IAEA – Safety Demonstration of Advanced Water Cooled Nuclear Power Plants Session: Digital I&C Systems Topic: Defence in Depth & Diversity – Challenges.

Slides:

Advertisements

Similar presentations

Integra Consult A/S Safety Assessment. Integra Consult A/S SAFETY ASSESSMENT Objective Objective –Demonstrate that an acceptable level of safety will.

Advertisements

Internal Control–Integrated Framework

Why a safety culture matters (Attributes and Issues) Michael Corradini Nuclear Engr. & Engr. Physics University of Wisconsin, Madison WI.

ISO 9001 : 2000.

RISK INFORMED APPROACHES FOR PLANT LIFE MANAGEMENT: REGULATORY AND INDUSTRY PERSPECTIVES Björn Wahlström.

ANS RESPONSE TO FUKUSHIMA LESSONS LEARNED Presented to: NESCC November 29, 2012 Washington D.C. Donald J. Spellman, Chair ANS Standards Board American.

INSAG DEVELOPMENT OF A DOCUMENT ON HIGH LEVEL SAFETY RECOMMENDATIONS FOR NUCLEAR POWER Milestone Issues: Group C. Nuclear Safety. A. Alonso (INSAG Member)

AREVA NP EUROTRANS WP1.5 Technical Meeting Task – Safety approach Madrid, November Sophie EHSTER.

Westinghouse Atom Atom- 1 Design of Digital Safety Systems in NPP Improvements regarding: System Requirements, Engineering, Argumentation for a Safety.

AREVA NP EUROTRANS WP1.5 Technical Meeting Task – ETD Safety approach Safety approach for EFIT: Deliverable 1.21 Stockholm, May Sophie.

Main Requirements on Different Stages of the Licensing Process for New Nuclear Facilities Module 4.7 Commissioning Geoff Vaughan University of Central.

Regulatory Body MODIFIED Day 8 – Lecture 3.

1 Regulatory Challenges During and Following a Major Safety or Security Event Muhammad Iqbal Pakistan Nuclear Regulatory Authority Presentation at General.

Protection Against Occupational Exposure

1 Digital I&C Systems Configuration Management Presented By: David E Woods Senior Engineer – Electrical/I&C Design Engineering June 21, 2011.

Outcome of the EU Nuclear Safety Stress Tests Andrej Stritar Chairman, ENSREG.

IAEA - Department of Nuclear Safety & Security

Practical Implications of changes to the Exemption Orders for Project Teams Alan Fisher, on behalf of The Clearance and Exemption Working Group.

> AREVA NP GmbH NRPP-G, AREVA NP All rights are reserved, see liability notice.

9 th Workshop on European Collaboration for Higher Education and Research in Nuclear Engineering & Radiological Protection Salamanca, Spain 5-7 June 2013.

Sessions VI and VII Conclusions and summary Francois Besnus Session Chair Cape Town July 6, 2007.

Main Requirements on Different Stages of the Licensing Process for New Nuclear Facilities Module 4.5/1 Design Geoff Vaughan University of Central Lancashire,

Organization and Implementation of a National Regulatory Program for the Control of Radiation Sources Regulatory Authority.

Part 11 Public Meeting PEERS Questions & Responses The opinions expressed here belong to PEERS members and not the corporate entities with which they are.

IAEA International Atomic Energy Agency Methodology and Responsibilities for Periodic Safety Review for Research Reactors William Kennedy Research Reactor.

-1- UNRESTRICTED / ILLIMITÉ Demonstrating the Safety of Long-Term Waste Management Facilities Dave Garrick 2015 September.

IAEA Training Course on Safety Assessment of NPPs to Assist Decision Making Workshop Information IAEA Workshop Defence in Depth Safety Culture Lecturer.

1 EVALUATING DIVERSITY IN DIGITAL I&C SAFETY SYSTEM DESIGNS Michael E. Waterman Digital Instrumentation and Controls Branch Division of Engineering Office.

Initiating Event Analysis IAEA Training Course on Safety Assessment of NPPs to Assist Decision Making Workshop Information IAEA Workshop City, Country.

IAEA Training Course on Safety Assessment of NPPs to Assist Decision Making Diablo Canyon NPP Maintenance Rule Program Workshop Information IAEA Workshop.

