2nd IAEA Research Coordination Meeting on CRP on Natural Circulation Phenomena, Modelling and Reliab

1
2nd IAEA Research Coordination Meeting on CRP
on Natural Circulation Phenomena, Modelling and
Reliability of Passive Safety Systems that
Utilize Natural CirculationOregon State
University, Corvallis, Oregon (USA), 29th August
2nd September 2005

• AN APPROACH FOR THE INTRODUCTION OF PASSIVE
  SYSTEM UNAVAILABILITY IN AN ACCIDENT SEQUENCE
• L. Burgazzi
• ENEA FIS-NUC
• Bologna, Italy

2
PRESENTATION OUTLINE

• Introduction
• Passive Systems Reliability
• PSA
• Natural Circulation Systems
• Isolation Condenser
• Event Tree and Fault Tree Model
• Passive System Unavailability
• Methodology Application
• Results
• Conclusions and step forward

3
INTRODUCTION

• Innovative reactors largely implement passive
  systems
• No external input to operate
• Reliance upon natural physical principles
  (natural convection, conduction, gravity, etc.)
  under extreme boundary conditions
• Applications of passive systems for innovative
  reactors demand high availability and reliability
• PSA analysis
• Accident sequence definition and assessment
• Event Tree and Fault Tree Model
• Introduction of a passive system in an accident
  scenario in the fashion of an active system or a
  human action

4
INTRODUCTION contd

• Occurrence of physical phenomena leading to
  pertinent failure modes, rather than classical
  component mechanical and electrical faults
• Different system model adopted in fault tree
  approach
• Natural circulation small engaged driving forces
  and thermal hydraulic factors affecting the
  passive system performance
• Physical principle deterioration dependency on
  the boundary conditions and mechanisms needed for
  start-up and maintain the intrinsic principle

5
OBJECTIVE

• Objective approach for introducing passive
  system unreliability in an accident sequence,
  with reference to Thermal-Hydraulic natural
  circulation cooling systems performance (type B
  passive systems, cfr.IAEA)
• Passive Systems for Decay Heat Removal
  implementing in-pool heat exchangers and
  foreseeing the free convection (e.g. PRHR for AP
  600, Isolation Condenser for SBWR and ESBWR)
• Accident sequences defined by Event Tree (ET)
  technique
• Initiating event
• Safety or front-line systems success or failure
• Safety systems unavailabilities matching the ET
  headings (simplest and commonly adopted way)
• Safety system unavailability assessed by Fault
  Tree (FT) technique (system analysis)
• Passive systems to be evaluated as safety systems

6
ISOLATION CONDENSER

• Core Decay Heat removal
• from the reactor, by
• natural circulation
• following an isolation
• transient
• Limit the overpressure in the reactor system at a
  value below the set-point of the safety relief
  valves,
• preventing unnecessary
• reactor depressurization
• Actuation on Main Steam Isolation Valve position,
  high reactor pressure and low reactor level

Scheme of the Isolation Condenser
7
EVENT TREE DEVELOPMENT

• Two kinds of system malfunction, to be considered
  as ET headings (IC)
• Failure to start-up (e.g. drain valve failure to
  open)
• Specific fault tree
• Mechanical components (prevailing)
• Boundary conditions
• Failure to continue operating (e.g. natural
  circulation stability)
• Specific fault tree
• Mechanical components
• Boundary conditions (prevailing)
• Initiating events of sub sequences resulting from
  passive system failures
• Example LOCA

