1 Chris Haught, Instructor for Approaches to Criticality Safety Evaluations.

Slides:



Advertisements
Similar presentations
Risk Analysis Fundamentals and Application Robert L. Griffin International Plant Protection Convention Food and Agriculture Organization of the UN.
Advertisements

EMS Checklist (ISO model)
Software Quality Assurance Plan
EQUIPMENT VALIDATION.
5.00 Understand Promotion Research  Distinguish between basic and applied research (i.e., generation of knowledge vs. solving a specific.
RISK INFORMED APPROACHES FOR PLANT LIFE MANAGEMENT: REGULATORY AND INDUSTRY PERSPECTIVES Björn Wahlström.
NRC Perspective of Recent Configuration Management Issues Tom Farnholtz Chief, Engineering Branch 1 Division of Reactor Safety, Region IV June 2014 CMBG.
Lindy Hughes Fleet Fire Protection Program Engineer Southern Nuclear Operating Company June 4, 2013 Fire Protection.
AREVA NP EUROTRANS WP1.5 Technical Meeting Task – Safety approach Madrid, November Sophie EHSTER.
The Australian/New Zealand Standard on Risk Management
Main Requirements on Different Stages of the Licensing Process for New Nuclear Facilities Module 4.7 Commissioning Geoff Vaughan University of Central.
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.
Regulatory Body MODIFIED Day 8 – Lecture 3.
Purpose of the Standards
Controlling Risk by Managing Change Jessica Blaydes & Gary Fobare Honeywell Aerospace 2013 Region IX Workshop.
Presentation on Integrating Management Systems
Protection Against Occupational Exposure
ToR of GEOSAF2 WG on Operational Safety Review of WG2.
Control environment and control activities. Day II Session III and IV.
Codex Guidelines for the Application of HACCP
Internal Auditing and Outsourcing
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
QUALITY MANAGEMENT SYSTEM ACCORDING TO ISO
Control Selection Techniques Employed for D&D Projects with Emphasis on Nuclear Criticality Safety Controls Brenda L. Hawks Engineering Director Oak Ridge.
S/W Project Management
Introduction to ISO New and modified requirements.
A Proposed Risk Management Regulatory Framework Commissioner George Apostolakis Presented at the Organization of Agreement States 2012 Annual Meeting Milwaukee,
FRANKLIN engineering group, inc. Start-up Shutdown Malfunction Plan Development and Implementation Duncan F. Kimbro
ISO OPERATIONAL CONTROL
FIRE PROTECTION TOPICS OF INTEREST Defense Nuclear Facilities Safety Board.
© 2011 Underwriters Laboratories Inc. All rights reserved. This document may not be reproduced or distributed without authorization. ASSET Safety Management.
Margin Management. PAGE 2 Margin Management Plant Shutdowns 1.Late 1990’s – numerous “surprise” long-term plant shutdowns 2.Shutdowns resulted when a.
ISO 9001:2008 to ISO 9001:2015 Summary of Changes
Lesson 5: ANSI/ANS standards. Organizations  American National Standards Institute (ANSI)  Promulgation of standards  Nation’s point guard for international.
Lecture 7: Requirements Engineering
Hazards Identification and Risk Assessment
The Development of BPR Pertemuan 6 Matakuliah: M0734-Business Process Reenginering Tahun: 2010.
Nicolas Solente Workshop on Regulatory Requirements to Ensure Safe Disposal of Disused Sealed Sources for Operators and Regulators Amman, JORDAN 7-11 April.
Main Requirements on Different Stages of the Licensing Process for New Nuclear Facilities Module 4.5/1 Design Geoff Vaughan University of Central Lancashire,
CMSC 345 Fall 2000 Requirements Overview. Work with customers to elicit requirements by asking questions, demonstrating similar systems, developing prototypes,
Dispensary and Administration Site Information Presentation.
Specific Safety Requirements on Safety Assessment and Safety Cases for Predisposal Management of Radioactive Waste – GSR Part 5.
Fire Hazards Analysis the ORNL Approach Jeff Sipes Fire Protection Engineer April 17, 2007.
A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,
Information Security IBK3IBV01 College 2 Paul J. Cornelisse.
-1- UNRESTRICTED / ILLIMITÉ Demonstrating the Safety of Long-Term Waste Management Facilities Dave Garrick 2015 September.
International Atomic Energy Agency Regulatory Review of Safety Cases for Radioactive Waste Disposal Facilities David G Bennett 7 April 2014.
SAFEWARE System Safety and Computers Chap18:Verification of Safety Author : Nancy G. Leveson University of Washington 1995 by Addison-Wesley Publishing.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Outlines Overview Defining the Vision Through Business Requirements
ISO 9001:2015 Subject: Quality Management System Clause 8 - Operation
OHSAS Occupational health and safety management system.
RISK MANAGEMENT FOR COMMUNITY EVENTS. Today’s Session Risk Management – why is it important? Risk Management and Risk Assessment concepts Steps in the.
ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.
Organizations of all types and sizes face a range of risks that can affect the achievement of their objectives. Organization's activities Strategic initiatives.
Information Technology Project Management, Seventh Edition.
Process Safety Management Soft Skills Programme Nexus Alliance Ltd.
Risk Assessment: A Practical Guide to Assessing Operational Risk
1.9. Safety assessment “School for Drafting Regulations on Radiation Safety, IAEA - Module 1 Regulatory framework for safety, authorization and inspection.
1 Auditing Your Fusion Center Privacy Policy. 22 Recommendations to the program resulting in improvements Updates to privacy documentation Informal discussions.
Use and Conduct of Safety Analysis IAEA Training Course on Safety Assessment of NPPs to Assist Decission Making Workshop Information IAEA Workshop Lecturer.
(Additional materials)
Flooding Walkdown Guidance
Quality Risk Management
HSE Case: Risk Based Approach.
Regulatory review and assessment
Communication and Consultation with Interested Parties by the RB
Regulatory review and assessment
TRTR Briefing September 2013
Module SCD 2: Safety Requirements for Safety Assessment and Safety Case General Safety Requirements for Safety Assessment NSD 1.1.
Presentation transcript:

