Considerations for Mitigating Common Cause Failures in CANDU Designs - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Considerations for Mitigating Common Cause Failures in CANDU Designs

Description:

in CANDU Designs. John Harber. Atomic Energy of Canada ... Design Basis Accidents. Cool the fuel. HTS, Steam & Feedwater System. Emergency Core Cooling (ECC) ... – PowerPoint PPT presentation

Number of Views:91
Avg rating:3.0/5.0
Slides: 17
Provided by: spw8
Category:

less

Transcript and Presenter's Notes

Title: Considerations for Mitigating Common Cause Failures in CANDU Designs


1
Considerations for Mitigating Common Cause
Failures in CANDU Designs
  • John Harber
  • Atomic Energy of Canada Limited
  • IAEA Tech Meeting, Bethesda MD
  • June 2007

2
Meeting Fundamental Safety Functions
  • Performed by a combination of process and safety
    systems as follows

3
Grouping and Separation
  • Systems are divided into two groups, which must
    be separated to prevent simultaneous failure for
    any common cause, including large fires.
  • All important safety functions (reactor shutdown,
    fuel cooling, release barriers, status
    monitoring/control by operator) are represented
    in each group.
  • Separation is also required between redundant
    components within the same system or group to
    ensure that a failure in one component, or a
    local event such as a fire, will not cause the
    entire system or group to fail.

4
Separation between Groups
  • Separate routes are provided for the cables and
    services of the two groups

5
Separation within a System
  • Within a system, redundant and triplicated
    devices are separated from each other by distance
    and barriers (depending on the local hazards)
  • Special precautions are taken in locations where
    channels come together (such as trip voting logic)

6
Two Shutdown Systems
  • Two fully capable, independent and diverse
    shutdown systems are mandated by the regulator.
  •  Fully capable means that each shutdown system
    by itself is able to handle all design basis
    accidents.
  •  Independent means that no common event can
    simultaneously disable both systems. They are
    separated to the maximum extent possible.

7
Two Shutdown Systems (contd)
  • Diversity means that to the extent practical,
    the two systems are based on different physical
    principles, are designed by different designers
    (to avoid common design errors), and utilize
    equipment from different manufacturers (to avoid
    common mode faults).
  •  Each system must detect each accident via at
    least two diverse trip parameters, of which only
    the second, less effective parameter can be
    credited in the safety analysis.

8
Shutdown Systems 1 and 2
9
Multiple Levels of Defense in Depth
  • Levels of defence for shutdown function
  • Reactor Regulating System (RRS) - normal reactor
    control
  • Setback gradual reduction of reactor power
    using zone controllers based on process
    parameters
  • Stepback fast reduction of reactor power by
    dropping of Mechanical Control Absorbers (MCAs)
    based on process parameters
  • SDS1 trip rapid reduction of reactor power by
    dropping of Shutoff Rods (SORs)
  • SDS2 trip rapid reduction of reactor power by
    injection of gadolinium into moderator
  • Setbacks and stepbacks reduce the need for SDS
    action during anticipated operational occurrences

10
Probabilistic Safety Assessment (PSA)
  • Comprehensive PSA is performed to identify
    accident scenarios and derive numerical estimates
    of risk for comparison with PSA safety criteria
  • The PSA is thus used to determine if the overall
    design is balanced and sufficient defence in
    depth is achieved
  • As part of the PSA, fault tree analysis is
    performed to determine reliability of the safety
    related systems
  • Fault tree analysis explicitly incorporates
    Common Cause Failures
  • The fault tree work also provides a design assist
    role in that it provides guidance to designers to
    meet success criteria of the various systems for
    the credited mission times

11
Summary
  • Common Cause Failures are prevented through the
    use of independent, diverse, and separated
    systems in the CANDU design
  • CCFs are explicitly addressed in PSA assessments
    this provides guidance to the designers to reduce
    impact of CCFs

12
(No Transcript)
13
IAEA Technical Meeting - "Integration of Analog
and Digital IC Systems in Hybrid Main Control
Rooms"
  • 2007 Oct 28 to Nov 03Delta Chelsea Hotel
    Toronto, Ontario
  • Canada

14
Hosts
  • AECL, on behalf of the Government of Canada

Co-Hosts
  • CANDU Owners Group (COG),
  • Ontario Power Generation (OPG), and
  • Bruce Power

15
Purpose
  • To provide an international forum for IC and
    Human Factors specialists to make presentations
    and hold discussions on experience with various
    aspects of the integration of analog and digital
    instrumentation and control systems in "hybrid"
    control rooms, as applicable to both existing
    plants and planned or in-progress new plant
    builds.
  • Promising new technologies and future trends in
    this area will be also discussed.

16
Target Audience
  • Specialists and Managers in the IC and Human
    Factors field from nuclear power utilities,
    vendor companies, licensing bodies, research
    organizations and academic institutions.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Considerations for Mitigating Common Cause Failures in CANDU Designs" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!