Presentation is loading. Please wait.

Presentation is loading. Please wait.

Version 1.0, May 2015 SHORT COURSE

Published byClemence Logan Modified over 6 years ago

Similar presentations

Presentation on theme: "Version 1.0, May 2015 SHORT COURSE"— Presentation transcript:

1 Version 1.0, May 2015 SHORT COURSE
BASIC PROFESSIONAL TRAINING COURSE Module VI Deterministic safety assessment Version 1.0, May 2015 SHORT COURSE This material was prepared by the IAEA and co-funded by the European Union. 

2 DETERMINISTIC SAFETY ASSESSMENT
2 Learning objectives After completing this chapter, the trainee will be able to: Describe the main purpose of performing safety analyses. Identify whose responsibility is the performance of safety analyses. Describe the main goals/outcomes of deterministic safety assessments.

3 Purpose of safety analyses
3 The Safety Fundamentals publication, Fundamental Safety Principles, establishes the principles for ensuring the protection of workers, the public and the environment, now and in the future, from harmful effects of ionizing radiation. Safety analyses are undertaken as a means of evaluating compliance with safety principles and safety requirements for all nuclear facilities. They are to be carried out and documented by the organization responsible for operating the facility, are to be independently verified and are to be submitted to the regulatory body as part of the licensing or authorization process. The Safety Fundamentals publication, Fundamental Safety Principles [2], establishes principles for ensuring the protection of workers, the public and the environment, now and in the future, from harmful effects of ionizing radiation. Safety analyses are undertaken as a means of evaluating compliance with safety principles and safety requirements for all nuclear facilities. They are to be carried out and documented by the organization responsible for operating the facility, are to be independently verified and are to be submitted to the regulatory body as part of the licensing or authorization process.

4 How deterministic safety analyses are performed
4 Deterministic safety assessment (DSA) postulates a number of initiating events (postulated initiating events - PIEs)and simulates the response of the facility to these initiators. Deterministic safety assessments are performed under specific predetermined assumptions concerning the initial operational state and the initiating event, with specific sets of rules and acceptance criteria. DSA can be conservative or best estimate. Deterministic safety assessment postulates a number of initiating events (postulated initiating events - PIEs) and simulates the response of the facility to these initiators. Deterministic safety assessments are performed under specific predetermined assumptions concerning the initial operational state and the initiating event, with specific sets of rules and acceptance criteria. DSA can be conservative or best estimate.

5 What deterministic safety analyses provide
5 Deterministic safety analysis mainly provides: Establishment and confirmation of the deign basis for all items important to safety; Characterization of the postulated initiating events that are appropriate for the site and the design of the plant; Analysis and evaluation of event sequences that result from postulated initiating events; Comparison of the results of the analysis with dose limits and acceptance limits, and with design limits; Demonstration that the management of anticipated operational occurrences and design basis accident conditions is possible by automatic actuation of safety systems; Demonstration that the management of design extension conditions is possible by actuation of plant systems in combination with prescribed operator actions. Deterministic safety analysis mainly provides [3]: Establishment and confirmation of the deign basis for all items important to safety; Characterization of the postulated initiating events that are appropriate for the site and the design of the plant; Analysis and evaluation of event sequences that result from postulated initiating events; Comparison of the results of the analysis with dose limits and acceptance limits, and with design limits; Demonstration that the management of anticipated operational occurrences and design basis accident conditions is possible by automatic actuation of safety systems; Demonstration that the management of design extension conditions is possible by actuation of plant systems in combination with prescribed operator actions.

6 Overall aim of the safety analysis
6 The results of the safety analysis ensure that, with a high level of confidence, the plant will perform as designed and that it will meet all the design acceptance criteria at commissioning and throughout the life of the plant. The results of the safety analysis ensure with a high level of confidence that the plant will perform as designed and that it will meet all the design acceptance criteria at commissioning and throughout the life of the plant [4].

7 PLANT STATES Learning objectives
7 Learning objectives After completing this chapter, the trainee will be able to: Describe different NPP plant states. Distinguish between normal operational states and accident conditions. Distinguish between design basis accidents and design extension conditions.

8 Types of plant states 8 Plant states for nuclear power plants are specified in SSR 2/1. They are divided into operational states and accident conditions. Operational states include normal operation as well as anticipated operational occurrences. Accident conditions include accidents that are within the design basis and design extension conditions. In the past, design extension conditions were termed the Beyond design basis accident conditions. Design extension conditions include severe accident conditions, which are characterized as states with significant core degradation. Plant states for nuclear power plants are specified in SSR 2/1 [3], as shown in Table 2.1. They are divided into operational states and accident conditions. Operational states include normal operation as well as anticipated operational occurrences. Accident conditions include conditions within design basis accidents and the design extension conditions. In the past, design extension conditions were termed the Beyond design basis accident conditions. Design extension conditions include severe accident conditions, which are characterized as states with significant core degradation in which, for example, core components start to melt (as it was the case for the beyond design basis accident conditions).

9 Types of plant states Table 2.1: Plant states. Operational states
Accident conditions Normal operation Anticipated operational occurrences Design basis accidents Design extension conditions Plant states for nuclear power plants are specified in SSR 2/1 [3], as shown in Table 2.1. They are divided into operational states and accident conditions. Operational states include normal operation as well as anticipated operational occurrences. Accident conditions include conditions within design basis accidents and the design extension conditions. In the past, design extension conditions were termed the Beyond design basis accident conditions. Design extension conditions include severe accident conditions, which are characterized as states with significant core degradation in which, for example, core components start to melt (as it was the case for the beyond design basis accident conditions).