1 Chris Haught, Instructor for Approaches to Criticality Safety Evaluations

2 Scope of Topic: Purposes Typical Steps Other Considerations Examples of Process Situations

3 PURPOSES OF NCS EVALUATIONS: 1.To demonstrate that the operation is adequately subcritical: under normal operating conditions under contingent (upset) conditions that the operation meets ANSI/ANS-8.1 safety criteria 2.To derive limits and controls to ensure that the above conclusions and bases are acceptable 3.To communicate to other analysts 4.To convince regulators that the above conclusions and bases are acceptable

4 ONE BASIC SAFETY CRITERION From ANSI/ANS-8.1, Process Analysis (PA) Before a new operation with fissionable material is begun, or before an existing operation is changed, it shall be determined that the entire process will be subcritical under both normal and credible abnormal conditions.

How does one determine all credible abnormal conditions are identified? –You can’t! –Be aware that no process criticality accident occurred as a result of an erroneous calculation; most occurred as a result of a fault pathway that was not previously identified –A thorough understanding of the process or activity is key to ensuring an adequate control set is developed –A defense in depth philosophy is key for nuclear criticality safety…. 5

6 NOTE!: ANS-8.1 does not define “credible” or “unlikely.” When ANSI standards use such terms without specific definition within the standard, the meaning of the terms is as defined by ordinary English usage (i.e., what Webster’s or other standard dictionary definitions state). But “credible” is discussed in the new Appendix B…

How to apply credible? Reconciling “credible abnormal conditions” with “economic considerations” and “protection of operating personnel and the public” is part of applying PA (§4.1.2) “…relies on the judgment of the key professionals…” “…can differ from process to process and site to site” “Elimination of all risk is not possible” Resources expended for NCS control should be commensurate with other hazards of similar consequences (paraphrased) 7

8 TO MEET ANSI/ANS : Combinations of upset conditions (simultaneous or in-sequence) should be considered. Rarely does occurrence of a single upset condition yield a criticality scenario. (Most criticality accidents result from multiple failures.) If the combination of multiple upset conditions is credible and possibly results in a criticality accident, then the operation being evaluated does not meet the basic safety criterion of ANS

9 ANOTHER BASIC SAFETY CRITERION From ANSI/ANS-8.1, Double-contingency Principle (DCP) Process designs should incorporate sufficient factors of safety to require at least two unlikely, independent, and concurrent changes in process conditions before a criticality accident is possible.

