Maintenance Rule (a)(4) Experience · 2012-12-04 · •Before performing maintenance activities...
Transcript of Maintenance Rule (a)(4) Experience · 2012-12-04 · •Before performing maintenance activities...
Maintenance Rule (a)(4) Experience
Leo ShanleyMay 26, 2011
10CFR 50.65(a)(4)
• “Before performing maintenance activities (including but not limited to surveillance, post-maintenance testing, corrective and preventive maintenance), the licensee shall assess and manage the increase in risk that may result from the proposed maintenance activities.”
2
Assessing Risk – Use Risk Monitor
• Applies in all modes – outage and online• Assessing risk means evaluating conditions to
determine a risk levelQuantitative – CDF/LERF (delta or as Risk
Increase Factor -- RIF); CDP/LERP; ICCDP/ICLERP
Qualitative – Defense-in-Depth• Safety Functions (SF)• Plant Transients (PT)
External conditions (Weather, Grid, etc.) Risk level typically represented as colors
• 4 color system: G/Y/O/R• 3 color system: G/Y/R or G/O/R
3
Managing Risk – Apply Actions
• Means applying Risk Management Actions (RMA) beyond normal work controls
• Actions commensurate with risk level and conditions – some examples include: Communicating risk conditions to personnel Identifying and protecting mitigating equipment Creating contingency plans or temporary
proceduresMinimizing time in configuration (e.g., work
around the clock) Stationing operators near key equipment
4
Risk-Informed Configuration Risk Management
5
10 CFR 50.65 (a)(4)Guidance:
NUMARC 93-01NUMARC 91-06
Site Procedures
Qualitative Tools:
• SFATs
• PTATs
Quantitative Tools:
• CDF/CDP
• LERF/LERP
Blended
Decision-making
Process
PARAGON
Capabilities
Regulatory/
Programmatic
Considerations
Optimized
Process
What is PARAGON®? - Risk Monitor
Developed by ERIN Engineering and Research, Inc.
Designed for use by Work Planning, Operations, and Risk Management personnel
Applies in all modes - Outage and Online
Analysis customized for each plant/unit
Equipment outages, internal/external conditions, etc.
Provides qualitative measure of safety Decision Trees (e.g., Safety Functions, Transients)
Provides quantitative measure of risk – PRA
Interface with plant scheduling tool
6
PARAGON Flow
8
• Configurations/ Equipment Availabilities set for Plant Variables in Schedule
• System Dependencies Captured in Fault Trees
• Color Levels Portray Relative Safety Levels
• Results Tracing
• What-Ifs Performed
EDG A
EDG B
FT EDG A
FT Bus B
SafetyFunction
G O R GY
PARAGON Qualitative Calculation
9
Typical PARAGON Blended CRM Model
10
Online OutageQuantitative Qualitative Quantitative Qualitative
Internal Events PRA • CDF/LERF• Cumulative • RIS/RTS Lists
Graphs/Profiles
Defense-in-Depth• Safety Functions• Plant Transients• Support Systems• RIS/RTS Lists
Guidance
Shutdown PRA/PSSA• CDF/RCS Boiling
Frequency/LERF• Cumulative• RIS/RTS Lists
Thermal-Hydraulic Calcs• Decay Heat Level• Time-To-Boil• Time-To-Core
Damage Graphs/Profiles
Defense-in-Depth• Safety Functions• Support Systems• RIS/RTS Lists• Other
Guidance
Qualitative Risk - Safety Functions
Evaluate safety in terms of Defense in Depth for Key Plant Safety Functions
Defense in Depth measured in terms of number and types of available systems/trains
Colors used to define level of safety for the configuration
Colors also determine the response to the configuration (e.g., normal controls, contingency plans)
11
Typical Online Safety Functions
BWR
» Containment Pressure Control / Secondary Containment
» Heat Removal» Pressure Control» Reactivity Control» High Pressure Injection» Low Pressure Injection» Electric Power» Service Water
PWR
» Containment Integrity» Core Cooling» Heat Sink» RCS Integrity» Reactivity Control» Inventory Control» Electric Power» Service Water /
Component Cooling
12
Qualitative - Online Plant Transients
Event-based qualitative assessments Important PRA initiating events or initiator
groups Measures the Defense in Depth of mitigation
systems for the specific initiator(s) Incorporates increased likelihood of events
(Higher Risk Evolutions - HRE) Colors used to represent risk level
13
Typical Online Plant Transients
BWR
» Loss of Offsite Power» Reactor / Turbine Trip» ATWS» LOCA» Loss of FW
PWR
» Loss of Offsite Power» Reactor / Turbine Trip» LOCA» Loss of Specific
Support System(s)
14
Safety Function Assessment• Degree of Defense In Depth
Plant Transient Assessment• Susceptibility to Plant Transient or
High Risk Evolution (HRE)• Combination of Transient Potential and/or
Safety Function Degradation
Probabilistic Assessment• CDF & LERF • Thresholds Based On Relative Risk Increase
Factor (RIF)• Cumulative Risk
Decision Basis:
“Blending” the Risk Assessment
15
Defense-in-Depth Limits (typical)
16
Red
Green
Yellow
Orange
>N+2
N+1
N
< N
Equipment Availability
(N = Minimum Equipment Required for each Safety Function or Plant Transient)
Risk Limit Color
Risk Management
17
COLOR CONSIDERATIONS
GREEN - Preserve operable equipment to the extent possible - Manage spatial issues that have the potential to impact defense- in-depth (preserve DID) - Consider small cumulative impacts of maintenance activities
YELLOW
- Correct the cause as soon as practical by considering the time in the configuration and resources available - Assess the return to service of selected equipment and return to service as soon as practical - Protect risk significant equipment - Employ a “return to GREEN” mindset
ORANGE
- Requires senior management review and approval prior to entering this condition - Minimize exposure using return to service priorities - Work around the clock - Develop and implement contingency actions - Protect risk significant equipment
RED - Never plan to enter “Red” if at all avoidable - Minimize the time in “Red” – transition to Orange/Yellow/Green - Extreme care should be taken to avoid trips or plant disturbances - Active monitoring of all Maintenance/I&C/Operations activities - Implement Contingencies
PARAGON Views -Synchronized Schedule/Results
• Risk Profile vs. Time
• Includes all defined assessments
• Overall Status is customized to plant processes
• Synchronized with Schedule View
• Traceable to underlying results by double-clicking on the desired result
18
PARAGON Views –Operators Panel
Shows status and results for a single ‘time slice’
Based on schedule and/or actual plant status, with what-if capability
Quantitative risk can be the actual value or a ratio compared to baseline (i.e., risk increase factor)
Traceable to underlying results by double-clicking on the desired result
Can be customized (e.g., different for online and outage)
19
Tabs and button not in default plant condition are highlighted. Status of button/contributor can be changed.