10 Normal operation 10 Normal operation is defined as operation within specified operational limits and conditions. Deterministic analysis is applied to normal operation with the aim of showing that normal operation can be carried out safely. This includes: acceptable doses to workers and the public; and acceptable planned releases of radioactive material. The analysis should also demonstrate that, during normal operation, plant parameters remain within acceptable limits. For the plant states in Table 2.1, normal operation is defined as operation within specified operational limits and conditions. Deterministic analysis is applied to normal operation, with the aim of showing that normal operation can be carried out safely, that is with acceptable doses to workers and the public, and with acceptable planned releases. The analysis should also demonstrate that, during normal operation, plant parameters remain within acceptable limits

11 Anticipated operational occurrences
11 An anticipated operational occurrence (AOO) is an operational process deviating from normal operation which is expected to occur at least once during the operating lifetime of a facility. Because of appropriate design provisions, it does not cause any significant damage to items that are important to safety or lead to accident conditions. Such events have the potential to challenge the safety of the plant but, because of appropriate design provisions, they do not lead to any significant fuel damage, and, therefore, no offsite consequences. An anticipated operational occurrence (AOO) is an operational process deviating from normal operation which is expected to occur at least once during the operating lifetime of a facility but which, in view of appropriate design provisions, does not cause any significant damage to items important to safety or lead to accident conditions. Such events have the potential to challenge the safety of the plant but, because of appropriate design provisions, they do not lead to any significant fuel damage, and, therefore, no offsite consequences. 1111

12 Design basis accidents
12 Design basis accidents (DBAs) are accident conditions against which a facility is designed according to established design criteria. In DBAs, the damage to the fuel and the release of radioactive material are kept within authorized limits. DBAs are not expected to occur in the life of the plant, but are of sufficiently high probability that they are reasonably considered as tests of the safety design of the plant. A chance of their appearance is judged to be greater than 1 % over the lifetime of the plant, even though modern designs have reduced their frequency below this value. Design basis accidents (DBAs) are accident conditions against which a facility is designed according to established design criteria, and for which the damage to the fuel and the release of radioactive material are kept within authorized limits [5]. DBAs are not expected to occur in the life of the plant, but are of sufficiently high probability that they are reasonably considered as tests of the safety design of the plant. A chance of their appearance is judged to be greater than 1 % over the lifetime of the plant, even though modern designs have reduced their frequency below this value.

13 Design extension conditions
13 Deterministic analysis should also be carried out for design extension conditions (DECs) and severe accidents (SAs). DECs are defined as accident conditions that are not considered for design basis accidents, but are considered in the design process of the facility in accordance with best estimate methodology. For DECs, releases of radioactive material are kept within acceptable limits. Such accidents are of extremely low frequency, so they have not historically been considered to be within the design basis. Deterministic analysis should also be carried out for design extension conditions (DEC) and severe accidents (SAs). DEC are defined as accident conditions that are not considered for design basis accidents, but that are considered in the design process of the facility in accordance with best estimate methodology, and for which releases of radioactive material are kept within acceptable limits. Such accidents are of extremely low frequency, so they have not historically been considered to be within the design basis.

14 Design extension conditions: severe accidents
14 Some recent designs have included features to mitigate the consequences of severe accidents. The intention is to minimise or practically eliminate the need to apply counter measures to protect members of the public outside the site. The analysis of DECs is conducted using best estimate codes and data with an analysis of the uncertainties, which can be considerable. In contrast to the analyses of normal operation, AOOs and DBAs, where well-defined acceptance criteria are available, no such generally accepted deterministic criteria are available for severe accidents (SAs). Some recent designs have included features to mitigate the consequences of severe accidents. The intention is to minimise or practically eliminate the need to apply counter measures to protect members of the public outside the site. The analysis of DEC is conducted using best estimate codes and data with an analysis of the uncertainties, which can be considerable. In contrast to the analyses of normal operation, AOOs and DBAs, where well-defined acceptance criteria are available, no such generally accepted deterministic criteria are available for severe accidents.

15 INITIATING EVENTS Learning objectives
15 Learning objectives After completing this chapter, the trainee will be able to: List internal and external postulated initiating events (PIE) and their possible grouping. Describe the basis for grouping of initiating events. Distinguish among expected, possible, unlikely and remote initiating events.

16 Postulated Initiating Events (PIEs)
16 Both deterministic and probabilistic analyses start with identifying a set of Postulated Initiating Events (PIEs). A PIE is some event that disturbs the normal operation of the plant, and leads to an Anticipated Operational Occurrence (AOO) or an accident condition. PIEs may include I Internal events, such as equipment failures or human errors; and external events, such as earthquakes or floods. Both deterministic and probabilistic analyses start with identifying a set of Postulated Initiating Events (PIEs). A PIE is some event that disturbs the normal operation of the plant, and leads to an Anticipated Operational Occurrence (AOO) or an accident condition. PIEs may include internal events, such as equipment failures or human errors, and external events, such as earthquakes or floods.

17 Internal Postulated Initiating Events (PIEs)
17 Internal PIEs are those that originate from within the plant, and challenge the control and safety systems provided in the design. Some events, which physically originate from off the site, such as loss-of-offsite power, are usually considered to be internal events if they provide a challenge to internal safety systems. Internal PIEs are those that originate from within the plant, and challenge the control and safety systems provided in the design. Some events, which physically originate from off the site, such as loss-of-offsite power, are usually considered to be internal events if they provide a challenge to internal safety systems.

18 Categorisation of internal PIEs
18 They usually fit into one of the following categories: Increase or decrease in heat removal from the reactor coolant system; Increase or decrease in the reactor coolant flow; Increase or decrease in reactor coolant system pressure; Increase or decrease in reactor coolant inventory, including failures in the primary coolant pressure boundary; Reactivity and power distribution anomalies causing changes in core power operation. In addition, events which cause the release of radionuclide from a system or component, which do not necessarily fit into one of the above categories, should be considered. They usually fit into one of the following categories [6]: Increase or decrease in heat removal from the reactor coolant system, Increase or decrease in the reactor coolant flow, Increase or decrease in reactor coolant system pressure, Increase or decrease in reactor coolant inventory, including failures in the primary coolant pressure boundary, Reactivity and power distribution anomalies causing changes in core power operation. In addition, events which cause the release of radionuclide from a system or component, which do not necessarily fit into one of the above categories, should be considered.

19 External events 19 External events are usually considered to arise from outside the plant and to include both natural and human-caused events. The external events can lead to an internal initiating event, and in addition may disable safety equipment. Typical external events include: Earthquakes; Tornadoes, hurricanes, cyclones, fires, high or low temperature, extreme snowfall and other severe weather conditions; Flooding; Aircraft crashes, external fires, explosions or the release of hazardous materials. External events are usually considered to arise from outside the plant and to include both natural and human-caused events. The external events can lead to an internal initiating event, and in addition may disable safety equipment. Typical external events include: Earthquakes, Tornadoes, hurricanes, cyclones, fires, high or low temperature, extreme snowfall and other severe weather conditions, Flooding, Aircraft crashes, external fires, explosions or the release of hazardous materials.

