The flashcards below were created by user
on FreezingBlue Flashcards.
What are the two PRA risk metrics/measures?
- CDF - Core Damage Frequency
- LERF - Large Early Release Frequency
Explain the Level I PRA model.
- Level I: Core Damage
- All sources result in core damage (internal, fire, seismic, severe weather, flood, etc.)
- PV - Partial level I model (internal fire)
What is the Baseline CDF for PV?
Baseline: 2.3E-6 (2.3 per 1,000,000 years)
Explain the Level II PRA model.
- Level II: Containment Response to Core Damage
- -Large early release and large late release
- -PVNGS has complete Level II model
What is the baseline for a Level II event?
- Baseline: 5E-7 (5 per 10,000,000 years)
- 10 times less likely than a level 1 event.
Explain the Level III PRA model.
- Level III: Assesses damages after Level II event
- - PVNGS does not maintain a level 3 model
What is the definition of CDF?
- CDF: Core Damage Frequency
- Probability that core damage will happen in a year.
What is core damage?
The uncovery and heat up of the reactor core to which fuel and clad damage is anticipated.
What is the definition of LERF?
- LERF: Large early release frequency. Probability that there will be a large early release in a year.
- Large Early Release: rapid, unmitigated release of airborne fission products from the containment to the response and protective actions.
- **LERF CAN ONLY OCCUR IF THERE HAS BEEN CORE DAMAGE**
What constitutes 'early'?
General emergency procedures not enacted in time (about 2.5 hours after a general emergency is declared)
What is meant by 'large'?
- Much larger than 10 CFR 100 limits
- Causes death (early fatality)
What is considered a lethal dose of radiation?
What two topics are covered in the E-Plan to serve in protecting the public in an emergency?
Explain the difference between probability and frequency.
- Probability: measure of the likely hood that an event will occur
- Frequency: measurement of the number of occurrences of a repeating event per unit time
Where does PRA get data from?
- Plant History
- NRC Inspections
How is PRA able to use other data as well as PV data to get an accurate risk assessment?
- Bayesian Evaluation
- As more plant-specific data comes available, its is weighted heavier than indusry data
Define a basic event.
- Stop at failure mode level
- Use values from industry
- Incorporates all failure mechanisms into value
Define an undeveloped basic event.
- More than one failure mode
- More than 1 component Fault Tree
How are basic events and undeveloped events noted on the fault tree?
- Fault Tree:
- - Undeveloped Event:
- - Basic Event:
What is the advantage of having rare events in modeling? Give Examples.
- Failure probabilities are small for rare events (~1/100)
- Failure for Non-rare events >1
- System Failure OR gate --> System Success AND gate (Failure modeled as success, 1-success=failure)
- **Risk spectrum ALWAYS negates when doing fault tree calculations**
Why do we rely on fault trees as opposed to success trees?
- Equipment designed to be dependable
- Success probabilities - huge, would complicate calculations
- Failure calculations - simpler; because failures are considered rare events
Does PRA group components? If so, how?
- Yes; grouped based on common parameters
- ~3500 components
- ~200-250 parameters
How are the ~3500 components combined into 200-250 parameters?
- MOV: FO, FC, Spurious Closure (SC)
- Pumps: FR, FS
- Breakers: FO, FC, Spurious Transfer (T)
Where at PVNGS would plant-specific data be obtained?
CORA, IPDAS, EPIX, from INPO
Describe a fault tree, the building blocks, and what they calculate.
- Description: Maps out a system and components to show failure methods
- Building Blocks: Components, AND gates, OR gates, type of event
- Calculates: Probability of failure of a component
Draw a system and its corresponding fault tree.
What is a common cause failure?
- Failure of two or more components
- During a short period of time
- Result of a single shared cause
Where in the RWT fault tree would a common cause failure be placed?
- Under both trains
- Under the OR gate for SI failure
Describe Initiating Event
- Any event, internal or external, which perturbs the steady state of the reactor
- Basically: Something that trips the reactor and is teamed up with a failure
- Always comes first in an event tree
- Represented as frequency (events/reactor-yr)
Describe a mitigating function event.
- Function or system challenged by IE where failure may lead to negaive consequence
- Proceeds in a functional or chronological order
- Typically linked to a fault tree
- Have a probability associated with their success/failure
- Analyzed outcomes/results (CDF, and LERF)
- Can also link to additional event trees
- Represents frequency obtained by multiplying the initiating event frequency by all of the MFE probabilities along its sequence
- The path which an event is successfully or unsuccessfully mitigated by function events ending in consequence
- Can be described in cut-set form as well
What is an event that ends in a negative consequence called?
