Post on 25-Mar-2018
IAEA International Atomic Energy Agency
Overview of IAEA Severe Accident
Management Activities
Manwoong KIM
IAEA/NSNI
IAEA Consultation Meeting on the Status of Innovative SMR Technology and Designs with the
Potential for Near Term Deployment, 2-4 May 2011, VIC Vienna
IAEA
Subjects of Presentation:
1. Background
2. Scope of Accident Management
3. Need of AMP
4. IAEA Safety Standards on AM
5. Conclusion
2011/5/3
IAEA
Background
When an anticipated operational occurrence or a design basis accident
occurs at NPPs, its safety is ensured by confining radioactive
materials within the facility by structures, systems and components
(SSCs) which have functions of "prevention" and "mitigation.”
Emergency Operating Procedures (EOPs) made a role as the main
mean for coping with transients and accidents in the basis of a
symptom-based approach.
However, the Three Mile Island (TMI) Accident in the U.S. (1979) and
Chernobyl Accident in the former Soviet Union (1986) were events
exceeding the design-basis accident.
2011/5/3 3
IAEA 4
Accident Severity
Normal
Operation
Transient Reactor Trip
SI
Core
Uncovery
Core
Damage
Vessel
Failure
Containment
Failure
Main Control
Room(MCR)
Operating / Incident
Procedures
Emergency Operating
Procedures Severe Accident
Management
Guidelines
2011/5/3
Background (cont’d)
IAEA
By the way, the anomalies of protection system or mitigation system
functions could lead to a severe accident (SA), resulting in a release of
a significant amount of radioactive material.
This indicated that there could be an event that neither appropriate
reactivity control nor core cooling can be achieved by means
assumed in safety design, resulting in significant core damage.
Nevertheless, the EOPs did not contain appropriate severe accident
management guidance.
Therefore, it was encouraged to develop separate severe accident
management guidelines (SAMGs) being the onset of core damage, and
concentrate the EOPs to strategies prior to the transition.
2011/5/3 5
Background (cont’d)
IAEA 6
Accident Severity
Normal
Operation
Transient Reactor Trip
SI
Core
Uncovery
Core
Damage
Vessel
Failure
Containment
Failure
Main Control
Room(MCR)
Technical
Support
Centre (TSC)
Emergency
Control
Centre (ECC)
Operating / Incident
Procedures Emergency Operating
Procedures (EOP)
Technical Support
to Control Room
Emergency Arrangement
Severe Accident
Management
Guidelines
(SAMG)
Accident Management
2011/5/3
Background (cont’d)
7
Organization of activities in typical SAMG approach (Westinghouse)
NOP
AOP
EOP/
event
EOP/
SF restor. SA CRG 1 SA CRG 2
SAMG TSC activation
EMERGENCY PLAN
Actions directed by TSC
Instructions Information
Communication
RPV CHALLENGE
CONTAINMENT CHALLENGE early late
CORE
DEGRA- DATION
CORE DEPLE-
TION
CSF CHALLE–
NGED
EVENT ORIEN –
TED
AB- NORMAL OPERA -
TION
NORMAL OPERA -
TION
CONTROL ROOM
TECHNICAL SUPPORT CENTER
EMERGENCY CENTER
Organization of activities in typical SAG (BWROG)
IAEA 9
What is Accident Management
■ The accident management is to take measures during the evolution of a
beyond design basis accident:
• to prevent the escalation of the event into a severe accident;
• to mitigate the consequences of a severe accident; and
• to achieve a long term safe stable state
■ Simply stated, these aims are achieved by managing water inventories,
energy exchanges and substitute equipment while repairing, if possible, the
faults leading to initiation or allowing progression of the accident.
• This is mainly the role of the operating personnel, using the emergency
operating procedures and severe accident management guidelines, if
necessary.
2011/5/3
IAEA 10
What is Accident Management (cont’d)
The objectives of accident management are:
• Prevention of the accident from leading to core damage;
• Termination of the progression of core damage once it has started;
• Maintaining the capability of the containment for a long as possible;
• Minimizing on-site and off-site radioactivity releases and their
consequences; and
• Returning the plant to a long-term controlled and safe state,
ensuring subcriticality, core cooling and containment of radioactive
material.
2011/5/3
AM of BWR
ARI: Alternate rod insertion, RPT: Recirculation pump trip, ADS: Automatic Depressurization
System, MUWC: Makeup water system condensated, CUW: Reactor water cleanup, RHR:
Residual heat removal, HPCS: High pressure core spray
AM measures for alternate coolant injection (BWR)
13
14
IAEA 15
Accidents Management (AM) is an essential part of defence-in-depth, the fundamental approach to achieving nuclear safety.
