The ASAMPSA2 [1], [2], [3] guidelines provide some best practice guidelines for the performance and application of L2 PSA development for the Gen II PWR, Gen II BWR L2 PSAs and extension to Gen III and Gen IV reactors, however discussion on SFP guidance is not included, and is proposed in this report.
The L2 PSA methodology mentioned e.g. in ASAMPSA2 [1] consists of the following activities:
-
Plant familiarization;
-
Definition of the L2 PSA objectives;
-
Accident Sequence Analysis, Analysis of Phenomena, Source Term Analysis;
-
Containment Analysis;
-
Human Reliability Analysis;
-
Systems Analysis;
-
Event Tree Modelling;
-
Quantification of Event Trees, Results, Presentation, and Interpretation;
-
Documentation.
In recent years, it has been concluded that there is a need to better understand the risks associated with the SFPs. EPRI presented their development and pilot application of a generic framework and methodology for conducting PSA for SFPs at BWR plants with Mark I or II containment designs [17]. A similar methodology is now being developed for PWRs and the results are presented in an EPRI report [21], however there are still more guidance needed for L2 PSA for SFP, e.g. on phenomenology for fuel melting in air environment.
The European Utility Requirements (EUR) requirements regarding SFP are somewhat more general, for instance, EUR Chapter 2.17 [24] section 2.17.2.3 states that:
“C: The PSA shall check that potential radioactive releases from the spent fuel storage pool, from the spent fuel handling facilities and from the radioactive waste storage tanks can be reasonably neglected, due to their comparatively low magnitude and to their low frequency.”
The SFP PSA in many respects is similar to the PSA performed for the reactor core and includes the same elements. It should be performed for all plant operating modes and will require the shutdown period to be divided into a number of SFP PSA specific POSs. The consequence addressed in the SFP PSA is fuel damage leading to a radioactive release. The initiating event analysis includes events that could impact both the reactor core and the SFP, but also SFP specific events. The analysis of accident sequences addresses system responses, phenomena and operator actions specific for the SFP and should be followed by detailed system and human reliability analysis. The analysis also needs to be supported by thermal hydraulic calculations.
The detailed SFP PSA methodology could be based on non-BWR specific findings and recommendations from the EPRI report on SFP risk assessment [21] together with experiences from recent industry projects. It has been judged that at present there is no widely accepted standard for SFP PSA.
Both at-power and shutdown conditions should be addressed in the SFP PSA, however different operating modes for a SFP PSA may not be as relevant as for the reactor core. During shutdown conditions the plant configuration typically varies more and POSs that cover all these different configurations should be defined. The definition is made in the same way as for the reactor core shutdown PSA (for instance regarding system availabilities), but for the SFP PSA the following specific conditions also need to be taken into consideration:
-
transfer canal (if applicable) between SFP and reactor building pool;
-
amount of fuel offloaded to the SFP;
-
complete core offload,
-
partial core offload,
-
reloading of new fuel;
-
fuel movement complete;
-
amount of cooling water in the SFP.
Note that this section covers issues that can be of interest for the SFP PSA for a plant to be commissioned or already in operation.
In principle the types of accidents in SFP PSA can be divided into two categories:
-
drain-down events/ sequences,
-
loss of cooling events/ sequences (or non-draining IEs).
Draining events may be caused by inappropriate operator action, seismic induced structural failures, heavy load drops, loss of coolant accidents (LOCAs), and reactor-related phenomena causing structural failure (e.g. steam explosion, hydrogen detonation). For non-draining events, the set of initiating events can be derived from an analysis of the situations leading to the temperature increase, i.e. to the loss of the cooling system, which may be due either to malfunctions in the cooling system itself or its support functions including electrical supply or the cooling chain. In L1 PSA, it is necessary to study each plant state (POS) because of the different configurations or characteristics of structural failures and support systems of electrical supply or cooling chain. Also, the timing of the release is very dependent on the sequence/ initiating event. This is also important for operator actions. However in L2 PSA it is almost irrelevant which particular combination of initiating event and failure has led to loss of cooling or draining and loss of coolant.