By Annick Carnino (former Director of IAEA Division of Nuclear Installations Safety) PIME, February , 2012.

IAEA TSO-Conference, April 2007, Aix en Provence 1 Independent technical and scientific advice for regulatory decision making L. Hahn, GRS International.

1.9. Safety assessment “School for Drafting Regulations on Radiation Safety, IAEA - Module 1 Regulatory framework for safety, authorization and inspection.

Use and Conduct of Safety Analysis IAEA Training Course on Safety Assessment of NPPs to Assist Decission Making Workshop Information IAEA Workshop Lecturer.

Version 1.0, May 2015 SHORT COURSE BASIC PROFESSIONAL TRAINING COURSE Module V Safety classification of structures, systems and components This material.

NRC’s 10 CFR Part 37 Program Review of Radioactive Source Security

(5.1)Development of IMS to fit the organization (step wise)

Training Course on Integrated Management System for Regulatory Body

12/05/2018 Industry expectations about European Aviation Safety plan (EASp) and Certification activities G.Garrouste ASD AirWorthiness Committee chairman.

Prescriptive vs Performance-Based Regulatory Approaches

International Topical Conferences on Nuclear Safety, IAEA, June 6-9, 2017, Vienna Workshop 2: An Introduction and Further Explanation on Design Extension.

BASIC PROFESSIONAL TRAINING COURSE Module V Safety classification of structures, systems and components Case Studies Version 1.0, May 2015.

PREEV PROJECT: REGULATORY PRACTICES ON AGEING AND LIFE EXTENSION

IAEA – Safety Demonstration of Advanced Water Cooled Nuclear Power Plants Session: Consideration on New Design Safety Principles Topic: Safety Classification.

Assist. Prof. Magy Mohamed Kandil

COSO Internal Control s Framework

IAEA International Conference on

Diversity analysis for advanced reactor design

Internal control - the IA perspective

WENRA Current activities of WENRA 4th GNSSN Steering Committee Meeting

Regulatory review and assessment

Communication and Consultation with Interested Parties by the RB

IAASB-IESBA Coordination

Regulatory review and assessment

BASIC PROFESSIONAL TRAINING COURSE Module V Safety classification of structures, systems and components Version 1.0, May 2015 This material was.

Supervisor role and responsibilities

Updating of a screening method for assessment of comprehensiveness of

Considerations on the Reference Plant Concept

Unit I Module 3 - RCM Terminology and Concepts

SMR Regulators’ Forum Pilot Project Report

TRTR Briefing September 2013

SMR Regulators’ Forum Mr. Stewart Magruder

Status of the IAEA safety standards and Relation to the CRAFT project

Version 1.0, May 2015 SHORT COURSE

Software Requirements

Software Requirements

Nuclear Safety Standards Committee 35th Meeting 24 – 28 June 2013

Interfaces of Nuclear Safety and Security

Lyn Provost, IAASB Member and Task Force Chair IAASB Meeting

Presentation transcript:

IAEA – Safety Demonstration of Advanced Water Cooled Nuclear Power Plants Session: Digital I&C Systems Topic: Defence in Depth & Diversity – Challenges related to the I&C Architecture Pickelmann Johannes / Gregory Droba AREVA NP / GE Hitachi Johannes.pickelmann@areva.com / gregory.droba@ge.com June 2017, Vienna

Overview The position paper, “Defense-in-Depth and Diversity – Challenges related to the I&C architecture”, is the second in this series and is a continuation of, and builds upon, the work done in the “Safety classification for I&C Systems in Nuclear Power Plants – Current Status & Difficulties” It documents the discussions of the WNA CORDEL DICTF members on the specific challenges they face in the application of Defense-in-Depth and Diversity techniques to I&C activities.

Approach The approach of the paper is to: Define the current landscape by compiling and comparing Defense-in-Depth and Diversity terminology and definitions used in different regions, Tabulate the challenges in defining Defense-in-Depth and Diversity, and Identify and recommend potential solutions.

Terminology Landscape Work of a previous WNA paper, Troublesome Key Words For Safety Classification Of I&C Systems In Nuclear Power Plants, provided the basic data to do the more focused assessment of the key words “Defense-in-Depth” and “Diversity” to understand the landscape. The IAEA dictionary terminology was adopted for all other terminology to have a standard frame of reference and focus. It was agreed to adopt the terminology of diversity attributes from NUREG/CR-6303 and NUREG/CR-7007.

