Transcript NPP Fire PRA

Nuclear Power Plant Fire
Probabilistic Risk Assessment (PRA)
Supplement to “Fire Hazard Analysis for
Nuclear Engineering Professionals”
Icove and Ruggles, (2011)
Funded by US-NRC: EDU10-002
Plant Fire Hazard Analysis in PRA
• Probabilistic Risk Assessment (PRA) is
increasingly the central tool for plant safety
mangement and regulation.
• The fire risk to the plant was initially not well
represented in the internal events PRA.
• A separate fire safe shutdown path was
established to assure safe cold shutdown in 72
hours, for any postulated fire.
Funded by US-NRC: EDU10-002
Fire PRA (NUREG/CR 6850) 2005
• We will review how fire modeling is integrated
with the plant PRA.
• Focus on process, with all NPP already
operating with an internal events PRA.
• A more detailed review is available from EPRI,
who participated in the initial FIRE PRA work
with NRC.
Funded by US-NRC: EDU10-002
NUREG/CR 6850 Fire PRA Methodology for Nuclear Power Facilities
Funded by US-NRC: EDU10-002
More NUREG/CR 6850
Funded by US-NRC: EDU10-002
Task 1: Plant Boundary and
Partitioning
• Global Boundary: Diesel Tanks, Substation,
Intake pumps, auxiliary external fuel storage.
• Plant Partitioning: By safety class, building,
function, and impact on safe shut down path.
• Fire Compartments: Fire modeling based
decisions, “can this be modeled as a
compartment?”. Some fire zones based on a
protection or sensor system may not make
good fire compartments.
Funded by US-NRC: EDU10-002
Task 1 Confessions
• Ignition sources and components will
eventually drive analysis, so be careful in
selection of divisions.
• Cables appear to be the biggest driver for
uncertainty in consequence predictions. The
components selected partially determine the
cables for which routing must be known.
• Do we know where all our cables are?
Funded by US-NRC: EDU10-002
Task 2: Components Selection
• Plants already have a Fire Safe Shutdown
Analysis-path allowing Cold shut-down in 72
hours.
• Plant Critical Safety Systems Involved:
a. Reactivity Control
b. Reactor Cooling System (RCS) integrity
c. Decay Heat management
d. Containment integrity?
e. Process/plant status monitoring
Funded by US-NRC: EDU10-002
Task 2: Components
• Fire PRA will include active components that can
contribute to compromise of safe shutdown, and
these components are often part of the safe
shutdown systems:
a. Injection pumps and safety injection pumps
b. Motor Operated, Air operated, Manual Control
Valves that can be opened to cause loss of
coolant to RHR system or containment.
c. Instruments that may malfunction to initiate
inappropriate valve, pump, or operator actions.
Funded by US-NRC: EDU10-002
Task 2: Components
• The component list may expand to include
supporting components and instrumentation:
a. Header tanks and associated level and
temperature instruments (pumps).
b. Line pressure and flow instrumentation used
to ascertain function (pumps).
c. Power supplies and switch gear for all above.
d. Fire instruments and protection systems for
all above (they also failure probabilities).
Funded by US-NRC: EDU10-002
Task 2: Components and SA, SI
• Spurious Activation….fires can cause spurious
activations when cable trays are burning.
• Spurious Indications….fires can cause spurious
indications when instruments and cable trays are
burning.
• PRA will include some Human Reliability Analysis
in concert with Prescribed Operator Response for
defined conditions (normal, fire, emergency, RHR,
full power, etc.). Indications from plant induce
response of operator.
Funded by US-NRC: EDU10-002
Task 2: Confessions
Sometimes we decide to alter our perception
of reality to get a good result.
Taken From:
NUREG 0492- Fault Tree Handbook
The component list may be expanded to “improve” the PRA outcome.
Redundant systems offer multiple paths to safe shutdown.
Complementary and/or redundant instruments offer more comprehensive information to
operator.
Additional components may improve plant probability to shut down safely.