20 Bounding accident sequences and grouping of initiating events
20 After the initiating event, it is necessary to consider any plant failures that may occur as a result. This leads to the identification of a large number of possible accident sequences and it is not practicable to analyse them all. It is therefore necessary to identify a limited number of sequences for analysis that bound all the others of the same type. These bounding sequences should be chosen so that, of all the sequences in their group, they provide the greatest challenge to the relevant acceptance criteria. After the initiating event, it is necessary to consider any plant failures that may occur as a result. This leads to the identification of a large number of possible accident sequences and it is not practicable to analyse them all. It is therefore necessary to identify a limited number of sequences for analysis that bound all the others of the same type. These bounding sequences should be chosen so that, of all the sequences in their group, they provide the greatest challenge to the relevant acceptance criteria.

21 Occurrence (1/reactor year)
Table 3.1: Possible grouping of postulated initiating events. Occurrence (1/reactor year) Characte-ristics Plant state Terminology Acceptance criteria 10−2 – 1 (Expected over the lifetime of the plant) Expected Anticipated operational occurrences Anticipated transients, transients, frequent faults, incidents of moderate frequency, upset conditions, abnormal conditions No additional fuel damage 10−4 – 10−2 (Chance greater than 1% over the lifetime of the plant) Possible Design basis accidents Infrequent incidents, infrequent faults, limiting faults, emergency conditions No radiological impact at all or no radiological impact outside the exclusion area 10−6 – 10−4 (Chance less than 1% over the lifetime of the plant) Unlikely Beyond design basis accidents Faulted conditions Radiological consequences outside exclusion area within limits < 10−6 (Very unlikely to occur) Remote Severe accidents Emergency response needed Table 3.1: Possible grouping of postulated initiating events. Occurrence (1/reactor year)Characte-risticsPlant stateTerminologyAcceptance criteria10−2 – 1 (Expected over the lifetime of the plant)ExpectedAnticipated operational occurrencesAnticipated transients, transients, frequent faults, incidents of moderate frequency, upset conditions, abnormal conditionsNo additional fuel damage10−4 – 10−2 (Chance greater than 1% over the lifetime of the plant)PossibleDesign basis accidentsInfrequent incidents, infrequent faults, limiting faults, emergency conditionsNo radiological impact at all or no radiological impact outside the exclusion area10−6 – 10−4 (Chance less than 1% over the lifetime of the plant)UnlikelyBeyond design basis accidentsFaulted conditionsRadiological consequences outside exclusion area within limits< 10−6 (Very unlikely to occur)RemoteSevere accidentsFaulted conditionsEmergency response needed

22 ACCEPTANCE CRITERIA Learning objectives
22 Learning objectives After completing this chapter, the trainee will be able to: Describe acceptance criteria for deterministic safety analysis. Distinguish between basic acceptance criteria and derived acceptance criteria. State the most widely used derived acceptance criteria for the Emergency Core Cooling Systems for LWRs.

23 Basic and derived acceptance criteria
23 Basic acceptance criteria are usually defined as the limits and conditions that must be met in order to ensure an adequate level of safety. They are commonly set by a regulatory body. These criteria are supplemented by other requirements known as acceptance criteria (sometimes termed derived acceptance criteria) These are to ensure defence in depth by, for example, preventing the consequential failure of a pressure boundary in an accident. Basic acceptance criteria are usually defined as the limits and conditions that must be met in order to ensure an adequate level of safety. They are commonly set by a regulatory body. These criteria are supplemented by other requirements known as acceptance criteria (sometimes termed derived acceptance criteria) to ensure defence in depth by, for example, preventing the consequential failure of a pressure boundary in an accident.

24 Types of basic acceptance criteria
24 Basic acceptance criteria, such as radiation dose criteria, should be related to the frequency of the initiating event or initiating sequence, depending on the approach adopted. Acceptance criteria should be established for the entire range of operational states and accident conditions. Acceptance criteria may be related to the frequency of the event. Events that occur frequently, such as anticipated operational occurrences, should have more restrictive acceptance criteria than less frequent events such as design basis accidents. Basic acceptance criteria, such as radiation dose criteria, should be related to the frequency of the initiating event or initiating sequence, depending on the approach adopted. Acceptance criteria should be established for the entire range of operational states and accident conditions. Acceptance criteria may be related to the frequency of the event. Events that occur frequently, such as anticipated operational occurrences, should have more restrictive acceptance criteria than less frequent events such as design basis accidents.

25 An illustration of acceptance criteria that are related to the frequency of the sequence following each Postulated Initiating Event is given in the Figure 4.1 below (from ANSI/ANS 51.1):

26 Use of surrogate variables
26 Acceptance criteria should be set in terms of the variable or variables that directly govern the physical processes that challenge the integrity of a barrier. Nevertheless, it is a common engineering practice to make use of surrogate variables to establish an acceptance criterion, which, if not exceeded, will ensure the integrity of the barrier. Examples of surrogate variables are: peak cladding temperature (PCT); departure from nucleate boiling ratio (DNBR) or fuel pellet enthalpy rise. When defining these acceptance criteria a sufficiently high degree of conservatism should be included to ensure that there are adequate safety margins beyond the acceptance criterion to allow for uncertainties. Acceptance criteria should be set in terms of the variable or variables that directly govern the physical processes that challenge the integrity of a barrier. Nevertheless, it is a common engineering practice to make use of surrogate variables to establish an acceptance criterion, which, if not exceeded, will ensure the integrity of the barrier. Examples of surrogate variables are: peak cladding temperature (PCT), departure from nucleate boiling ratio (DNBR) or fuel pellet enthalpy rise. When defining these acceptance criteria a sufficiently high degree of conservatism should be included to ensure that there are adequate safety margins beyond the acceptance criterion to allow for uncertainties.

27 Derived Acceptance Criteria
27 Typical acceptance criteria (derived acceptance criteria) are: Numerical limits on the values of calculated variables (e.g. peak cladding temperature, fuel cladding oxidation); Conditions for plant states during and after an accident (e.g. limitations on power depending on the coolant flow through the core, achievement of a long term safe state); Performance requirements on structures, systems and components (e.g. injection flow rates); Requirements for operator actions, with account taken of the specific accident environment (e.g. the reliability of the alarm system and habitability in the control areas). Typical acceptance criteria (derived acceptance criteria) are: Numerical limits on the values of calculated variables (e.g. peak cladding temperature, fuel cladding oxidation); Conditions for plant states during and after an accident (e.g. limitations on power depending on the coolant flow through the core, achievement of a long term safe state); Performance requirements on structures, systems and components (e.g. injection flow rates); Requirements for operator actions, with account taken of the specific accident environment (e.g. the reliability of the alarm system and habitability in the control areas).

