constitutive mechanisms for each of the challenges, 5) the list of provisions preventing the mechanism to occur

  11. Description of the objective trees (next figure) • Safety must be ensured by provisions at all 5 levels at the same time • Each level has its relevant safety objectives ensured by maintaining integrity of the barriers • For maintaining integrity of the barriers, the fundamental (and derived) safety functions should be performed • Performance of safety functions can be affected by a number of mechanisms ; combination of similar mechanisms represents a challenge to safety functions • To prevent mechanisms and challenges affecting the safety functions , safety provisions of different kinds should be implemented • Links between different components of defence in depth can be graphically depicted in objective trees

  12. General structure of the objective tree at each level of defence (IAEA SR No. 46)

Recommend


More recommend