The following spent fuel pool events leading to fuel damage should be taken into account:
-
loss of cooling to the SFP (including failure of support systems and loss of power);
-
coolant inventory loss from the SFP;
-
heavy load drops,
-
loss of coolant accidents (LOCAs),
-
reactor-related phenomena causing structural failure,
-
reactivity accidents;
-
seismic events;
-
simultaneous failures related to the initiating event.
As far as criticality is concerned the following scenario can be considered: if the stored assemblies are separated by neutron absorber plates (e.g., Boral or Boraflex), loss of these plates could result in a potential criticality. The absorber plates are generally enclosed by cover plates (stainless steel or aluminium alloy). The tolerances of cover plates tend to prevent any appreciable fragmentation and movement of the enclosed absorber material. The total loss of the welded cover plate is not considered feasible.
Heavy load (e.g. fuel transfer cask) drop on the SFP walls or into the SFP could result in structural failure of the SFP and liner, creating a loss of inventory event leading to fuel damage in the SFP with very short time left to prevent fuel damage and subsequent radionuclide release. The assessment of other adverse plant conditions introduced by the failure of fuel cooling in the reactor or the SFP and the propagation of adverse conditions to the other on-site radionuclide sources is of particular importance.
The SFP event tree assessment should address the following:
-
random independent failures that challenge the cooling of used fuel in the SFP (i.e., reactor core is in a safe stable configuration),
-
common or simultaneous failures that challenge both adequate core cooling and SFP cooling,
-
consequential severe accident progression events that may lead to challenges to the integrity of the SFP and the continued cooling of used fuel.
According to EPRI [21] critical elements of the PSA framework need to describe the following methodology issues:
-
the interrelationship of the PSA logic models as they influence the probabilistic assessment of the continued cooling of the used fuel in the SFP;
-
L2 Full Power Internal Events PSA sequences transferring to the SFP event tree structures;
-
L2 Shutdown PSA sequences transferring to the SFP event tree.
The key phenomena for the analysis of the risk profile associated with operation of the SFP and the reactor lead to the following issues:
-
equipment failures;
-
containment failures;
-
inaccessibility for local actions;
-
fuel disruption;
-
reactor Building equipment failures;
-
reactor Building and SFP structural failures;
-
increase in radionuclide releases.
These phenomenological events are related to the postulated core/fuel melt progression within the reactor or the SFP. A general framework has been applied to pilot project to address the technical elements employed in PSA, consistent with the guidance provided in the ASME/ANS PRA Standard [26].
Adverse synergistic effects related to accidents involving the RPV and SFP can be postulated. These synergistic effects can be related to either: a common event (e.g., loss of power) that cause simultaneous challenges to the safety functions for SFP and RPV or a resulting consequential failure during the accident progression in the RPV or SFP that affects safety functions for the other radioactive source.
It seems that the increased risk associated with interactions between the reactor and containment systems, and the SFP should be treated in an integrated way. These interactions during a severe accident can have an impact on the total risk of radioactive release (in early and late phases) in the environment around the plant.
The analysis of used fuel accident scenarios requires analytical tools and methods including the following: deterministic models that address important accident progression details; realistic assessment of seismic fragilities; fault tree models focused on systems and configurations generating unwanted interactions between the event progression in the reactor cooling system and the SFP protection system; and consideration of operator actions in response to events affecting SFP cooling.
The interaction between primary containment and SFP in case when the reactor building houses the primary containment and the SFP can be of particular importance. The events involving primary containment also have the potential to cause reactor building or secondary containment challenges. In such cases, there is a potential that primary containment scenarios could lead to SFP events. Such scenarios may involve degraded conditions where reactor core damage is avoided but not SFP. On the other hand, reactor core damage events could be affected by a subsequent SFP fuel damage event initiated by primary containment failure modes.
Severe accident with containment failure as a result of a severe accident can lead to both a significant radiation release to the reactor building plus a combustible gas mixture discharge inside the building. This combination of effects is expected to fail equipment in the building and preclude access for any local actions, also limiting or precluding access to the refuel floor. As long as the SFP itself is not damaged, an extended time is available before fuel damage in the SFP would occur. However, overcoming the lack of access to the refuel floor could present a lingering problem. Solutions could be to prepare injection to the SFP prior to the containment failure, or alternatively, if an installed secure injection path is available.
The following section addresses those issues which are specific for SFD events, and which need consideration in guidance for an extended PSA.
Dostları ilə paylaş: |