John Farquharson jfarquharson@absconsulting.com Safety Analysis Approaches – ISA vs. DSA – One Safety Analyst’s Opinion John Farquharson jfarquharson@absconsulting.com.

Slides:



Advertisements
Similar presentations
National Emerging Infectious Diseases Laboratories Risk Assessment
Advertisements

Integra Consult A/S Safety Assessment. Integra Consult A/S SAFETY ASSESSMENT Objective Objective –Demonstrate that an acceptable level of safety will.
Risk Analysis Fundamentals and Application Robert L. Griffin International Plant Protection Convention Food and Agriculture Organization of the UN.
A Joint Code of Practice Objectives and Summary Presentation
Why a safety culture matters (Attributes and Issues) Michael Corradini Nuclear Engr. & Engr. Physics University of Wisconsin, Madison WI.
Credited Controls at C-AD Photo of the Week E. Lessard Collider-Accelerator Department Take 5 for Safety.
Process Safety Management for Biofuels 1.Overview of Process Safety 2.Compliance with standards 3.Process Hazard Analysis 4.Standard Operating Procedures.
US NRC Protective Action Recommendation Study National Radiological Emergency Preparedness Conference April 10, 2008 Las Vegas, NV Randy Sullivan, CHP.
IE Work Design: Productivity and Safety Dr. Andris Freivalds Class #21.
Lindy Hughes Fleet Fire Protection Program Engineer Southern Nuclear Operating Company June 4, 2013 Fire Protection.
Reliability Risk Assessment
SWE Introduction to Software Engineering
Project Risk Management
6/23/2015 Risk-Informed Process and Tools for Permitting Hydrogen Fueling Stations Jeffrey LaChance 1, Andrei Tchouvelev 2, and Jim Ohi 3 1 Sandia National.
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO RISK IDENTIFICATION 2.
Protection Against Occupational Exposure
Process Safety Management
Onsite Transportation At SRS Robert W. Watkins Manager Packaging & Transportation Services Contractors Transportation Management Association 2015 July.
Definition, Role and Documentation of the Safety Case: Quick Review
Safety Management System Performance Based on Organizational Factors of “Seveso” sites Papadakis Georgios A., Kokkinos Konstantinos G. & Machaira Paschalia.
Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.
Process Safety Management
Quality Assurance Program National Enrichment Facility Warren Dorman September 19, National Energy and Environmental Conference.
QA Requirements for DOE Accelerator Safety System Software K. Mahoney Group Leader, Safety Systems TJNAF Presented at the 2008 DOE Accelerator Safety Workshop.
WHAT IS SYSTEM SAFETY? The field of safety analysis in which systems are evaluated using a number of different techniques to improve safety. There are.
ERT 312 SAFETY & LOSS PREVENTION IN BIOPROCESS RISK ASSESSMENT Prepared by: Miss Hairul Nazirah Abdul Halim.
MOX Safety Fuels the Future Integration of Safety in Design in MOX Fuel Fabrication Facility Sue King.
ISMS QMS Integration Dr. Thomas Helms, Parsons DOE SRS SWPF Project.
ERT 322 SAFETY AND LOSS PREVENTION RISK ASSESSMENT
October Training 8 HR Ref. Content Overhead Utilities Risk Assessments Task Safety Environmental Analysis Health and Safety Plan Components of a HASP Questions?
Layers of Protection Analysis
INPRO Assessment of Safety of Innovative Nuclear Reactors and Fuel Cycle Facilities INPRO Assessment of Safety of Innovative Nuclear Reactors and Fuel.