More on “Double” –Not two contingencies! There will most likely be numerous upsets to consider. –Not two controls! Maybe no NCS controls are needed. Maybe scores of controls are needed. This is determined by the analysis, not the Double Contingency Principle. –Two barriers? Maybe two, maybe more. Again, determined by the analysis. So, how many controls are needed? –Sufficient factors of safety…. 10

11 Note that “process analysis” criterion is a requirement (“SHALL”) but “double contingency” is a recommendation (“SHOULD”). Historically, regulatory agencies have required that “double contingency” be implemented as a requirement, without full understanding by regulation authors of the original intent, or the difficulty in truly meeting double contingency for many categories of fissile operations.

Why isn’t the Double Contingency Principle a requirement? –It is difficult if not impossible to verify –There are situations where consequence mitigation minimizes the need for defense in depth (e.g. shielded facilities or underground tanks) –Single barriers that are sufficiently robust (e.g. LEU UF 6 cylinders) –Credibility of a single change process conditions 12

Historical Perspective LA-2063, 1956 LA-3366,

DCP in ANS , Appendix B “…does not refer to parameters or controls…” “The phrases ‘multiple controls on a single parameter’ or ‘multiple parameter control’ have no bearing on whether DCP is properly satisfied.” The appendix suggests that crediting “multiple independent controls to prevent a single change in process conditions” is acceptable for complying with PA but not compliant with DCP –DCP does not address credibility of “unlikely” changes 14

My Perspective on DCP Goals –Defense in Depth –Diversity of Controls Practicality –Control of two independent parameters will be an effective means of control, but may lead to NCS controls being out of balance with other similar hazards –Overall protection of the worker should guide application of DCP 15

NCS Evaluations 16 Normal Conditions Abnormal Conditions Criticality Accident Possible Contingencies Must be unlikely, independent (self-evident), and subcritical Barrier Analysis Typical PA/DCP Whether or not documented, analyst must understand where criticality is possible

17 TYPICAL PROCESS FOR DEVELOPMENTOF NCS EVALUATIONS Identify Normal Conditions Identify Contingent Conditions What can go wrong? "Normal" may not be typical Neutronic analysis (calculations, handbooks) What the parameters must be controlled to. How the parameters will be controlled. Understood? Doable? Evaluate Conditions Establish Limits Establish Controls/ Requirements Acceptance by Users Evaluation Approved Implement NCS Controls Request made, Understanding Process/Activity (See Note) Note: this step is a formality; users should be involved during the development

Understanding the Process/Activity Most important step… Research, Study, and Learn –Material characteristics (physical, chemical, and nuclear, static and dynamic aspects) –Process chemistry –Material flows (incoming, outgoing, flow rates, waste streams, multiple streams, etc.) –Material unaccounted for (normal and abnormal equipment holdup) 18

Understanding the Process/Activity Research, Study, and Learn –Adjacent processes and operations (upstream, downstream, and lateral) –Physical layout of equipment –Function of the equipment –Capability of the equipment 19

Understanding the Process/Activity Talk to operators, engineers, NCS analysts Ask what can go wrong Review safety analyses (e.g. ISAs and DSAs) Inspect the field, observe operations Pore over drawings, Read procedures In short, become as knowledgeable as the system engineer 20

Understanding the Process/Activity Remember, no accident has occurred as a result of an erroneous calculation Understanding the process/activity will provide a firm foundation Without such an understanding, your analysis is built on a house of cards 21

Understanding the Process/Activity Now that you understand the process… Document a description of the process –Include assumptions relevant to the evaluation –Discuss inputs – fissile materials, chemical reagents, materials of construction, etc. –Discuss products, by-products, and waste streams 22

Understanding the Process/Activity Description of the process –Discuss physical changes –Discuss chemical reactions –Present the boundaries of the system and analysis –Discuss interfacing systems – ensure evaluations for these systems properly consider materials from your process –Discuss utilities such as water, vacuum, or air 23