What indicates a success on an Event Tree? Failure?
- Success: Move Up
- Failure: Move Down
Describe ways to improve the reliability of a system.
Reduce common causes (diversity) and incorporate redundant systems (such as multiple trains)
What things do you need to know to solve a PRA model?
- Initiating Event
Describe where data comes from and where it is used in the PRA.
- Data comes from industry data
- Incorporates all failure mechanisms into the value
- Used in basic events modeled in a fault tree
Explain the ET structure.
- Initiating Event
- Mitigating Function
- Events Consequence
How many event trees exist in PRA?
- Not sure of exact number, but in the order of...
- 100's for fires
- 100's for floods
What should be considered in the development of every event tree?
The 8 critical safety functions on page 19 of standards and expectations
Describe how function events are derived at PVNGS. HINT: how are the order of event tree headings decided
Emergency Operations Procedures
Describe what consequences are of importance.
- Core Damage
- Large Early Release
What are the two types of HRAs?
- Pre-Initiator Actions
- Post-Initiator Actions
Describe a post-initiator action.
- Human errors during a response to abnormal plant conditions;
- 1) Error of Omission: missing a step in a procedure
- 2) Error of Commission: operating the wrong equipment
Describe a Pre-initiator action.
- human errors performed prior to the initiation of an accident (failure to restore after maintenance)
- **Famous Pre-Initiator - TMI - Maintenance did not restore valve**
Describe what affects the probability of HRAs.
- Time: amount of time required given an available time window
- Type of Action: skill based, rule based, error based
- Environment: smoke, steam, etc. can influence the successful completion of an action
Describe the failure probability of skill versus rule versus knowledge based actions and which plant staff generally performs each type.
- Skill = 1/1000 (Craft)
- Rule = 1/100 (Operators)
- Knowledge = 1/10 (Engineers)
How do we calculate HRAs?
- Post Initiators
- -Timelines (decision trees)
- -Cognitive errors (undersanding)
- -Execution errors (action)
Draw the post-initiators timeline.
- System Window
- Manipulation Time
- Median Response Time
- Undesired Condition
Describe what tools are available to everyone onsite which help in human performance.
- Standards and Expectations
- EDGs (Engineers)
Describe importance analysis.
- A means of determining an event or piece of equipment's importance wrt the rest of the plant.
- "Graded Approach"
Why is importance analysis performed?
- 1: Determine what is important
- 2: Focus resources accordingly
What are the two key measures of importance.
- RAW: Risk Achievement Worth
- FV: Fussel-Vessely
- Risk Assessment Worth
- Multiplicative increase in risk assuming the SSC is always failed -> Probability = 1
- RAW = CDF1/CDFb >1
- *RAW can never be <1*
- *Only 1 component taken out at a time*
- Fractional reduction in risk assuming SSC is perfect -> Probability=0
- Component is made perfect/always available in fault tree
- FV = (CDFb-CDF0)/CDFb <<1
What programs on site use importance analysis?
- ISI Programs
- Performance Indicators
What two things influence importance?
- 1: How likely its needed
- 2: How many other ways the same function can be performed
What does PRA provide to the site which aids in determining what systems, components, and initiators are of risk significance?
What is MAAP? What does it calculate?
- Modular Accident Analysis Program
- Measures radionuclides and T-H properties to determine the effects of degraded equipment
- Gives realistic time frame of effects
What makes the MAAP4 code a plant-specific code?
- The input file - plant specific parameters and operational data
- Has capability of measuring radionuclides
What is meant by THERMAL and HYDRAULIC in regards to calculations?
- Thermal: temp values, heat removal, pressure
- Hydraulic: flow rates and properties of fluids
How does the PRA model benefit from MAAP code applications?
Gives realistic time framethat equipment can be degraded (degradation limits)
How can MAAP be used to determine success?
- Determines if task can be completed in the alotted time
- Determines degradations limits in association with success
- Timings go into HRA calculations and to operations
What is the difference between realistic and conservative?
- Realistic: Real life time and plant conditions
- Conservative: built in margins
Why do we perform online risk assessments? Why do we perform offline risk assessments?
- M-Rule - ITS THE LAW!
- NRC said licensee shall asses and manage risk!
What things need to be known to asses shutdown risk?
- State of the plant
- Safety function of concern
- SSC's available to support safety function
How are online risk assessments performed prior to maintenance?
- Abstract model used calculate a quantitative measure of risk
What are the different levels of risk?