Risk Assessment and Management. Objective To enable an organisation mission accomplishment, by better securing the IT systems that store, process, or.
Using a Comprehensive Occupational Exposure Database to Integrate Members of the Occupational Health Team and Improve Your Occupational Health Program.
Organization and Implementation of a National Regulatory Program for the Control of Radiation Sources Inspection Part II.
SIPI61508 Soft computing based qualitative method for determination of SILs István Ajtonyi 1 – László Ormos 2 1 University of Miskolc, Institute of Electric.
Main Requirements on Different Stages of the Licensing Process for New Nuclear Facilities Module 4.5/1 Design Geoff Vaughan University of Central Lancashire,
Laboratory Laboratory (29 CFR ) (29 CFR ) Standard Hygiene Hygiene.
Hazard Analysis. 2 Lecture Topics Hazards and Accidents Hazard Analysis.
INPRO Assessment of Safety of Innovative Nuclear Reactors and Fuel Cycles INPRO Assessment of Safety of Innovative Nuclear Reactors and Fuel Cycles Y.
Integration of Safety into the Design Process Overview of DOE-STD-1189 Richard Black, Director Office of Nuclear & Facility Safety Policy.
Project Risk Management Planning Stage
Fire Hazards Analysis the ORNL Approach Jeff Sipes Fire Protection Engineer April 17, 2007.
Waste Treatment Plant Project Innovation in Design The ISM Process at the Hanford Tank Waste Treatment and Immobilization Plant John Hinckley August, 2009.
DOE ENVIRONMENTAL PROTECTION PROGRAM WORKSHOP BIOTA PROTECTION Stephen L. Domotor (202)
Safety Assessment: Safety Integrity Levels
Process system and safety laboratory
OHS RISK ASSESSMENT PROCEDURE Title: OHS Risk Assessment Procedure Document Unique Identifier: (Revision 2) Effective date: July 2014.
IAEA Training Course on Safety Assessment of NPPs to Assist Decision Making Diablo Canyon NPP Maintenance Rule Program Workshop Information IAEA Workshop.
Safety of At-Reactor High-Density Storage of Fuel in Pools Steve Jones Office of Nuclear Reactor Regulation U.S. Nuclear Regulatory Commission International.
By Annick Carnino (former Director of IAEA Division of Nuclear Installations Safety) PIME, February , 2012.
Risk Assessment: A Practical Guide to Assessing Operational Risk
1.9. Safety assessment “School for Drafting Regulations on Radiation Safety, IAEA - Module 1 Regulatory framework for safety, authorization and inspection.
Use and Conduct of Safety Analysis IAEA Training Course on Safety Assessment of NPPs to Assist Decission Making Workshop Information IAEA Workshop Lecturer.
NFPA 805 AND CONFIGURATION MANAGEMENT JIM LECHNER JUNE 7, 2016.
OHS Risk Assessment of Work
DOE Accelerator Safety Workshop 2017 Bob Lowrie
Radiological impacts from nuclear industrial facilities on the public and the environment : Their magnitude and the next 50 years forecast Sylvain Saint-Pierre.
BASIC PROFESSIONAL TRAINING COURSE Module V Safety classification of structures, systems and components Case Studies Version 1.0, May 2015.
Layers of Protection Analysis
Flooding Walkdown Guidance
Risk management - HIRAC awareness presentation
Air Carrier Continuing Analysis and Surveillance System (CASS)
HSE Case: Risk Based Approach.
Quantitative Risk Assessment
Margin Management Configuration Management Benchmarking Group
Safety Instrumented Systems
Layers of Protection Analysis
BHOPAL Industrial Disaster Management Cycle: OECD 2004.
Preliminary Hazard Analysis of Bunker
Presentation transcript:

John Farquharson jfarquharson@absconsulting.com Safety Analysis Approaches – ISA vs. DSA – One Safety Analyst’s Opinion John Farquharson jfarquharson@absconsulting.com

Introduction For commercial nuclear fuel cycle facilities (e.g., enrichment, fuel fabrication), the NRC requires compliance with 10 CFR 70.61 through an Integrated Safety Analysis (ISA) For DOE nonreactor nuclear facilities, the DOE requires compliance with 10 CFR 830 through a Documented Safety Analysis (DSA) This paper looks at similarities and differences between the ISA and DSA approach

Similarities Both regulations have been in existence for approximately a decade (since ~2000) The processes analyzed are both nonreactor, nuclear facilities with similar potential accidents of interest (i.e., loss of confinement, fires, nuclear criticality accidents)

Similarities (cont.) Both regulations reference a standard for the structure of the safety basis documents DOE-STD-3009 for DSAs NUREG-1513 (ISA guidance) Both regulations address multiple receptors “Facility workers” Co-located workers Public

Similarities (cont.) Consequence thresholds and categories for radiation and toxic exposures are similar Likelihood categories are generally similar (order of magnitude bins) Both standards reference the Center for Chemical Process Safety (CCPS) “red book” for hazard analysis methodology

Differences ISA promotes a layer of protection analysis (LOPA) approach with an approved scenario risk matrix used to: Judge acceptability of credited controls Items relied on for safety (IROFS) Provide guidance for probability of failure values for controls Screen out low likelihood initiating events

Differences (cont.) DSA is more consequence-driven Qualitative guidance on acceptable controls No allowances to screen out initiating events No approved risk matrix Some DOE facilities (e.g., Pu) may have potentially higher consequences as compared to NRC-regulated ISA facilities

General Hazard Procedure (either approach) Perform hazard identification Perform hazard evaluation List all available controls Select safety controls IROFS for ISA Safety class or safety significant structures, systems, and components (SSCs) for DSA Detailed accident analysis Derive agreement for operations of controls Management measures for ISA Technical safety requirements for DSA

Main Differences Between DSA and ISA Approach Method for acceptance of risk due to postulated operational accident DSA – pick controls based on qualitative guidance Engineered over administrative controls Passive over active, etc. ISA – guidance in risk matrix approach that factors: Likelihood of postulated initiating event Probability of failure on demand of IROFS 9

LOPA More quantitative than a hazard and operability (HAZOP) analysis Less quantitative than fault tree/event tree analyses Focuses on one scenario at a time Looks at Independent Layers of Protection (IPLs) Is another tool for judging risk 10 Course 201, Section 6

Layers of Defense Against a Possible Accident 11

LOPA is limited to evaluating a single cause-consequence pair 12

13

DSA Guidance for Choosing Safety Controls From DOE-STD-3009, choose controls that: Are preventive over mitigative Reduce source term Are passive over active Are engineered over administrative Are nearest source Have the fewest active features Reduce risk the most Are effective for other accidents … 14

ISA Guidance for Choosing Safety Controls 10 CFR 70.61 – Performance Requirements (b) The risk of high consequence events must be limited. Engineering and administrative controls shall be used to keep events highly unlikely (guidance in NUREG-1520 as <1E-5/yr) or their consequences less than high High consequence event acute worker dose ³ 100 rem person outside controlled area dose ³ 25 rem 15

ISA Guidance for Choosing Safety Controls (cont.) 10 CFR 70.61 – Performance Requirements (c) The risk of intermediate consequence events must be limited. Engineering and administrative controls shall be used to keep events unlikely (guidance in NUREG-1520 as <1E-4/yr) or their consequences low Intermediate consequence event not a high consequence event acute worker dose ³ 25 rem person outside controlled area dose ³ 5 rem 16

Standard Review Plan Risk Matrix NUREG 1520 — Risk Matrix Likelihood Category 1: highly unlikely Likelihood Category 2: unlikely Likelihood Category 3: not unlikely Consequence Category 3 High 3 acceptable 6 unacceptable 9 unacceptable Consequence Category 2 Intermediate 2 acceptable 4 acceptable 6 unacceptable Consequence Category 1 Low 1 acceptable 2 acceptable 3 acceptable 17

Likelihood 10 CFR 70.65 requires the applicant to define the likelihood terms “unlikely,” “highly unlikely,” and “credible.” All credible high-consequence events must be highly unlikely, and credible intermediate-consequence events must be unlikely for the risk to be acceptable. Events that are not credible may be exempt from the use of controls 18

Likelihood of Occurrence Composed of the following two elements: The frequency of the initial event occurring despite prevention measures The reliability or effectiveness of protection measures that protect against the event progressing to the accident IROFSs Active engineered controls (AECs) Passive engineered controls (PECs) Administrative IROFSs 19

Not Credible Events External events < 1.0E-6/y Process deviations requiring many unlikely human actions/errors for which there is no motive or reason Process deviations for which a convincing argument, based on physical laws, shows that they are not possible or unquestionably extremely unlikely 20

Highly Unlikely Events Double contingency protection Likelihood index < -5 Estimated likelihood below 1.0E-5/y 21

Unlikely Events Engineered, hardware controls with high grade of management measures Enhanced administrative controls Likelihood index > -5 and < -4 Estimated likelihood below 1.0E-4/y 22

NUREG 1520 — Table A-8: Determination of Likelihood Category Likelihood Index T (= sum of index numbers) 1 T £ - 5 2 - 5 < T £ - 4 3 - 4 < T 23