28 Example of a derived acceptance criterion
28 An example of such acceptance criteria can be found in the US NRC 10 CFR regulation for the Emergency Core Cooling Systems (ECCSs) for Light water reactors (LWRs), This addresses safety limits that must be assured under Loss of Coolant Accident (LOCA) conditions: Maximum zircaloy cladding temperature (1204 C); Maximum oxidation of cladding (17 %); Maximum amount of hydrogen generated by chemical reaction of the zircaloy cladding with water and/or steam (1 %); Coolable core geometry; Long term cooling. Compliance with acceptance criteria should always be demonstrated in licensing applications. An example of such acceptance criteria can be found in the US NRC 10 CFR regulation for the Emergency Core Cooling Systems (ECCSs) for Light water reactors (LWRs), addressing safety limits that must be assured under Loss of Coolant Accident (LOCA) conditions [7]: Maximum zircaloy cladding temperature (1204 C); Maximum oxidation of cladding (17 %); Maximum amount of hydrogen generated by chemical reaction of the zircaloy cladding with water and/or steam (1 %); Coolable core geometry; Long term cooling. Compliance with acceptance criteria should always be demonstrated in licensing applications.

29 Supplementing acceptance criteria
29 Acceptance criteria for design basis accidents may be supplemented by criteria that relate to severe accidents and other design extension conditions. These are typically: core damage frequency; prevention of consequential damage to the containment; large early release frequency; probability of scenarios requiring emergency measures off the site, limiting the release of specific radionuclides such as Cs-137; dose limits or risks to the most exposed individual. Acceptance criteria for design basis accidents may be supplemented by criteria that relate to severe accidents and other design extension conditions. These are typically core damage frequency, prevention of consequential damage to the containment, large early release frequency, probability of scenarios requiring emergency measures off the site, limiting the release of specific radionuclides such as Cs-137, dose limits or risks to the most exposed individual.

30 TYPES OF DETERMINISTIC SAFETY ANALYSES
30 Learning objectives After completing this chapter, the trainee will be able to: List 4 options available for deterministic calculations. Distinguish between conservative and best estimate calculations. Describe the difference between determination of availability of safety systems in conservative and PSA based option.

31 Types of deterministic safety analyses
31 The IAEA Specific Safety Guide No. 2 describes the types of deterministic safety analysis. There are three alternative ways of analysing anticipated operational occurrences and design basis accidents to demonstrate that the safety requirements are met: Use of conservative computer codes with conservative initial and boundary conditions (conservative analysis); Use of best estimate computer codes combined with conservative initial and boundary conditions (combined analysis); Use of best estimate computer codes with conservative and/or realistic input data but coupled with an evaluation of the uncertainties in the calculated results, with account taken of both the uncertainties in the input data and the uncertainties associated with the models in the best estimate computer code (best estimate analysis). A conservative value of the relevant parameter, which reflects the quantified level of uncertainty, is used in the safety evaluation. The IAEA Specific Safety Guide No. 2 [5] describes the types of deterministic safety analysis. There are three alternative ways of analysing anticipated operational occurrences and design basis accidents to demonstrate that the safety requirements are met: Use of conservative computer codes with conservative initial and boundary conditions (conservative analysis); Use of best estimate computer codes combined with conservative initial and boundary conditions (combined analysis); Use of best estimate computer codes with conservative and/or realistic input data but coupled with an evaluation of the uncertainties in the calculated results, with account taken of both the uncertainties in the input data and the uncertainties associated with the models in the best estimate computer code (best estimate analysis). A conservative value of the relevant parameter, which reflects the quantified level of uncertainty, is used in the safety evaluation.

32 Availability of systems
Options for Combining a Computer Code with Input Data Table 5.1: Options for combination of a computer code and input data. Option Computer code Availability of systems Initial and boundary conditions 1. Conservative Conservative Conservative assumptions Conservative input data 2. Combined Best estimate 3. Best estimate Realistic plus uncertainty; partly most unfavourable conditions[1] 4. Risk informed Derived from probabilistic safety analysis Realistic input data with uncertainties1 These are the first three options in Table 5.1 [1]Realistic input data are used only if the uncertainties or their probabilistic distributions are known. For those parameters whose uncertainties are not quantifiable with a high level of confidence, conservative values should be used [1]Realistic input data are used only if the uncertainties or their probabilistic distributions are known. For those parameters whose uncertainties are not quantifiable with a high level of confidence, conservative values should be used

33 The use of Options 2 and 3 for deterministic safety analyses
33 In principle, Options 2 and 3 in Table 5.1 are distinctly different types of analysis. However, in practice, a mixture of Options 2 and 3 is employed. This is because, whenever extensive data are available, the tendency is to use realistic input data, and whenever data are scarce, the tendency is to use conservative input data. In principle, Options 2 and 3 in Table 5.1 are distinctly different types of analysis. However, in practice, a mixture of Options 2 and 3 is employed. This is because, whenever extensive data are available, the tendency is to use realistic input data, and whenever data are scarce, the tendency is to use conservative input data.

34 The use of Option 4 for deterministic safety analyses
34 Option 4 is not yet widely used. It is an attempt to combine insights from probabilistic safety analyses with a deterministic approach, which results in a risk informed safety analysis. In Options 1 – 3, the availability of safety systems is based on conservative assumptions whereas, in Option 4, the availability of safety systems is derived by probabilistic means. Option 4 is not yet widely used. It is an attempt to combine insights from probabilistic safety analyses with a deterministic approach, which results in a risk informed safety analysis. In Options 1 – 3, the availability of safety systems is based on conservative assumptions whereas, in Option 4, the availability of safety systems is derived by probabilistic means.

35 CONSERVATIVE DETERMINISTIC SAFETY ANALYSIS
35 Learning objectives After completing this chapter, the trainee will be able to: Describe the purpose of conservative deterministic safety analysis. Describe initial and boundary conditions used in deterministic safety analyses. Explain the importance of the single failure criterion. Describe how is operator action treated in DSA.

36 The use of Options 1 and 2 for deterministic safety analyses
36 In a conservative approach, any parameter that has to be specified for the analysis is allocated a value that will have an unfavourable effect in relation to the relevant specific acceptance criteria. In a traditional conservative analysis, both the assumed plant conditions and the physical models used are set conservatively. The intention is that such an approach would provide results that are also conservative; they bound the effect of the uncertainties. This is Option 1 in Table 5.1. Option 2 is also considered to be a conservative approach even though models used in computer codes are meant to be realistic. In a conservative approach, any parameter that has to be specified for the analysis is allocated a value that will have an unfavourable effect in relation to the relevant specific acceptance criteria. In a traditional conservative analysis, both the assumed plant conditions and the physical models used are set conservatively. The intention is that such an approach would provide results that are also conservative; they bound the effect of the uncertainties. This is Option 1 in Table 5.1. Option 2 is also considered to be a conservative approach even though models used in computer codes are meant to be realistic.