What results does the user get from EOOs?
CDF and LERF risk ratio = (CDF or LERF for plant with unavailable equipment)/(plant risk with no equipment out of service)
Why do we perform risk assessments?
- Graded Approach
Describe the 3 elements of a program that comply with 10 CFR 50.65 paragraph a(4).
- Assess: Determine
- Awareness: Communicate
- Action: Mitigate
Describe the output of an online risk assessment - where is it found and what information is given.
- EOOS Scheduler's Screen Risk Profile
- Morning Report: Contains CDF and LERF Profiles, work activities driving risk, and reason(s) why risk is greater than green.
Describe how outage risk assessments are performed.
- Using defense in depth methodology - qualitative measure of risk
- CDF and LERF is not calculated
Describe what the outage risk is based upon.
- Number of available success paths for defense in depth of the key safety functions.
- N+1 methodology, unless it is a high risk evolution, in which case N+2
Explain N+1 methodology
- Green: > 2 available success paths
- Yellow: 2 available
- Orange: 1 available
- Red: 0 available
Explain N+2 methodology
- Green: > 3 available success paths
- Yellow: 3 available
- Orange: 2 available
- Red: 0-1 available
What is a high risk evolution?
outage activity or plant condition where plant is more susceptible to an event causing the loss of a key safety function.
Describe the output of an outage risk assessment - where is it found and what information is given.
- Current Outage RMAL: Daily Outage Newsletter
- Protected Equipment: Daily Outage Newsletter
- SRA Report: V Drive and Distributed to Operations
- Shiftly SSFA Sheets: Stored on V Drive
- PARAGON Risk Profile: Outage Control Center
What are the mandatory PRA applications at PVNGS?
- Maintenance Rule (a) 1-4
- Mitigating System Performance Index (MSPI)
- Significance Determination Process (SDP)
Describe the Maintenance Rule.
- 10 CFR 50.65: Assess, Aware, Action
- 1) Monitor the performance or condition of SSCs where safety is important
- 2) Assess and manage the increase in risk associated with maintenance activities
What is the purpose of the MSPI.
To monitor the performance of selected systems based on their ability to mitigate plant transients and reactor accidents.
What tyes of risks does MSPI monitor?
- Risk Due to Unavailabiliy: train level
- Risk due to Unreliability: component level
- MSPI = UAI+URI
How does MSPI differ from the maintenance rule?
MSPI specifically for systems when reactor is critical
- Risk-Informed Process
- Characterizes Safety Significance of Inspection Findings
- Defines Level of NRC Engagement
- SDP = risk insight + performance indicator results
- Applied to all 7 safety cornerstones
- 90 day goal to complete SDP process
What are the voluntary PRA applications at PVNGS?
- Tech Spec Changes:
- -SR 3.0.3
- MOV/AOV Programs
- In-service Inspections (ISI)
- Allowed Outage Time Extensions
- Reflect Improved Design Features
- Reduce Unnecessary Burdens
Describe SR 3.0.3.
- Establish flexibility to defer equipment to inoperable when surveillance has not been completed in time
- Risk Impact Evaluation - Justification for missed surveillance
- Risk Measures Related to CDF and LERF
Describe an NOED.
- Notice of Enforcement Discretion
- NRC's approval which allows plant to operate outside of the license for temporary amount of time
- Demonstrate that there is "no net increase in radiological risk to the public"
- Use 0 maintenance PRA model
Describe MOV/AOV programs.
Assess risk significance of importance of each valve's contribution to mitigating events.
Describe ISI programs.
- Risk Informed In-Service Inspections
- Identify risk important piping systems (welds and pipes)
What are the QA requirements pertaining to PRA?
- QA Software
- Independent Review
- Lifetime Plant Records
- Qualified Staff
What kinds of things can cause the PRA model to need to be changed?
- Plant Changes
- Operating Experience
- Procedure Changes
Explain risk-based decisions.
- Only uses PRA results/insights
- Not allowed by NRC
Explain risk-informed decisions.
- PRA results and insights
- Defense in Depth evaluation
- Safety Margin Evaluation
What are the titles of the two regulatory approaches to PRA quality?
- 1.174: "An approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant Specific Changes to the Licensing Basis"
- 1.200: "An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk Informed Activities
Summarize RG 1.174
- Recommendations for using risk information in support of LB changes
- Defines risk informed (Defense in-depth +Safety Margin + PRA Input)
- General requirements for QA program as applied to PRA analyses
- Establish specific technical requirements
- Endorse Industry Standards
- Assess the Technical Adequacy