NUREG 1520 — Table A-9: Failure Frequency Index Numbers -6* -4* -3* Based on Evidence External event with frequency <10-6/yr No failures in 30 years for hundreds of similar IROFS in industry No failures in 30 years for tens of similar IROFS in industry Based on Type of IROFS** Exceptionally robust passive engineered IROFS (PEC), or an inherently safe process, or 2 independent active engineered IROFS, PEC, or enhanced administrative IROFS A single IROFS with redundant parts, each a PEC or AEC Comments If initiating event, no IROFS needed Rarely can be justified by evidence. Further, most types of single IROFS have been observed to fail. -2* -1 No failure of this type in this plant in 30 years A few failures may occur during plant lifetime Failures occur every 1-3 years A single PEC A single AEC, an enhanced administrative IROFS, an administrative IROFS with large margin, or a redundant administrative IROFS A single administrative IROFS 1 Several occurrences per year Frequent event, inadequate IROFS 2 Occurs every week or more often Very frequent event, an inadequate IROFS Not for IROFS, just initiating events 24

NUREG 1520 — Table A-10: Failure Probability Index Numbers -6* -4 or -5* Probability of Failure on Demand 10-6 10-4 - 10-5 Based on Type of IROFS Exceptionally robust passive engineered IROFS (PEC), or an inherently safe process, or 2 redundant IROFS more robust than simple administrative IROFS(AEC, PEC, or enhanced administrative) Comments If initiating event, no IROFS needed Rarely can be justified by evidence. Most types of single IROFS have been observed to fail. -3 or -4* 10-3 - 10-4 A single passive engineered IROFS (PEC) or an active engineered IROFS (AEC) with high availability -2 or -3* -1 or -2 10-2 - 10-3 10-1 - 10-2 A single active engineered IROFS (AEC), or an enhanced administrative IROFS, or an administrative IROFS for routine planned operations An administrative IROFS that must be performed in response to a rare unplanned demand 25

Footnotes for Tables A-9 and A-10 * Indices less than (more negative than) -1 should not be assigned to IROFS unless the configuration management, auditing, and other management measures are of high quality, because without these measures, the IROFS may be changed or not maintained. ** Failure frequencies based on experience for a particular type of IROFS, as described in this column, may differ from values in column 1; in this case, data from experience take precedence.

Severity of Consequences The severity of consequences of an accident is measured in terms of resulting health effects, including fatalities or exceeding personnel exposure limits 27

10 CFR 70.61 – Performance Requirements 4/21/2017 10 CFR 70.61 – Performance Requirements High consequence event Acute worker dose ³ 100 rem Person outside controlled area dose ³ 25 rem Person outside controlled area intake ³ 30 mg soluble U Acute chemical exposure (from or produced by licensed material) that could endanger a worker’s life or could cause irreversible or serious, long-lasting health effects to persons outside the controlled area 28 347c01, Section 1

10 CFR 70.61 – Performance Requirements (cont.) Immediate consequence event Not a high consequence event Acute worker dose ³ 25 rem Person outside controlled area dose ³ 5 rem 24-hour average release of radioactive material outside restricted area concentration > 5,000 times Table 2, App B, Part 20 Acute chemical exposure (from or produced by licensed material) that could cause irreversible or serious, long-lasting worker health effects or mild, transient health effects to persons outside the controlled area 29

Comparisons – DSA vs. ISA DSA – qualitative guidance on picking controls ISA – agency-wide accepted risk matrix approach ISA – justification for operational events being “noncredible” Same controls selected? 30

WRAF FACILITY HVAC/HEPA Roof Fire Suppression System Notes: Block wall Backup N2 Supply Ground Level Sloping floor & Graded Sump Concrete Lid Precipitate Tank Sludge Transfer Recycle Site N Supply Benzene Purge Tank Overflow Rollup Door Roof Tank Air Vent valve Fire Suppression System Facility Stack HVAC/HEPA Benzene/O2 Monitor System N2 pressure gauge and alarm WRAF FACILITY Notes: _____________________________________________________________________

Using the WRAF Example Identify the set of controls for a case study accident scenario identified in the hazard analysis EXPLOSION (Exposure to off site > 100 rem) Potential controls: 1. Benzene purge 2. Confinement ventilation 3. Benzene/oxygen monitoring 4. Fire suppression system

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.