37 Initial and boundary conditions
37 The initial conditions are the assumed values of plant parameters at the start of the transient to be analysed. Examples of these parameters are: reactor power level, power distribution, pressure, temperature and flow in the primary circuit. The initial conditions are the assumed values of plant parameters at the start of the transient to be analysed. Examples of these parameters are reactor power level, power distribution, pressure, temperature and flow in the primary circuit.

38 Initial and boundary conditions
38 The boundary conditions are the assumed values of parameters throughout the transient. Examples of boundary conditions are the actuation of safety systems such as pumps and power supplies, leading to changes in flow rates, and external sources and sinks for mass and energy. The boundary conditions are the assumed values of parameters throughout the transient. Examples of boundary conditions are the actuation of safety systems such as pumps and power supplies, leading to changes in flow rates, and external sources and sinks for mass and energy.

39 The single failure criterion
39 In conservative analyses, the single failure criterion should be applied when determining the availability of systems and components. In view of their importance, safety systems that are required during AOOs or accidents must have a very high level of reliability. For the design of safety systems, the single failure criteria means that safety related systems must be able to fulfil their function in an adequate manner even in the event of failure of any one of their components. A failure should be assumed in the system or component that would have the largest negative effect on the calculated safety parameter. In conservative analyses, the single failure criterion should be applied when determining the availability of systems and components. In view of their importance, safety systems that are required during AOOs or accidents must have a very high level of reliability. For the design of safety systems the single failure criteria means that safety related systems must be able to fulfil their function in an adequate manner even in the event of failure of any one of their components. A failure should be assumed in the system or component that would have the largest negative effect on the calculated safety parameter.

40 Common cause and consequential failures, loss of off-site power, operator actions
40 All the common cause and consequential failures associated with the postulated initiating event should also be included in the analysis in addition to the single failure. Furthermore, unavailability due to on-line maintenance should be considered if this is permitted in the plant operating procedures. In addition to the postulated initiating event itself, a loss of off-site power should be considered when analysing design basis accidents and Anticipated Operational Occurrences. For such cases, the assumption that gives the most negative effect on the margin to the acceptance criterion should be chosen. All the common cause and consequential failures associated with the postulated initiating event should also be included in the analysis in addition to the single failure. Furthermore, unavailability due to on-line maintenance should be considered if this is permitted in the plant operating procedures. In addition to the postulated initiating event itself, a loss of off-site power should be considered when analysing design basis accidents and Anticipated Operational Occurrences. For such cases, the assumption that gives the most negative effect on the margin to the acceptance criterion should be chosen.

41 Operator action 41 For design purposes, credit should not be taken for operator action to limit the evolution of a design basis accident or Anticipated Operational Occurrence within a specified time. Exceptionally, the design may take credit for earlier operator action but, in these cases, the actuation times should be conservative and should be fully justified. Conservative assumptions should be made with respect to the timing of operator actions. It should be assumed that, in most cases. post-accident recovery actions would be taken by the operator. For design purposes, credit should not be taken for operator action to limit the evolution of a design basis accident or Anticipated Operational Occurrence within a specified time. Exceptionally, the design may take credit for earlier operator action but, in these cases, the actuation times should be conservative and should be fully justified. Conservative assumptions should be made with respect to the timing of operator actions. It should be assumed that in most cases post-accident recovery actions would be taken by the operator.

42 BEST ESTIMATE PLUS UNCERTAINTY (BEPU) ANALYSIS
42 Learning objectives After completing this chapter, the trainee will be able to: Describe the use of best estimate approach. Describe the concept of safety margins.

43 Best estimate approach
43 It is not always easy to determine what assumptions will lead to a conservative result and, thus, some calculations that were thought to be conservative might not be. For example, the assumption of a high core power level may lead to high levels of the steam–water mixture in the core in the case of a postulated small break loss of coolant accident (SBLOCA). Consequently, the calculated peak cladding temperature may not be conservative. The disadvantages of using a conservative approach have been described in the previous Section. In addition, it is not always easy to determine what assumptions will lead to a conservative result and, thus, some calculations that were thought to be conservative might not be. For example, the assumption of a high core power level may lead to high levels of the steam–water mixture in the core in the case of a postulated small break loss of coolant accident (SBLOCA). Consequently, the calculated peak cladding temperature may not be conservative.

44 Best estimate approach
44 To overcome these deficiencies, it may be preferable to use a best estimate approach together with an evaluation of the uncertainties to compare the results of calculations with acceptance criteria. This type of analysis is referred to as a best estimate plus uncertainties (BEPU) approach and is Option 3 in Table 5.1. A best estimate approach provides: more realistic information about the physical behaviour of the reactor; identifies the most relevant safety issues; and provides information about the existing margins between the results of calculations and the acceptance criteria, which can be used to obtain more power from the reactor. To overcome these deficiencies, it may be preferable to use a best estimate approach together with an evaluation of the uncertainties to compare the results of calculations with acceptance criteria. This type of analysis is referred to as a best estimate plus uncertainties (BEPU) approach and is Option 3 in Table 5.1. A best estimate approach provides more realistic information about the physical behaviour of the reactor, identifies the most relevant safety issues and provides information about the existing margins between the results of calculations and the acceptance criteria, which can be used to obtain more power from the reactor.

45 Best estimate approach
45 It is common practice that assurance has to be provided that the applicable acceptance criteria for a plant will not be exceeded with a probability of 95 % or more. A probability of 100 % (i.e. certainty) cannot be achieved because only a limited number of calculations can be performed. The basis for selecting the 95 % probability level is primarily to be consistent with standard engineering practice in regulatory matters. However, national regulations may require a different level of probability that the applicable acceptance criteria will not be exceeded. It is common practice that assurance has to be provided that the applicable acceptance criteria for a plant will not be exceeded with a probability of 95% or more. A probability of 100 % (i.e. certainty) cannot be achieved because only a limited number of calculations can be performed. The basis for selecting the 95% probability level is primarily to be consistent with standard engineering practice in regulatory matters. However, national regulations may require a different level of probability that the applicable acceptance criteria will not be exceeded.