Funded by US-NRC: EDU10-002
Task 2: Components
• “Should the resulting fire PRA CDF/LERF or
other results be considered inadequate (e.g.
too high) and it is desired later to model more
of the equipment list and model more of that
credited in the internal events PRA, the
equipment list from the full internal events
PRA is readily available.” pp. 2-25 NUREG
6850, Vol. 2.
Funded by US-NRC: EDU10-002
Task 3: Cable Selection
• Cables associated with fire PRA equipment
and instruments.
• Determine routing and location of these
cables.
• Identify power supplies for equipment and
instruments.
• Correlate cables to Fire PRA equipment and
associated compartments and/or areas from
Task 1.
Funded by US-NRC: EDU10-002
Task 3: Cables
• Circuit Failure Analysis (Task 9) may expand
the fire cable list, and some thought toward
likely Task 9 outcomes may save time here.
• Database retrieval of cable routing and
location information is required, but generally
not available. Fire PRA pre-planning may need
to include development of a cable routing
database.
Funded by US-NRC: EDU10-002
Task 3: Cable ID and Location,
per NUREG/CR 6850.
Funded by US-NRC: EDU10-002
Task 4: Qualitative Screening
• Define plant trip initiators, and relate to
compartments.
• Establish compartments where there are no
components or cables relevant to plant
protection that would be damaged by fire in
that compartment.
• Screening removes compartments from more
detailed fire modeling.
Funded by US-NRC: EDU10-002
Task 5: Fire Induced Risk Model
• PRA models to predict core damage frequency
(CDF) and Large Early Release Frequency
(LERF).
• This is usually leveraged from earlier internal
events PRA modes.
• Several software packages are available, both
fault tree (outcome centric) and event tree
(initiator centric) approaches are used.
Funded by US-NRC: EDU10-002
Task 5: PRA model observation
• Fire induced initiating events….commonly
used term exposes the challenge in fire PRA.
• Fires are somewhere between a top event, like
an off-site release, and a pure initiator, like a
stuck open PORV. Each fire has an initiator of
its own, and a sequence of progression, and
can cause several other “initiating events” for
the plant PRA.
Funded by US-NRC: EDU10-002
Task 5: Fire PRA
• Cable Room Fire: Plant nervous breakdown of a
sort, can lead to several sequential failures/
initiating events:
a. Plant Trip
b. Loss of off site power
c. PORV opening
d. Loss of RCP seal cooling
e. Loss of steam generator level control/indication
f. Inappropriate safety injection…
Funded by US-NRC: EDU10-002
Task 6: Fire Ignition Frequencies
• One significant fire event per plant every 10
years implies 44 data points per year globally.
• Unfortunately, all US plants are a little
different, so data does not translate perfectly.
• Important electrical component classes are
pretty well characterized.
• Most potential pool fire sources are diked, and
flammable fluid inventories limited.
Funded by US-NRC: EDU10-002
Task 6: Fire Frequency
Funded by US-NRC: EDU10-002
Task 6: More Fire Frequencies: Frequencies apply to ALL equipment
items within a unit. Divide by number of components.
Funded by US-NRC: EDU10-002
Ignition Frequency: The rest of the story
Funded by US-NRC: EDU10-002
Task 6: Plant Specific Frequencies
• One can modify generic frequencies using unit
specific data.
• Suggested to use given frequencies, and map
total unit based frequency onto a
compartment by dividing number of
components in compartment by total
components in class (e.g. weighting Factor).
• Components shared between two units may
have frequency doubled.
Funded by US-NRC: EDU10-002
Task 6: Ignition Frequencies
• May further modify compartment frequencies
to account for high maintenance areas
(frequent cutting, welding,… painting).
• May modify compartment ignition frequencies
to accommodate traffic or storage patterns.
• One size may not fit all, unit unique attributes
should be considered even if generic ignition
frequency table 6.1 is employed.
Funded by US-NRC: EDU10-002
Task 7: Quantitative Screening
• Initial qualitative screening assumed nothing in
compartment mattered, or ignition frequency was
very near zero.
• Quantitative Screening still assumes all fails in
compartment, but ignition frequencies and the
internal events PRA are used to evaluate probability
of core damage (CDP) or large early release (LERP).
• Look for incremental core damage probability (ICDP)
due to screened compartment to be less than 1e-6.
