Detailed requirements are provided in the following sections. Alternative approaches may be acceptable, provided these elements are addressed in an equivalent manner that is demonstrated to be effective in managing aging. A specific individual or organizational unit for example, an existing organization such as operation, maintenance, engineering, or quality management, or a dedicated aging management unit shall be assigned responsibility to coordinate relevant programs, including supporting programs, periodic reviews of the effectiveness of the AMPs, and continuous improvement of the AMPs training shall be provided to operations, maintenance, engineering, and other pertinent staff to ensure they have an adequate awareness and understanding of aging management concepts and program requirements, and to enable them to make informed and positive contributions to the management of aging at the NPP in addition to the internal teams, external organizations may be required to provide expert services on specific topics, such as condition assessments, research, and standards development 4. Data entered into the system shall be auditable, to demonstrate an adequate verification of the data entered, detailed description of the basis for any conclusion, and all applicable references to source information. This list shall include SSCs that do not have safety functions but whose failure could prevent other SSCs from performing their intended safety functions. The SSC screening and selection process shall take into account deterministic and probabilistic safety analysis, relevant operating experience and research findings.
|Published (Last):||25 January 2008|
|PDF File Size:||5.86 Mb|
|ePub File Size:||19.2 Mb|
|Price:||Free* [*Free Regsitration Required]|
The independent peer review is performed by suitably qualified and experienced individuals, different from those who carried out the safety assessment. Design documents should be contained in a logical and manageable framework. Guidance on performing a systematic assessment of the defence in depth can be obtained from the IAEA safety reports series No. The application of defence in depth in the design should ensure the following: The approach to defence in depth used in the design should ensure that all aspects of design at the SSCs level have been covered, with emphasis on SSCs that are important to safety.
The defence in depth should not be significantly degraded if the SSC has multiple functions e. The principle of multiple physical barriers to the release of radioactive material should be incorporated in the design; there should be a limited number of cases where there is a reduction in the number of physical barriers as may be the case where some components carrying radioactive material serve the function of primary coolant barrier and containment , and adequate justification should exist for such design choices.
The design e. The structure for defence in depth provisions at each level of defence should be established for a given plant design, and the evaluation of the design from the point of view of maintaining each safety function should be carried out. This evaluation should consider each and every one of the provisions for mitigation of a given challenge mechanism, and confirm that it is well founded, sufficient, feasible, and correctly engineered within the design. Special attention should be given to the feasibility of a given provision and the existence of supporting safety analyses.
Deficiencies in the completeness of the supporting safety analyses should be documented and flagged as issues to be queried. The strengthening of each of these levels separately would provide, as far as reasonably achievable, an overall reinforcement of defence in depth.
For example, the use of dedicated systems to deal with DECs ensures the independence of the 4th defence level. For independent effectiveness of the different levels of defence, any design features that aim at preventing an accident should not belong to the same level of defence as the design features that aim at mitigating the consequences of the accident.
No additional guidance is provided. The assessment process should be clearly documented and should include the process for consideration and evaluation of dose-reduction changes in the NPP design. This is done to ensure that doses to site personnel and members of the public are ALARA and will not exceed the applicable dose limits of the Radiation Protection Regulations and relevant dose acceptance criteria and safety goals in RD version 2.
Radiation doses resulting from the operation of the NPP should be reduced by means of engineered controls and radiation protection measures to levels such that any further expenditure on design, construction and operational measures would not be warranted by the expected reduction in radiation doses. Such assessments should include information as to how ALARA and operating experience are used in the design to deal with dose-significant contributors.
Historically, the exclusion zone for nuclear power plants in Canada has been defined as metres from the reactor building. Evacuation needs The design should take into account emergency response requirements based on the size of the exclusion zone and the facilities and infrastructures that are within the zone.
Generally, a larger exclusion zone would require more emergency response time and capability. The exclusion zone boundary should be defined with consideration for the capabilities of onsite and offsite emergency response. The design also considers projected changes over time in land use and population density, which could adversely affect response times, or the ability to shelter or evacuate persons from both the site itself and associated emergency planning regions.
Evacuation needs are generally based on existing provincial nuclear emergency response plans. Land usage needs The design should ensure that the exclusion zone is large enough to accommodate the site for the nuclear plant accounting for the full number of units postulated to be built at the site, whether or not they would be built immediately.
The design activities should seek to optimize land usage by the plant as part of determining the exclusion zone. Security requirements The design should provide security requirements based on the size of the exclusion zone, the facilities and infrastructures that are within the zone, and the design of the facility.
Generally, a larger exclusion zone would require more security capabilities, in order to avoid a longer response time. Physical characteristics of the site itself which include geographical characteristics, such as proximity to elevated land also play a role in determining these requirements.