46 Best estimate approach
46 Some parameters, such as the departure from nucleate boiling ratio in pressurized water reactors or the critical power ratio in boiling water reactors, have been found to be acceptable at the 95 % probability level. Techniques may be applied that use additional confidence levels, e.g. 95 % confidence levels, with account taken of the possible sampling error due to the fact that a limited number of calculations have been performed. This leads to the so called (95/95) results, meaning with 95% probability and with 95 % confidence level. Some parameters, such as the departure from nucleate boiling ratio in pressurized water reactors or the critical power ratio in boiling water reactors, have been found to be acceptable at the 95% probability level. Techniques may be applied that use additional confidence levels, e.g. 95% confidence levels, with account taken of the possible sampling error due to the fact that a limited number of calculations have been performed. This leads to the so called (95/95) results, meaning with 95% probability and with 95 % confidence level.

47 Probability densities for load and strength /capacity.
Strength or Capacity Figure 7.1: Probability densities for load and strength /capacity. In this figure the Total margin (sometimes also defined as Safety margin) is the range between two dotted lines; the left one representing 95/95 value of calculated results and the right one the start of non-negligible failure probability

48 Best estimate approach
48 In order to illustrate the way in which the available licensing margin is expected to increase as one goes from Option 1 to Option 3 we compare the results of a single calculation for Option 3 with results of calculations using Options 1 and 2. This is illustrated in the next figure. In order to illustrate the way in which the available licensing margin is expected to increase as one goes from Option 1 to Option 3 we compare the results of a single calculation for Option 3 with results of calculations using Options 1 and 2. This is illustrated in Figure 7.2.

49 Illustrative licensing margins for different options.

50 Best estimate approach
50 Option 3 however includes a detailed evaluation of the uncertainties, and therefore, several calculations are performed to obtain the uncertainty distribution. The Safety Guide SSG 2 recommends that the value that should be compared with the acceptance criterion is the value that encompasses 95 % of the range of uncertainty with a 95 % confidence level (The 95/95 value). This is illustrated in the next figure. Option 3 however includes a detailed evaluation of the uncertainties, and therefore, several calculations are performed to obtain the uncertainty distribution. The Safety Guide SSG 2 [5] recommends that the value that should be compared with the acceptance criterion is the value that encompasses 95% of the range of uncertainty with a 95% confidence level (The 95/95 value). This is illustrated in Figure 7.3.

51 Illustrative Design Margin for Option 3.

52 SENSITIVITY AND UNCERTAINTY ANALYSIS
52 Learning objectives After completing this chapter, the trainee will be able to: Distinguish between sensitivity and uncertainty analyses. Explain the importance of performing uncertainty and sensitivity analyses. Describe the concept of the use of single failure criteria with coincident loss of off-site power in determination of availability of safety systems.

53 Sensitivity and uncertainty analysis
53 A sensitivity analysis includes a systematic variation of the individual code input variables and the individual parameters that are used in models, to determine their influence on the results of the calculations. An uncertainty analysis addresses the uncertainties in the code models, in the plant model and in the plant data, including uncertainties in measurements and uncertainties in calibration, for the analysis of each individual event. The overall uncertainty in the results of a calculation should be obtained by combining the uncertainties associated with each individual input. A sensitivity analysis includes a systematic variation of the individual code input variables and the individual parameters that are used in models, to determine their influence on the results of the calculations. An uncertainty analysis addresses the uncertainties in the code models, in the plant model and in the plant data, including uncertainties in measurements and uncertainties in calibration, for the analysis of each individual event. The overall uncertainty in the results of a calculation should be obtained by combining the uncertainties associated with each individual input.

54 Availability of systems, single failure criterion and loss of off-site power
54 The licensing requirements with regard to the availability of systems should be the same regardless of whether a conservative approach or a best estimate approach is to be used. They are currently the ‘most unfavourable single failure’ criterion and the assumption of a coincident loss of off-site power in the analysis of design basis accidents. The licensing requirements with regard to the availability of systems should be the same regardless of whether a conservative approach or a best estimate approach is to be used. They are currently the ‘most unfavourable single failure’ criterion and the assumption of a coincident loss of off-site power in the analysis of design basis accidents.

55 VERIFICATION AND VALIDATION OF COMPUTOR CODES
55 Learning objectives After completing this chapter, the trainee will be able to: Describe the process of computer code verification and validation. Distinguish between the concepts of validation and verification.

56 Verification and validation of computer codes
56 All the computer codes that are used to perform deterministic safety analyses for nuclear power plants should be verified and validated. Verification means that the numerical calculations performed by the code are carried out as intended. Validation means that the results of calculations performed by the code are sufficiently accurate when compared with the results of experiments that represent the conditions that the code is analysing. All the computer codes that are used to perform deterministic safety analyses for nuclear power plants should be verified and validated. Verification means that the numerical calculations performed by the code are carried out as intended. Validation means that the results of calculations performed by the code are sufficiently accurate when compared with the results of experiments that represent the conditions that the code is analysing. .

57 APPLICATION OF DETERMINISTIC SAFET ANALYSIS
57 Learning objectives After completing this chapter, the trainee will be able to: Describe the use of deterministic safety analysis in the design of NPPs. Describe the use of deterministic safety analysis in the licensing of NPPs. Describe the use of deterministic safety analysis in the assessment of safety analysis reports for NPPs. Describe the use of deterministic safety analysis in the analysis of operational events at NPPs.

58 APPLICATION OF DETERMINISTIC SAFET ANALYSIS
Learning objectives After completing this chapter, the trainee will be able to: Describe the use of deterministic safety analysis in the developments of EOPs and SAMGs for NPPs. Describe the use of deterministic safety analysis in the context of a periodic safety review.

59 Areas of application 59 Deterministic safety analyses should be carried out for the following areas: Design of nuclear power plants. Such analyses require either a conservative approach or a best estimate analysis together with an evaluation of uncertainties. Production of new or revised safety analysis reports for licensing purposes, including obtaining the approval of the regulatory body for modifications to a plant and to plant operation. For such applications, in many countries, but not all, conservative approaches and best estimate plus uncertainty methods may be used. The assessment by the regulatory body of safety analysis reports. Deterministic safety analyses should be carried out for the following areas: Design of nuclear power plants. Such analyses require either a conservative approach or a best estimate analysis together with an evaluation of uncertainties. Production of new or revised safety analysis reports for licensing purposes, including obtaining the approval of the regulatory body for modifications to a plant and to plant operation. For such applications, in many countries, but not all, conservative approaches and best estimate plus uncertainty methods may be used. The assessment by the regulatory body of safety analysis reports. For such applications, in many countries, but not all, conservative approaches and best estimate plus uncertainty methods may be used.