Status of plant displayed in tabs for equipment, configurations and higher risk evolutions.
Perform and save “Whatif” or analyze PRA for existing configuration.
Return-to-service, remain-in-service, guidance and current activities relevant to the current configuration readily available.
Up to seven overall status buttons can be displayed. Basis for the color and values of buttons user-definable.
Results of PRA, decision trees and group variables readily available and can traceable through contributing logic.
Tabs and button not in default plant condition are highlighted. Status of button/contributor can be changed.
Status of plant displayed in tabs for equipment, configurations and higher risk evolutions.
Perform and save “Whatif” or analyze PRA for existing configuration.
Return-to-service, remain-in-service, guidance and current activities relevant to the current configuration readily available.
Up to seven overall status buttons can be displayed. Basis for the color and values of buttons user-definable.
Results of PRA, decision trees and group variables readily available and can traceable through contributing logic.
PARAGON Views –Safety Function Decision Tree Result
20
Qualitative Result path is
highlighted in output color.
21
The Guidance View shows the
guidance and the technical basis
Configuration-Specific Guidance
Remain In Service (RIS) and Return to Service (RTS)
RIS answers the question: What risk color would the plant be in if additional equipment were unavailable? Qualitative – Overall or individual safety
functions/plant transients PRA – CDF, LERF, internal, fire, etc. PARAGON provides a ranked list, that can be
used to identify protected equipment
RTS answers the question: What risk color will result if I make equipment available? Same capabilities and flexibility as RIS
24
Remain In Service (RIS)
25
Cumulative Risk Calculation
ICDP and ICLERP calculations performed for each component unavailability window, including effect of other coincident unavailable components
26
RITS 4b Calculations
27
Calculates time to reach RMA and RICT thresholds based on ICDP and ICLERP
Provides date and time that thresholds are reached
Calculates incremental probabilities at the back stop
Can extrapolate based on last configuration or calculate based on proposed schedule
Online Examples - PWR
28
Components CDF RIF LERF RIF PRA SF PT Overall
Nuclear SW Pump 1B 1.0 1.1 G G Y Y
MD EFW Pumps A and B 4.7 6.0 Y Y Y Y
Inverters A and C 1.2 1.1 G G G G
SBO DG 1.3 1.0 G G Y Y
EDG 1A and SBO DG 9.3 2.7 Y Y O O
DH P1A 3.7 2.5 Y O O O
RB Spray Pump A 1.0 1.0 G Y G Y
RB Spray Pump A and B 1.0 1.0 G O G O
TD EFW Pump 1.3 1.3 G G Y Y
TD EFW Pump with LOOP Potential (HRE) 1.3 1.3 G G O O
Fire Pump 1 1.8 1.5 G G G G
Fire Pump 1 w/Loss of RW Potential (HRE) 1.8 1.5 G G Y Y
Online Examples - BWR
29
Components CDF RIF LERF RIF PRA SF PT Overall
DG 0 1.5 1.2 G Y Y Y
DG SW Pump 0 5.7 2.8 Y Y Y Y
MDFW Pump and RCIC 1.8 1.4 G O Y O
DG 1A and RHR Pump 1B 5.5 2.7 Y Y Y Y
DG 1A and RHR Pump 1C 1.1 1.1 G Y G Y
DG 1A and RHR Pump 1B and 1C 7.3 3.5 Y Y Y Y
LPCS, Service Water Pumps 0, 1A and 1B 1.6 1.1 G Y Y Y
SBLC Pumps 1A and 1B 2.3 6.2 Y O Y O
U1 SBGT 1.0 1.0 G Y G Y
U1 and U2 SBGT 1.0 1.0 G R G R
SAC 0 and 1A 1.0 1.0 G G O O
SAC 0 and 1A with B/U Compressor Avail 1.0 1.0 G G Y Y
External Events
PARAGON is capable of implementing any method from NUMARC 93-01, [Draft] Rev. 4 for assessing and managing fire risk Determine change or cumulative CDF separately
from internal events CDF Determine change or cumulative CDF based on
aggregate of fire and internal events CDF Evaluate impact on individual fire scenarios with
equipment OOS and provide qualitative results Provide guidance for managing risk
PARAGON can include any additional number of external events in either qualitative or quantitative assessments
30
Conclusions
Online risk monitors are capable of assessing the risk associated with single or multiple components unavailable, including the impact of activities that increase the likelihood of an initiating event
Online risk monitors can incorporate external events risk (to varying degrees)
The Blended Approach to risk assessment and management takes into account Defense in Depth, which can provide additional insights beyond PRA results
32