The design authority may decide to mitigate these risks while maintaining a smaller exclusion zone, by choosing highly robust facility designs, applying engineered security measures to the site, and having a well-designed security program. These engineered measures should be described. In establishing the radius of the exclusion zone boundary, the design should take into account: the site selection and threat assessment report facility robustness against natural and human induced external events including malevolent acts the capability of the onsite security program, along with any offsite security resources that will supplement the onsite security program In each of the above parameters, the design should take into account projected changes over time in land use and population density, which could adversely affect that parameter.
The design should be such that the exclusion zone, as established at the design stage, will be sustainable for the full lifecycle of the facility. The acceptability of the information to be provided in support of the above is discussed in section 7. The design authority may use generic site data using conservative assumptions regarding meteorological conditions in the absence of a specific site. The dose acceptance criteria in section 4. Such events could exacerbate challenges that the plant personnel would face during an accident.
The events and consequences of an accident at one unit may affect the accident progression or hamper accident management activities at the neighbouring unit; available resources personnel, equipment and consumable resources would need to be shared among several units. The safety classification of SSCs should be an iterative process that continues throughout the design process.
Once these bounding PIEs are known and understood, the required safety functions can be identified. Each safety function can be assigned to either a preventive safety feature, or mitigatory safety function. The number of category and class may be chosen to allow for graded design rules.
The time following the PIE, as identified in factor 4, captures the need for automatic action for short timescales, or manual actions being acceptable for longer-term actions. The expected duration of the operation is also important since some systems may need to operate for months. Others such as shutdown means can complete their mission within seconds.
The potential severity of the consequences of a function failure should be evaluated. During the evaluation, it may be assumed that the feature or safety function to be categorized fails, and that other safety features and safety functions remain functional.
Therefore, these safety functions should be considered a high safety category. The adequacy of the safety classification should be verified using deterministic safety analysis, which should cover all PIEs and all the credited safety functions. This verification should be complemented, as appropriate, by insight from probabilistic safety assessment and by engineering judgment.
The appropriate design rules and limits as indicated in section 7. The design basis for each SSC important to safety should be systematically defined and justified.
The design should also provide the necessary information for the operating organization to run the plant safely. The conditions for deviating from conservative deterministic design principles should be clearly stated, including the basis by which such deviation would be justified on a case-by-case basis; such basis may include a more sophisticated calculation methodology, which has been well established, or a multiplicity of the ways in which a particular function can be fulfilled.
The design should adopt deterministic design principles of appropriate conservatism. For example, SSCs should be robust, tolerant of a large spectrum of faults with a gradual degradation in their effectiveness, and should not fail catastrophically under operational states and accident conditions.
The design principles for complementary design features to deal with DECs do not necessarily need to incorporate the same degree of conservatism as those applied to the design up to and including DBAs.
However, there should be reasonable assurance that the complementary design features will function as designed when called upon. The design requirements of SSCs should then be developed to ensure that the plant is capable of meeting applicable deterministic and probabilistic requirements for each plant state.
Operating configurations for normal operation are addressed by the OLCs which are described in section 4. These typically include: normal reactor startup from shutdown, through criticality, to full-power power operation, including full-power and low-power operation changes in reactor power, including load-follow modes if applicable and return to full- power after an extended period at low-power operation during transition between configurations such as reactor shutdown from power operation hot shutdown, cool-down refuelling during normal operation, where applicable shutdown in a refuelling mode or other maintenance condition that opens the reactor coolant or containment boundary handling of fresh and irradiated fuel The key parameters and unique characteristics of each operational configuration, including the specific design provision for maintaining the configuration, should be identified.
The permissible periods of operation at different configurations e. The analysis should cover the full range of events over the full range of reactor power.
The analysis should also cover all normal operating configurations, including low-power and shutdown states. For a wide range of AOOs, the design should be such that any deviations from normal operation can be detected, and that the control systems can be expected to return the plant to a safe state, normally without the activation of safety systems. For each group of PIE it may be sufficient to analyze only a limited number of bounding initiating events, which can represent a bounding response for a group of events.
The rationale for the choice of these selected bounding events should be provided. The plant parameters that are important to the outcome of the safety analysis should also be identified. These parameters would typically include: reactor power and its distribution core temperature fuel cladding oxidation, and deformation pressures in the primary and secondary systems containment parameters.
RD-337: Design of New Nuclear Power Plants
The independent peer review is performed by suitably qualified and experienced individuals, different from those who carried out the safety assessment. Design documents should be contained in a logical and manageable framework. Guidance on performing a systematic assessment of the defence in depth can be obtained from the IAEA safety reports series No. The application of defence in depth in the design should ensure the following: The approach to defence in depth used in the design should ensure that all aspects of design at the SSCs level have been covered, with emphasis on SSCs that are important to safety. The defence in depth should not be significantly degraded if the SSC has multiple functions e.
Archived Web Page - RD–334: Aging Management for Nuclear Power Plants