• Barrier 1: Fuel Matrix
• Barrier 2: Fuel Cladding
• Barrier 3: Primary Circuit Boundary
Level 1: to prevent the occurrence of abnormal operation and failures. This is done by producing a conservative design and ensuring a high quality of construction and operation.
Level 2: to control abnormal operation and detect failures if they should occur. This is done by incorporating control and surveillance systems.
Level 3: to control accidents within the design basis if they should occur. This is done by incorporating engineering safety features and developing emergency operating procedures.
Need of AMP
INSAG-10 : Five levels of defence in depth and four physical barriers for the confinement of radioactive material 2011/5/3
IAEA 16
• Barrier 4: Containment/Confinement
Level 4: to control severe plant conditions if they should occur which requires the prevention of accident progression and the mitigation of the consequences of beyond design basis accidents. This is done by incorporating severe accident management measures.
Level 5: to mitigate the radiological consequences of significant releases of radioactive material from the plant. This is done by developing off-site emergency response measures.
The accident management programme (AMP) should address both prevention and mitigation at all levels, involving both emergency operating procedures (EOPs) and severe accident management guidelines (SAMGs).
Need of AMP (cont’d)
2011/5/3
IAEA 17
Strategy Accident prevention Accident mitigation
Operational
state of the NPP Normal
operation Anticipated ope-
rat. occurrences Design basis
accidents Severe accidents
beyond the DB
Post severe
accident Level of defence
in depth
Level 1 Level 2 Level 3 Level 4 Level 5
Objective Prevention of
abnormal
operation
Control of
abnormal
operation
Control of
accidents below
the DB level
Control of
severe plant
conditions
Mitigation of
radiological
consequences
Essential
features
Conservative
design and
quality
Control, limiting
and protection
systems
Engineered
safety features
and accident
procedures
Complementary
measures and
accident
management
Off-site
emergency
response
Control Normal operating activities
Control of
accidents in
design basis
Accident
management
Procedures Normal operating procedures Emergency
operating
procedures
Ultimate part of EOPs/Severe
Accident Management Guidelines
Response Normal operating systems
Engineered
safety features
Special design
features
Off-site
emergency
preparations
Coverage of Abnormal and Accident Regimes by Defence in Depth
2011/5/3
Need of AMP (cont’d)
IAEA 18
IAEA Safety Standards on AM
Safety Fundamentals: Fundamental Safety Principles
[No. NF-1, 2006]
• Accident management procedures must be developed
in advance to provide means for regaining control
over a nuclear reactor core,…..
The Safety Requirements: Safety Assessment and
Verification for Nuclear Facilities and Activities [GS-
R-4, 2009]
• Assessment of defence in depth shall determine
whether adequate provisions have been made at each
of the levels of defence in order to identify accident
management measures to control severe accident…..
2011/5/3
IAEA 19
IAEA Safety Standards on AM
The Safety Requirements: Safety of Nuclear Power
Plants: Design [No.NS-R-1, 2000]
• consideration shall be given to severe accident
sequences, to determine those sequences…
• Accident management procedures shall be established,
taking into account representative and dominant
severe accident scenarios.
The Safety Requirements: Safety of Nuclear Power
Plants: Operation [No.NS-R-2, 2000]
• Plant staff shall receive instructions in the
management of accidents beyond the design basis.
• Emergency operating procedures or guidance for
managing severe accidents shall be developed.
2011/5/3
IAEA 20
To give recommendations on how to meet the
requirements of IAEA Safety Standards on Safety
of Nuclear Power Plants (Design & Operation)
• provides key recommendations for the
development and implementation of the AMP
for NPPs on the basis of current international
good practice.
• Primarily for use by NPP operators, utilities and
their support organizations, and can also
facilitate preparation of the relevant national
regulatory requirements.
