Embed Size (px)
Citation preview
Regulatory assessment of new
NPP designs and safety cases:
UK practices
Josephine Holmes
Principal Inspector - Nuclear Safety Office for Nuclear Regulation
4 October 2016
Contents
• Introduction - ONR’s regulatory philosophy
• The Generic Design Assessment (GDA) process
• The way we regulate - requirements & expectations
• Final remarks - alignment with Vienna Declaration
Introduction
ONR’s regulatory philosophy
• Non-prescriptive goal setting
• Underpinned by a risk-informed framework
– Tolerability of Risk from Nuclear Power Stations (TOR)
– Consistent with HSE decision-making process - Reducing Risk
Protecting People (R2P2)
• Aimed at developing & sustaining an open & effective dialogue with
duty-holders positive & enabling approach to the permissioning of
activities
• Key pillars of our regulatory work:
– ALARP - As Low As Reasonably Practicable
– The Nuclear Safety Case
– ONR’s Safety Assessment Principles for Nuclear Facilities
(SAPs)
13
The GDA Process
Three elements of new build
Hinkley Point C Sizewell C
Moorside
Wylfa Oldbury
EDF/Areva
Westinghouse
Hitachi-GE
GDA Licensing Construction
Phase 1 Phase 2
The Generic Design Assessment (GDA) • GDA - upfront, step-wise assessment of a generic reactor design - joint
Regulators (ONR / Environment Agency / Natural Resources Wales)
• GDA - developed in 2006 as a process of regulatory assessment of
candidate new reactor designs on a generic basis to be carried out
in advance of:
– site specific proposals
– specific operating organisations
• Aim to permit deployment of the generic design on any site - subject to
site specific safety cases & environmental acceptability
• Allows early regulatory intervention
• Advantage - to identify & resolve key issues - safety / design /
construction - long before build - to reduce risks / build time / costs
• GDA is not a formal regulatory or legislative requirement - but remains
a Government expectation
Current GDA Process & Typical Timescales
DAC: ONR’s Design Acceptance Confirmation (iDAC: interim DAC)
SODA: EA/NRW’s Statement of Design Acceptability (iSODA: interim SODA)
DAC
SoDA
Preparation
Step 1 Overview of
Claims
Step 2 Review of
Arguments
Step 3 Detailed Assessment
of Evidence
Step 4
Le
vel
of
scru
tin
y
iDAC
iSoDA
(EA / NRW)
Public
Consultation
6-9m 6-8m 12m 28m
>12m
Engagement in GDA: Openness &
Transparency
• Openness:
– Requesting Parties’ websites publish safety & environmental reports
– Regulators’ GDA website
– Regulators’ guidance published
• Transparency
– Regulatory Observations (RO) & Regulatory Issues (RI) published
– Regulators’ Assessment Reports published
– Quarterly progress reports
8
http://www.onr.org.uk/new-
reactors/index.htm
Status of GDAs Current and potential
NPP Projects
UK ABWR In Step 4
AP1000® iDAC issued in December
2011 - currently undergoing close-out
phase
Hinkley Point C Nuclear Site Licence
(NSL) granted in December 2012
Sizewell C
UK EPRTM Design Assessment
Confirmation (DAC) issued in
December 2012
HPR1000 Potential new GDA entry
Moorside Site Licence Application
expected 2017
Wylfa Newydd Site Licence
Application expected 2017
Oldbury
Bradwell B
The way we regulate -
requirements &expectations
• The concept of As Low As Reasonably Practicable (ALARP)
• The Nuclear Safety Case
• ONR’s Safety Assessment Principles (SAPs)
• The SAPs’ Numerical Targets
What is ALARP? Health & Safety at Work etc. Act 1974
• Section 2: It shall be the duty
of every employer to ensure,
so far as is reasonably
practicable, the health, safety
and welfare of all of his
employees
• Section 3: it shall be the duty
of every employer to conduct
his undertaking in such a way
as to ensure, so far as is
reasonably practicable, that
people not in his employment
who may be affected thereby
are not exposed to risks to
their health & safety
• The “SFAIRP Principle” is therefore the basic legal requirement to
which an employer needs to conform
• ALARP & SFAIRP require the same tests to be applied & are essentially the same thing
What is ALARP? The “Reasonably Practicable” Principle
• Based on the 1949 Court Case: Edwards vs. National Coal Board
• The Court of Appeal considered whether it was reasonably practicable to
make the roof and sides of a road in a mine secure. The Court of Appeal
held that:
'Reasonably practicable' is a narrower term than 'physically possible' and
seems to me to imply that a computation must be made by the owner in
which the quantum of risk is placed on one scale and the sacrifice
involved in the measures necessary for averting the risk (whether in
money, time or trouble) is placed in the other, and that, if it be shown that
there is a gross disproportion between them - the risk being insignificant
in relation to the sacrifice - the defendants discharge the onus on them."