60 Application to the design of nuclear power plants
60 The design basis for items that are important to safety is required to be established and confirmed by means of a comprehensive safety assessment. The design basis comprises the design requirements for structures, systems and components that must be met for the safe operation of a nuclear power plant, and for preventing or mitigating the consequences of events that could jeopardise safety. For example, deterministic analyses are carried out to determine what pressure and temperature the components of the primary coolant system must be able to withstand. The design basis for items that are important to safety is required to be established and confirmed by means of a comprehensive safety assessment [3]. The design basis comprises the design requirements for structures, systems and components that must be met for the safe operation of a nuclear power plant, and for preventing or mitigating the consequences of events that could jeopardise safety. For example, deterministic analyses are carried out to determine what pressure and temperature the components of the primary coolant system must be able to withstand.

61 Application to the licensing of nuclear power plants
61 The use of deterministic safety analyses to develop the design, and to license a nuclear power plant, are closely related. The plant must be designed so that it complies with all the applicable regulations and standards and this must be demonstrated in safety analysis reports in order to obtain licenses to construct and operate the plant. The analyses that are presented in the safety analyses reports should represent the current state of the design and should be presented in a way that demonstrates to the regulatory body that its requirements have been met. The use of deterministic safety analyses to develop the design, and to license a nuclear power plant, are closely related. The plant must be designed so that it complies with all the applicable regulations and standards and this must be demonstrated in safety analysis reports in order to obtain licenses to construct and operate the plant. The analyses that are presented in the safety analyses reports should represent the current state of the design and should be presented in a way that demonstrates to the regulatory body that its requirements have been met.

62 Application to the assessment of safety analysis reports
62 The operating organisation shall ensure that an independent verification of the safety assessment is performed by individuals or groups separate from those carrying out the design, before the design is submitted to the regulatory body. Additional independent analyses of selected aspects may also be carried out by or on behalf of the regulatory body. The operating organisation shall ensure that an independent verification of the safety assessment is performed by individuals or groups separate from those carrying out the design, before the design is submitted to the regulatory body [3]. Additional independent analyses of selected aspects may also be carried out by or on behalf of the regulatory body.

63 Application in plant modifications
63 The modification of existing nuclear power plants is normally undertaken to counteract the ageing of the plant; to justify its continued operation; to take advantage of developments in technology; or to comply with changes to the applicable rules and regulations. The modification of existing nuclear power plants is normally undertaken to counteract the ageing of the plant, to justify its continued operation, to take advantage of developments in technology or to comply with changes to the applicable rules and regulations.

64 Application to the analysis of operational events
64 The analysis of actual events that have occurred on operating nuclear power plants are a very important way of establishing the extent to which the deterministic analysis that has been performed accurately represents the behaviour of the plant. Such analyses should form an integral part of the feedback from operational experience. The analysis of actual events that have occurred on operating nuclear power plants are a very important way of establishing the extent to which the deterministic analysis that has been performed accurately represents the behaviour of the plant. Such analyses should form an integral part of the feedback from operational experience.

65 Application to the development and validation of emergency operating procedures (EOPs)
65 Best estimate deterministic safety analyses should be performed to confirm the strategies that have been developed to restore normal operational conditions at the plant following transients due to anticipated operational occurrences and design basis accidents. These strategies are reflected in the emergency operating procedures that define the actions that should be taken during such events. After the emergency operating procedures have been developed, a validation analysis should be performed. This analysis is usually performed by using a qualified simulator. Best estimate deterministic safety analyses should be performed to confirm the strategies that have been developed to restore normal operational conditions at the plant following transients due to anticipated operational occurrences and design basis accidents. These strategies are reflected in the emergency operating procedures that define the actions that should be taken during such events. After the emergency operating procedures have been developed, a validation analysis should be performed. This analysis is usually performed by using a qualified simulator.

66 Application to the development of severe accidents management guidelines (SAMGs)
66 Deterministic safety analyses should also be performed to assist the development of the strategy that an operator should follow if the emergency operating procedures fail to prevent a severe accident from occurring. The analyses should be carried out by using one or more of the specialized computer codes that are available to model relevant physical phenomena. Deterministic safety analyses should also be performed to assist the development of the strategy that an operator should follow if the emergency operating procedures fail to prevent a severe accident from occurring. The analyses should be carried out by using one or more of the specialized computer codes that are available to model relevant physical phenomena.

67 Periodic safety reviews
67 New deterministic analyses may be required to refine previous safety analyses in the context of a periodic safety review to provide assurance that the original assessments and conclusions are still valid. In such analyses, account should be taken of any margins that may have become reduced and continue to be reduced owing to ageing over the period under consideration. Best estimate analyses together with an evaluation of the uncertainties may be appropriate to demonstrate that the remaining margins are adequate. New deterministic analyses may be required to refine previous safety analyses in the context of a periodic safety review to provide assurance that the original assessments and conclusions are still valid. In such analyses, account should be taken of any margins that may have become reduced and continue to be reduced owing to ageing over the period under consideration. Best estimate analyses together with an evaluation of the uncertainties may be appropriate to demonstrate that the remaining margins are adequate.

68 QUESTIONS 68 What is the main purpose of performing deterministic safety assessments? Who is responsible for the performance of deterministic safety assessments? What is the main goal of deterministic calculations? Name different NPP plant states! What is the difference between design basis accidents and design extension conditions. Name two broad categories of postulated initiating events (PIE)! Describe one possible grouping of PIE! What is the difference between basic and derived acceptance criteria for deterministic safety analyses? What is the main purpose of performing deterministic safety assessments? Who is responsible for the performance of deterministic safety assessments? What is the main goal of deterministic calculations? Name different NPP plant states! What is the difference between design basis accidents and design extension conditions. Name two broad categories of postulated initiating events (PIE)! Describe one possible grouping of PIE! What is the difference between basic and derived acceptance criteria for deterministic safety analyses?