Developed during 2004 – 2008
• Approved by NUSSC and CSS and publication
in 2009
2011/5/3
IAEA Safety Standards on AM (cont’d)
21
Safety Assessment for Facilities and
Activities No.GSR-4(2009)
Safety of NPPs: Operation
No.NS-R-2 (2000)
Fundamental Safety Principles
No.SF-1(2006)
Severe Accident Management Programme
for NPPs NS-G-2.15 (2009)
Implementation Validation/Verification Education and Training
Implementation of AMP in NPPs SRS-32 (2004)
Guidelines for RAMP and
RAAAMP SVS-9 (2003)
Review
Severe Accident Analysis Tools SRS-56 (2008)
Analysis of SA in PHWR
TECDOC-1594 (2008)
Overview of Training
Methodology TECDOC-1440
(2005)
Application of Simulation Technique
TECDOC-1352 (2003)
Safety of NPPs: Design
No.NS-R-1 (2000)
IAEA Safety Standards Structure for AM
IAEA 22
1. INTRODUCTION
2. CONCEPT OF AMP
• Requirements
• Concept of Accident Management
• Main Principles
• Equipment Upgrades
• Forms of AMG
• Roles and Responsibilities
2011/5/3
IAEA NS-G-2.15: Contents
IAEA 23
3. DEVELOPMENT OF AMP (13 issues)
• General remarks: Preventive regime and Mitigatory regime
• Identification of plant vulnerabilities
• Identification of plant capabilities
• Development of AM strategies
• Development of procedures and guidelines
• Hardware provisions for AM
• Role of instrumentation and control
• Responsibility, lines of authorisation
• Verification and validation
• Education and training
• Processing new information
• Supportive analysis
• Management system
Appendix: Practical use of the SAMGs
Annex: An Example of a categorization scheme for accident sequences
2011/5/3
IAEA NS-G-2.15: Contents
IAEA
Develop SAMG for all physically identifiable challenge mechanisms
for which such development is feasible
• i.e., largely independent of probabilities of such challenges !!
Include shutdown states and external events
• Risk at shutdown may be comparable to risk at full power
Use all equipment available, accept possible damage to equipment
• e.g. restart RCP at low pressure may damage the pump
• Fire water may cool core / debris – do not care about its low quality
Use measurable parameters or parameters that can be easily calculated
to initiate actions
• through pre-calculated curves - no MAAP runs during an accident!
2011/5/3 24
IAEA NS-G-2.15: Major Principles
IAEA
SAMG may not depend on necessity to recognize the scenario !
For all actions: consider benefits and potential negative
consequences before taking the action
• Magnitude of possible negative consequences often difficult to
estimate (e.g., RCS pressure spike through injection – will or will
not lead to SG tube creep rupture)
Define transition EOP – SAMG domain
• Often, not always, imminent or actual core damage
• But this can be too late, as other fission product boundaries can
be directly challenged once in core damage domain
Example: hydrogen in some VVER-440 can lead to early
containment failure once core is damaged
2011/5/3 25
IAEA NS-G-2.15: Major Principles (cont’d)
IAEA
Technical Support Centre / Team (TSC) should be available
• SAMG is not a matter for control room operators - alone
• The TSC should be embedded in the emergency organisation
Decision-making: must be well-organised
• Often by the SED (site emergency director)
Regular training of all functions involved
• In appropriate time schedule
2011/5/3 26
IAEA NS-G-2.15: Major Principles (cont’d)
IAEA
Modify plant (add equipment) if no meaningful reduction of risk can be
obtained with existing hardware
• Some plants add ‘severe accidents systems’ – believe no further action is
needed (example: special diesels to survive SBO)
Follow developments elsewhere and process new information
• From research, other applications
Most important: SAMG should be owned by plant management, clear
commitment required
• Development of SAMG: not a job after all others have been done!
• Area of SAMG is not well regulated, requires extra awareness of plants
2011/5/3 27
IAEA NS-G-2.15: Major Principles (cont’d)
IAEA
SAMP for New Plants
These have specific severe accident features
• Spreading room for corium debris
• In-vessel retention by ex-vessel cooling
• Longer coping time during SBO and portable AC power
Success of dedicated measures probable
• But still open questions: e.g., ex-vessel steam explosion, hydrogen
generation by RCS injection, top-flooding of ‘core on the floor’
• Quite some designs extrapolate from smaller scale experience –
justified??
2011/5/3 28
IAEA
SAMP for New Plants (cont’d)
SAMG can be simplified
• No hydrogen risk through PARs
• No containment vent through absence of MCCI
• But some ‘normal’ actions can be counterproductive, e.g. early
reflooding may prevent debris spreading which is needed for later
cooling of debris
Who will tell an operator NOT to flood when water again is
available…?
2011/5/3 29
IAEA
Conclusions
Current AM covers area beyond classical design basis accidents,
which were selected on state of arts technology.
IAEA requirements, guides and technical reports describe how to
develop adequate SAMG.
But, need to update lesson learned and feedback from Fukushima
NPPs safety issues.
2011/5/3 30
31
THANK YOU and QUESTIONS?