• ALARP is not the result of a mathematical formula there is no precise legal factor or algorithm for gross disproportion
How to establish if the risk is ALARP?
Tolerability of risk (TOR) framework
Dutyholder’s application of Relevant Good Practice (RGP)
Numerical risk estimates & explicit comparisons
• ONR’s judgements on whether dutyholders’ ALARP
justifications are robust are made by looking at:
The tolerability of risk framework
Expectation for
new facilities
Unacceptable
region
Tolerable
region
Broadly
acceptable
region
A
L
A
R
P Basic Safety Objectives (BSOs)
Basic Safety Levels (BSLs)
Note: this is discussed further later in this presentation
The use of relevant good practice
• In most cases demonstrating ALARP is not done through explicit
comparison of costs & benefits but by applying established relevant
good practice (RGP)
• RGP - those standards for controlling the risk - judged & recognised
by ONR as satisfying the law, when applied appropriately
• RGP is the starting point in any ALARP demonstration - focus on:
– appropriate engineering, operations & management of safety
– defence-in-depth / hierarchy of control measures
– prevent the hazard protect mitigate
• Sources of RGP are - ONR’s Safety Assessment Principles (SAPs) &
Technical Assessment Guides (TAGs) - IAEA Standards - other nuclear
industry standards - what is done on similar facilities elsewhere
ALARP for new reactors: ONR’s
expectations
• RGP must be met (or alternative solutions for achieving
the same safety outcome put forward)
• What more can be done? evaluation of options
• Proper use of risk assessment to help identify potential
improvements & justify the claimed level of safety
Clear conclusion that there are no further reasonably
practicable improvements that could be implemented
Cost Benefit Analysis (CBA) is unlikely to be considered
an adequate argument on its own to demonstrate ALARP
Meeting the risk targets in isolation is not an acceptable
means of demonstrating ALARP
The Nuclear Safety Case
• The safety case encompasses the totality of the documentation
developed by a designer, licensee or duty-holder to demonstrate
high standards of nuclear safety & radioactive waste management
• A safety case is a logical & hierarchical set of documents that
describes:
– risk in terms of the hazards presented by the facility - for the
site & all modes of operation - potential faults & accident
scenarios
&
– those reasonably practicable measures that need to be
implemented to prevent or minimise harm
ONR’s Safety Assessment Principles for
Nuclear Facilities (SAPs)
• Principles to be followed by ONR Inspectors when assessing Safety
Cases
• http://www.onr.org.uk/saps/saps2014.pdf
• Provide a framework for consistent regulatory judgements on the
acceptability of Safety Cases
• Also include numerical targets (discussed later)
• Are in line with IAEA standards & guidance
• Are supported by more detailed Technical Assessment Guides
(http://www.onr.org.uk/operational/tech_asst_guides/index.htm)
Structure of ONR’s SAPs
• Fundamental principles
• Leadership & management for safety
• The regulatory assessment of safety
cases
• Siting aspects
• Engineering principles
• Radiation protection
• Fault analysis
• Numerical targets
• Accident management &
emergency preparedness
• Radioactive waste management
• Decommissioning
• Land quality management
Vienna
Declaration
Principle 1
New nuclear power plants are
to be designed, sited &
constructed, consistent with
the objective of preventing
accidents in the
commissioning & operation &,
should an accident occur,
mitigating possible releases
of radionuclides causing long-
term off site contamination &
avoiding early radioactive
releases or radioactive
releases large enough to
require long-term protective
measures & actions
ONR’s SAPs (cont.)
Key Engineering Principles:
EKP.1 Inherent safety
EKP.2 Fault tolerance
EKP.3 Defence-in-depth
EDR.2 Redundancy, diversity &
segregation
Fault Analysis Principles Para 611
… the severe accident analyses (SAA)
should form part of a demonstration that
potential severe accident states have
been “practically eliminated”. To
demonstrate practical elimination, the
safety case should show either that it is
physically impossible for the accident
state to occur or that design provisions
mean that the state can be considered to
be extremely unlikely with a high degree
of confidence.