Understanding the Process/Activity Regarding what is being requested of NCS… Understand what is wanted Understand what is needed –Sometimes, wants ≠ needs (operational flexibility vs. convenient controls) –Sometimes, wants and needs change while the evaluation is being developed. 24

Identify Normal Conditions Normal conditions” should bound actual and expected conditions –Including process upsets not considered to be unlikely –Including process variability Ensure conservatism in NCS evaluation –Gain practical flexibility in operations –Minimizes infractions, occurrences, etc. 25

Identify Normal Conditions Why is a “normal” condition analysis needed? Need to be able to justify that a reasonable margin of subcriticality exists, even for anticipated conditions. In determining the normal condition is subcritical, the physical parameters that ensure subcriticality are defined. –Helps identify abnormal changes to the process/activity 26

Identify Contingent Conditions Contingent = abnormal = upset What can go wrong How can it go wrong To what extent it can go wrong Likelihood –If a scenario does not meet your judgment for unlikely, it should be folded in with normal –If a scenario is considered possible but not credible, consider the benefit to the worker (and public) 27

Identify Contingent Conditions Understand basic routes/sequences leading from normal conditions to a criticality accident (scenarios). Identify what can go wrong in physical space, such as an addition of the wrong chemical reagent, operator inattention, process temperature too high, a fire, etc. 28

Identify Contingent Conditions Determine how nuclear parameters are affected –a contingency is not simply a control failure Use the nuclear parameters (MAGIC MERV) as a tool to consider how upset conditions impact NCS (e.g. margin of safety, k eff ) –Translates the physical state to the analysis Beware "single" events that affect multiple parameters and controls (common-mode failure) 29

Evaluate Conditions Keep the evaluation arguments focused on failures that can affect physical parameters important to NCS Keep the logic as clear and as presentable as practical – other non-NCS personnel may need to understand. The evaluation needs to communicate and demonstrate 30

Evaluate Conditions Identify parameters and understand how changes affect system reactivity (ANS 8.1) –Comparative analysis to critical experiments or guides based on critical data –Reference to nuclear safety guides and standards –Hand calculations –Computer code calculations (validated by comparison to critical experiments) 31

Evaluate Conditions Demonstrate normal conditions are subcritical –Establishes controlled parameters –Establishes margin of safety Demonstrate contingent conditions are subcritical –must be demonstrated to not result in a criticality accident –otherwise additional controls must be established to preclude the possibility of a criticality accident (render scenario not credible) 32

Establish Limits Which parameter(s) need to be limited –The value of the limit –Limits must be within appropriate criteria for subcriticality 33

Establish Controls/Requirements Determine practical controls. Do not seek to avoid controls for non- safety pressures. Do not bias the type of controls for expediency Work with your Operations counterparts to ensure the proposed requirements can be met If controls are not convenient to follow, they will very likely be violated! 34

Establish Controls/Requirements Translate parameter limits from analysis back to the physical state Engineered (active or passive) vs. administrative –Uranium solution monitor –Administrative sampling –Administrative components of maintaining design features 35

Establish Controls/Requirements Nature of the operation vs. NCS control –Chemical and physical properties of products –Quarantine and analysis for NCS Need for independent verification –Safety margin vs. confidence in the control Ability to perform each control Ability to recognize control failure –Periodic surveillances –Not acceptable to remain unknown 36

Establish Controls/Requirements Apply additional defense in depth controls where judged appropriate for risk management 37

Acceptance by Users The operating organization is ultimately responsible for safety The operating organization must –Validate the controls can be met –Identify how controls will be implemented and maintained The NCS analyst must clearly explain the intent of the controls 38

Thoughts on Conservatism Include conservatism where feasible: –To account for real-world uncertainties. –To simplify modeling. –To meet facility/site safety policies. But do not be unnecessarily conservative: –May hinder operations, restrict productivity, or cause other safety problems. –May result in complex or confusing requirements being imposed on operations personnel (encourages shortcuts) 39

Other Considerations Structure of the review/approval process Criticality accident alarm system coverage Computational studies Access to references Means of documentation, document control, and record retention Interface with regulatory/compliance oversight Interface with facility safety documentation –Consistency with hazard analysis –Elevation of controls 40

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.