Funded by US-NRC: EDU10-002
Task 8: Scoping Fire Modeling
• Want to screen ignition sources that cannot
threaten other targets in compartment.
• Establish severity factors to unscreened
ignition sources to prioritize detailed
modeling.
• Remember ignition sources (motors, cables,
ele. cabinets) may be risk significant on their
own.
Funded by US-NRC: EDU10-002
Funded by US-NRC: EDU10-002
Task 8: Use 98th Percentile HRR’s
Funded by US-NRC: EDU10-002
Task 8: Use Zone of Influence (ZOI) Model to Establish Target Damage
NUREG/CR 6850 suggests to use EPRI FIVE models. Flame, flame
irradiation, plume, ceiling jet and HGL can cause damage. Walkdown
recommended and forms provided to record inputs to FIVE code.
Funded by US-NRC: EDU10-002
Task 8: Severity Factor
Screened on 98th percentile HRR. If ignition source damages target at 97th
percentile HRR, severity factor is 0.03. If just a small percentage of potential
HRR is required to damage other targets, severity factor approaches unity.
Funded by US-NRC: EDU10-002
Task 9: Circuit Failure Analysis
• Create mapping of specific failure modes for
circuits to specific fire induced cable failures.
• Cables can fail several ways: short to ground,
hot shorts, open circuit are the main ones.
• Probabilities for each failure mode must be
postulated in Task 10.
• An “Equipment failure response Report” lists
all outcomes of fire damage to the cable.
Funded by US-NRC: EDU10-002
Task 9: Circuit Failure Analysis
Funded by US-NRC: EDU10-002
Task 9: Cable Failure modes
Convert to Circuit Failure modes
•
•
•
•
Spurious operation
Loss of Power
Erroneous indication
Loss of control, due to errors in feedback data
from instruments
• Loss of control due to loss of operator control
connection
Funded by US-NRC: EDU10-002
Task 10: Circuit Failure Mode
“Likelihood”
• Must define probability of each failure mode
since they may lead to different outcomes.
• Detailed Cable Data Required: insulation type,
raceway type, power source, company in the
raceway
• Go to failure mode probability estimate tables
Funded by US-NRC: EDU10-002
Task 10: Cable failure mode probabilities
Funded by US-NRC: EDU10-002
Task 10: Example
Failure Mode
Probability Tables.
Funded by US-NRC: EDU10-002
Task 11: Detailed Fire Modeling!
Detailed fire growth
and spread analysis
Funded by US-NRC: EDU10-002
Task 12: Fire Human Reliability
Assessment
• Fire tenability, and other stress, leads to human
failure events (HFEs).
• Some plant trajectories require significant human
intervention, and these may warrant adding this
assessment.
• Fire emergency procedures should be reviewed for
possible HFEs that could cause increased risk.
• HFE assessment aimed to improve instrumentation,
MCR layout, or procedures to reduce possibility for
errors.
Funded by US-NRC: EDU10-002
Task 13: Seismic Fire Interactions
• Sounded pretty over-the-top until just a few
months ago (Earthquake-Tsunami-Fires).
• Seismically induced fires
• Degraded fire suppression and fire brigade
effectiveness.
• Spurious activation of suppression and
detection systems.
• Qualitative examination of these issues is
suggested.
Funded by US-NRC: EDU10-002
Task 14: Fire Risk Quantification
• Recall that risk is a combination of probability
and outcome: Core Damage (CDF) and Large
Early Release (LERF) are main outcomes
evaluated.
• Uncertainty is also presented (Task 15).
• Also note that PRA is always based on
probability of postulated events/initiatiators,
and the postulated probabilities are derived
mostly from operational experience.
Funded by US-NRC: EDU10-002
Tasks 15 and 16
• Task 15 examines the Fire PRA sensitivities and
uncertainties. This may involve parts of the
fire hazard assessment input to the PRA, and
thus relate to the fire hazard assessment tools
used, and the uncertainty in those tools as
established through V&V. (Module 4)
• Task 16 is the documentation of the fire PRA.
Funded by US-NRC: EDU10-002