Vienna
Declaration
Principle 1
New nuclear power plants are
to be designed, sited &
constructed, consistent with
the objective of preventing
accidents in the
commissioning & operation &,
should an accident occur,
mitigating possible releases
of radionuclides causing long-
term off site contamination &
avoiding early radioactive
releases or radioactive
releases large enough to
require long-term protective
measures & actions
SAP EKP.3 - Defence-in-depth
DBA & PSA
• Design basis analysis (DBA) a robust demonstration of the fault
tolerance of the facility & the effectiveness of its safety measures
• Its principal aims are to guide the engineering requirements of the
design - to determine limits to safe operation (operating rules) - so
that safety functions can be delivered reliably during all modes of
operation & under reasonably foreseeable faults
• In DBA risk is not quantified - adequacy of the design & the suitability
& sufficiency of the safety measures are assessed against
deterministic rules.
• Probabilistic safety analysis (PSA) undertaken to understand
the overall risk presented by the facility & allow comparisons to be
made against SAPs Numerical targets - understand strengths &
weaknesses of a design with complex systems & interdependencies
SAPs - 3 Methods of fault analysis
SAPs Numerical Targets
• Numerical targets are established in the UK for ONR Inspectors to
use when judging whether the duty holder is controlling radiological
hazards adequately & reducing risks ALARP
• These are described in paragraphs 695 to 767 of the SAPs
(http://www.onr.org.uk/saps/saps2014.pdf)
• The structure of the targets included in the SAPs is based on the
1988 (revised 1992) TOR framework
(www.onr.org.uk/documents/tolerability.pdf)
• The basis and derivation of the numerical targets are explained in
Annex 2 of the SAPs
Basic Safety Levels (BSLs) &
Basic Safety Objectives (BSOs)
• The numerical targets of the SAPs are expressed as bands with a
Basic Safety Level (BSL) & Basic Safety Objective (BSO)
• BSLs & BSOs translate the Tolerability of Risk (TOR) framework into
actual targets & guide decision making by inspectors
• The targets are not mandatory - they are guides to inspectors indicating
if additional safety measures should be considered
• Two BSLs are legal dose limits those are mandatory
Basic Safety Levels (BSLs)
• BSLs indicate risks which all facilities should meet (as a minimum)
• Meeting the BSLs does not mean that risks are ALARP the
application of ALARP may drive the risks lower
• BSLs provide benchmarks for existing facilities - unless level of “gross disproportion” is very high ONR’s policy to press duty holders to
evaluate / implement options to reduced risks below the BSLs
• Where a BSL is exceeded - consideration is given to regulatory action
to prohibit the activity or shut down the facility
Basic Safety Objectives
(BSOs)
• BSOs form benchmarks that reflect modern standards & expectations
• BSOs have been set at a level where ONR considers it not to be a
good use of its resources to pursue further improvements in safety
However, even if the BSOs are met - duty-holders cannot stop
at this point
If it is reasonably practicable to provide a higher standard of
safety - duty-holder must do so by law
• BSOs mark the start of the “Broadly
Acceptable” region in the TOR framework
SAP’s Numerical Targets
NT.1 comprises the following targets:
• Dose targets & legal limits for normal operation for persons on the site:
Targets 1, 2 & 3
• BSLs in Target 4 are used as screening criteria for consideration of Initiating
Events within / outside the Design Basis
• Numerical targets for accidents for persons on the site: Targets 5 & 6
• Numerical targets for accidents for persons off the site: Targets 7, 8 & 9
the following slides will focus on the numerical targets for faults for
persons off the site (Targets 7, 8 and 9) because of their particular
relevance for the purpose of this TM
Target 7 - Individual Risk
Target 7 addresses the overall risk to individuals from the public for all
potential accidents from all the sources of radioactivity in a nuclear
power plant
Target 8 - Dose Targets
The “dose-band staircase” in Target 8 is based on the principle that
the larger the consequences of an accident, the smaller should be its
frequency
Target 9 - Societal Risk
• Target 9 has been defined as a measure of the societal concerns that
would result from major accidents
• The societal risk should be calculated taking into account:
– Frequencies of release categories associated with source terms
able to cause 100 deaths or more over a 100 year period
– Meteorological data appropriate to the site
– Current policy on countermeasures
– On-site and Off-site (within the UK) population
Final Remarks
• UK requirement to demonstrate risks are reduced ALARP - application
Relevant Good Practice
• Demonstrate through Safety Case - robust DBA - PSA & SAA
– prevent the hazard protect mitigate
– defence-in-depth
• BSOs of the SAPs - benchmark that reflect modern standards &
expectations - ONR expects BSOs to be met for new reactors
• ONR seeks confirmation that it is not reasonably practicable to reduce
risk further by implementing additional improvements.
• We believe that our approach is aligned with the first principle of the
Vienna Declaration
Thank you
Any Questions?