8
EVENT TREE DEVELOPMENT
Initiating Event
Passive System Start-up
Passive System Operation
Yes


Yes
No
I.E.
No
Fault tree
Fault tree
9
PASSIVE SYSTEMS UNAVAILABILITY

• System/component reliability (piping, valves,
  etc.)
• Mechanical component reliability
• Physical phenomena stability (e.g. natural
  circulation)
• Performance/stability of the physical principle
  (gravity and density difference) upon which
  passive system is relying
• Dependency on the surrounding conditions related
  to accident development in terms of thermal
  hydraulic parameter evolution (e.g.
  characteristic parameter as flow rate or
  exchanged heat)
• This could require not a unique unreliability
  figure, but the reevaluation for each sequence
  following an accident initiator
• Thermal hydraulic analysis is helpful
• Identification of the failure modes
• Unavailability quantification, i.e. assessment in
  probabilistic terms of the failures

10
IDENTIFICATION OF THE FAILURE MODES

• Component and functional Failure Mode and Effect
  Analysis (FMEA) methodology
• Evaluation of natural circulation in terms of
  potential phenomenological factors, whose
  consequences can degrade or stop the function
• Several factors leading to disturbances in an
  Isolation Condenser System and relative critical
  parameters driving the failure mechanisms
• Unexpected mechanical and thermal loads,
  challenging primary boundary integrity (cracked
  size or leak rate)
• Mechanical component malfunction, i.e. drain
  valve (partially opened valve in the drain line)
• HX plugging (HX plugged pipes)
• Non-condensable gas build-up (non-condensable
  fraction)
• Heat exchange process reduction surface
  oxidation, thermal stratification, piping layout,
  etc. (heat loss)

11
UNAVAILABILITY ASSESSMENT

• Failure modes to be assessed through the FT
  development in the form of critical parameter
  elementary basic events or in the form of sub
  fault trees
• Adoption of non conventional failure model (i.e.
  exponential, e ?t, ? failure rate, t mission
  time)
• Basic Event model requires the assignement of
  both the probability distribution of the
  parameter with the correspondent range and the
  failure criteria, i.e. the critical interval
  defining the failure (for example system failure
  for non-condensable fraction x, leak rate x
  gr/sec or crack size x cm2 )
• Lack of pertinent data base and operating data
• Expert/engineering judgement

12
UNAVAILABILITY ASSESSMENT

• Probability of failure of the passive system
• Pt 1-(1-P1)(1-P2)(1-Pn)
• Where
• Pt overall failure probability
• P1 through Pn individual probabilities of
  failures pertaining to each basic event,
  assuming each failure mode independent
• Failure model relative to each single basic
  event
• Pi ? p(x) dx xo threshold value according to
  the failure
• x xo criterion
• p(x) pdf of the parameter

13
APPROACH APPLICATION

• Three parameters under consideration
• - Isolation valve closure fraction
• - HX plugged pipes
• - Heat loss

• Normal distribution over the assigned range

F(x) ? N(0,1)
14
APPROACH APPLICATION Results

• Each Pi is assessed according to Pi (xo) ? p(x)
  dx
• Probability of failure increases as the parameter
  value increases zero for the lower limit
  corresponding to ideal (failure-free) conditions
  and asymptotically to an upper bound
• Sensitivity to the occurrence of impairing
  factors
• Final reliability figure Pf will depend upon the
  occurrence and combination of the natural
  circulation failure modes and parameter evolution
  during the accident/transient

15
CONCLUSIONS and STEP FORWARD

• Problem how to insert the passive system (to be
  considered in the fashion of a front-line
  system) in the event tree
• Probabilistic estimation of the failure modes
• fault tree incorporating failure model suitable
  for describing the thermal-hydraulic phenomena
• Need for the development of dynamic event tree to
  consider the parameter evolution during the
  accident in order to evaluate the occurrence of
  the various modes of failure and assess
  consequently the passive system behaviour
• Uncertainty in the final results
• Issue new set of initiators due to passive
  system malfunction

16
REFERENCES

• L. Burgazzi, An Approach for the Introduction of
  Passive System Unavailability in an Accident
  Sequence, 51st Annual Reliability and
  Maintainability Symposium, RAMS 05, Alexandria,
  Va USA, January 24-27, 2005 pp. 600-605