Challenges The terms and manner in which Defense-in-Depth and Diversity are used differ between regions. The quantitative aspect of DiD&D assessment will rely on some subjective or qualitative aspect, which ultimately will be accepted or rejected based on the strength of the argument made for the selections, and the argument may not stand when reviewed by different auditors or regulating bodies. The subjective aspects of DiD&D assessment results in ambiguous or incomplete rules relating to how quantification is achieved, and can make the achievement of “Done” difficult to obtain.

Challenges (Cont) The guidance with respect to attributes used to asses diversity may be out of date with respect to the way technology is designed, developed, implemented and maintained. Implementation of regulatory guidance in a global market is challenging. The approach of DiD&D, driven by different regulations, varies across regions of the world. Implementation of a single regulatory guidance can often be interpreted, or misinterpreted several ways, and the attempt to apply multiple regional regulation to a single product can aggravate the issue.

Challenges (Cont) Digital upgrades face the following challenges: The original design basis and architecture may be lost or it wasn’t controlled or updated with the plant maintenance and modernization. This might require cost reverse engineering to re-establish the design basis and architecture prior to any upgrades. The application of modern DiD&D regulatory requirements may invalidate parts of the existing design basis or architecture, and may require larger measures than just replacement to upgrade. Even smaller instrument or system upgrades require some sort of DiD&D analysis, which faces all the same challenges of regulator guidance and quantification.

Recommendations Use of the terminology “D3” has the effect of amalgamating two distinct concepts into a single concept to casual readers. The term “Defense-in-Depth” or DiD should be separated from “Diversity”, or when appropriate, specified as DiD&D to emphasize that the two are separate concepts that must work together. The definitions used by the IAEA with regards to the two terms “Defense-in-Depth” and “Diversity” appear to be the best and don’t conflict with other organizational definitions and would be the recommended definitions that all organizations should adopt.

Recommendations (Cont) The current DiD attributes used by most organization appear to be those defined by NUREG/CR-6303. NUREG/CR-7007 supports the conclusion that these attributes should be re-visited, updated, and modernized as well-defined attributes support clear completion criteria of the DiD&D analysis.

Recommendations (Cont) The terms “levels of defense” and “echelons of defense” are different definitions that are sometimes used to try and relay the same concept. However, interchanging these terms adds confusion in a globalized industry. The IAEA uses the “levels of defense” and this term is widely accepted and understood as by organizations using the term “echelons of defense”. The term “echelons of defense” should be discontinued in place of the IAEA definition of “levels of defense”.

Recommendations (Cont) Additional research into specific issues pertaining to DiD&D Challenges should be done centered around key questions and challenges of: The challenges of upgrading and modernizing existing NPPs More work is required to evaluate the interaction of DiD and particularly the manner in which Diversity criteria interact so that the completion criteria is recognized and agreed to by those performing and those evaluating the DiD&D as “done”.

Comparison of different DiD approaches IAEA Levels [IAEA SSR-2/1] WENRA / EPRI Levels 1 / 2 Level Objectives 1 Prevent deviations from normal operation and the failure of items important to safety. Prevention of abnormal operation and failures 2 Detect and control deviations from normal operational states in order to prevent anticipated operational occurrences at the plant from escalating to accident conditions. Control of abnormal operation and failures (to avoid exceeding reactor trip limits) 3 Escalation of certain anticipated operational occurrences or postulated initiating events might not be controlled at a preceding level and that an accident could develop. 3a Control of accident to limit radiological releases and prevent escalation to core melt conditions 4 Mitigate the consequences of accidents that result from failure of the third level of defense in depth 3b 5 Mitigate the radiological consequences of radioactive releases that could potentially result from accidents. Control of accidents with core melt to limit offsite releases Mitigation of radiological consequences of significant releases of radioactive material 1 WENRA RHWG (2013). Safety of New NPP Designs 2 EPRI (2014). Principles and Approaches for Developing Overall Instrumentation and Control Architectures that Support Acceptance in Multiple International Regulatory Environment

Measures for Independence