69 QUESTIONS 69 Give an example of derived acceptance criteria for ECCS for LWR as defined in US NRC 10 CFR regulation! Which are different types of deterministic safety analysis? Describe them briefly! What is the safety (or licensing) margin? What is the difference between sensitivity and uncertainty analyses? What are epistemic and aleatory uncertainties? What is the concept of the use of single failure criteria with coincident loss of off-site power for determination of availability of safety systems. Name a few applications of deterministic safety analysis! Give an example of derived acceptance criteria for ECCS for LWR as defined in US NRC 10 CFR regulation! Which are different types of deterministic safety analysis? Describe them briefly! What is the safety (or licensing) margin? What is the difference between sensitivity and uncertainty analyses? What are epistemic and aleatory uncertainties? What is the concept of the use of single failure criteria with coincident loss of off-site power for determination of availability of safety systems. Name few applications of deterministic safety analysis Evaluation, Safety Report Series No. 52, Vienna (2008). The views expressed in this document do not necessarily reflect the views of the European Commission.

Download ppt "Version 1.0, May 2015 SHORT COURSE"

Similar presentations

Risk Management Introduction Risk Management Fundamentals

Risk Management Introduction Risk Management Fundamentals
Presented by: Muhammad Ayub Pakistan Nuclear Regulatory Authority Safety Enhancement at Nuclear Power Plants in Pakistan Prospects of Nuclear Energy in.

Presented by: Muhammad Ayub Pakistan Nuclear Regulatory Authority Safety Enhancement at Nuclear Power Plants in Pakistan Prospects of Nuclear Energy in.
Sensitivity Analysis In deterministic analysis, single fixed values (typically, mean values) of representative samples or strength parameters or slope.

Sensitivity Analysis In deterministic analysis, single fixed values (typically, mean values) of representative samples or strength parameters or slope.
“Regulatory Risk-Informed Activities and Supporting PRA Technical Acceptability” Presented to Nuclear Energy Standards Coordination Collaborative (NESCC)

“Regulatory Risk-Informed Activities and Supporting PRA Technical Acceptability” Presented to Nuclear Energy Standards Coordination Collaborative (NESCC)
RISK INFORMED APPROACHES FOR PLANT LIFE MANAGEMENT: REGULATORY AND INDUSTRY PERSPECTIVES Björn Wahlström.

RISK INFORMED APPROACHES FOR PLANT LIFE MANAGEMENT: REGULATORY AND INDUSTRY PERSPECTIVES Björn Wahlström.
ACADs (08-006) Covered Keywords Description Supporting Material Accident Analysis 2.1.1.12.1.1.22.1.1.32.1.1.42.1.1.52.1.1.62.1.1.72.1.1.8 2.1.1.9.

ACADs (08-006) Covered Keywords Description Supporting Material Accident Analysis
MODULE “PROJECT MANAGEMENT AND CONTROL” EMERGENCY PLANNING SAFE DECOMMISSIONING OF NUCLEAR POWER PLANTS Project BG/04/B/F/PP-166005, Programme “Leonardo.

MODULE “PROJECT MANAGEMENT AND CONTROL” EMERGENCY PLANNING SAFE DECOMMISSIONING OF NUCLEAR POWER PLANTS Project BG/04/B/F/PP , Programme “Leonardo.
May 22nd & 23rd 2007 Stockholm EUROTRANS: WP 1.5 Task 1.5.4 Containment Assessment IP-EUROTRANS DOMAIN 1 Design WP 1.5 Safety Assessment of the Transmutation.

May 22nd & 23rd 2007 Stockholm EUROTRANS: WP 1.5 Task Containment Assessment IP-EUROTRANS DOMAIN 1 Design WP 1.5 Safety Assessment of the Transmutation.
AREVA NP EUROTRANS WP1.5 Technical Meeting Task 1.5.1 – Safety approach Madrid, November 13-14 2007 Sophie EHSTER.

AREVA NP EUROTRANS WP1.5 Technical Meeting Task – Safety approach Madrid, November Sophie EHSTER.
6/23/2015 Risk-Informed Process and Tools for Permitting Hydrogen Fueling Stations Jeffrey LaChance 1, Andrei Tchouvelev 2, and Jim Ohi 3 1 Sandia National.

6/23/2015 Risk-Informed Process and Tools for Permitting Hydrogen Fueling Stations Jeffrey LaChance 1, Andrei Tchouvelev 2, and Jim Ohi 3 1 Sandia National.
Main Requirements on Different Stages of the Licensing Process for New Nuclear Facilities Module 4.7 Commissioning Geoff Vaughan University of Central.

Main Requirements on Different Stages of the Licensing Process for New Nuclear Facilities Module 4.7 Commissioning Geoff Vaughan University of Central.
PART IX: EMERGENCY EXPOSURE SITUATIONS Module IX.1: Generic requirements for emergency exposure situations Lesson IX.1-2: General Requirements Lecture.

PART IX: EMERGENCY EXPOSURE SITUATIONS Module IX.1: Generic requirements for emergency exposure situations Lesson IX.1-2: General Requirements Lecture.
Protection Against Occupational Exposure

Protection Against Occupational Exposure
IAEA International Atomic Energy Agency International Workshop on the Safe Disposal of Low Level Radioactive Waste WG3 debriefing.

IAEA International Atomic Energy Agency International Workshop on the Safe Disposal of Low Level Radioactive Waste WG3 debriefing.
Codex Guidelines for the Application of HACCP

Codex Guidelines for the Application of HACCP
IAEA ANSN RWMTG National Workshop: Application of IAEA Methodology and Tools for the Safety Case and Safety Assessment for Predisposal Management of Radioactive.

IAEA ANSN RWMTG National Workshop: Application of IAEA Methodology and Tools for the Safety Case and Safety Assessment for Predisposal Management of Radioactive.
Main Requirements on Different Stages of the Licensing Process for New Nuclear Facilities Module 4.5/1 Design Geoff Vaughan University of Central Lancashire,

Main Requirements on Different Stages of the Licensing Process for New Nuclear Facilities Module 4.5/1 Design Geoff Vaughan University of Central Lancashire,
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 9 Slide 1 Critical Systems Specification 1.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 9 Slide 1 Critical Systems Specification 1.
5-1 ANSYS, Inc. Proprietary © 2009 ANSYS, Inc. All rights reserved. May 28, 2009 Inventory #002670 Chapter 5 Six Sigma.

5-1 ANSYS, Inc. Proprietary © 2009 ANSYS, Inc. All rights reserved. May 28, 2009 Inventory # Chapter 5 Six Sigma.
EQE International The use of Fragility Analysis in Seismic Safety Cases for Nuclear Power Stations.

EQE International The use of Fragility Analysis in Seismic Safety Cases for Nuclear Power Stations.

Similar presentations

Ads by Google