The Application of Resilience Learning to

UK Spent Fuel Management Facilities
Phil Hallington
IAEA Vienna, 19-22 March 2012
IAEA-CN-209-025
Scope
• Overview of Sellafield
• Nuclear Safety Principles
• Resilience Evaluation Process [RESEP]
• Peer Review
• Building the Programme
• Sellafield Considerations
• Conclusions
Sellafield Context
• 7 shutdown reactors
• 2 Reprocessing plants
• Waste Management
• High hazard legacy facilities
• Product Storage
• Supporting Infrastructure
• Low temperature, low pressure processes
• Very large inventory of radioactive material
• Relatively low rates of change to loss of cooling
• Aging facilities and infrastructure
Nuclear Safety Principles
• Maintaining containment
• Maintaining cooling
• Maintaining control of reactivity
• Maintaining control of chemistry
30-60-90 Day Plan
Resilience Architecture
Goals for RESEP
• Provides a structured approach for the whole site
• Allows for progression of events from single plant to
whole site
• Searches for ‘cliff-edge’ effects
• Develops timelines for critical safety functions (CSF)
• Addresses infrastructure requirements on and off-site
• Identifies opportunities for resilience enhancement
• Provides a key focus for damage control teams
Cliff Edge Identification
Dynamics of Mitigation
Timeline - Conceptual
I
n
i
t
i
a
t
i
n
g
E
v
e
n
t
Time
Current Backups
Alternative Backups
Mitigating Actions
Current Backups
Alternative Backups Current Backups
Event A
Event B
Event C
72 Hrs
1 week
Severe
Accident
Analysis
Severe
Accident
Management
Strategies
Safety Case
Boundary
Real
Cliff Edge
RESEP Process Diagram
Decomm
RESEP 1
SFM
RESEP 1
WEDD
RESEP 1
Electricity
RESEP1a
Cooling
RESEP1a
SECC
Comms
F&RS
RESEP2.1
Site and External
Utilities/Resources
RESEP 2
Ìnfrastructure
Demand
Ìndividual Plant Resilience
U
t
i
l
i
t
y
R
e
s
i
l
i
e
n
c
e
RESEP2.1
RESEP2.1
Pu OU
RESEP 1
RESEP Workshops
The key characteristics of a successful workshop are:
• Strong representation from plant operators who know the plant
and are likely to be confronted with securely challenging
situations
• Support from a knowledgeable technical team who have
prepared thoroughly
• An open and questioning environment which is respectful of all
contributions
• Methodical capture of all key observations.
Building the Programme
PHASE 1 SITE RESILIENCE
PHASE 2 SITE RESILIENCE
DEFINED SCOPE
EMERGING
SCOPE Respond to
ONR Interim
Report
Develop and
Implement
RESEP
Process
Respond to
WANO SOER
2011-2
Complete
ENSREG
‘Stress Tests’
and report
Develop Wider
Resilience
Architecture
Accelerated
delivery of
SAA/SAMS
Implement
RESEP
Improvements
Respond to
WANO SOER
2011-3
Respond to
Further LFE
from Japan
Respond to
additional
ONR Report(s)
ALARP
consideration
of outputs
Initiate Studies
into identified
problems


Key topics for
peer review
Summary of Key Programme Outcomes
• A resilience architecture which will provide an appropriate level of robustness in
terms of responses, maintainability and capability to successfully manage
significant challenges to the business
• Maximum learning is taken from events in Japan and effectively applied across
our operations (including effective communication with industry colleagues)
• Consequence led and risk informed analysis defining appropriate mitigating
actions and countermeasures which will arrest the progression of fault
sequences
• Investment in equipment and resources is justified against the severity of
consequences that are effectively mitigated
• A realistic view is taken of common cause effects and potential ‘domino’
situations that may arise
• Effective engagement of plants and supporting functions is essential to the
success of these activities,
• Wider public confidence in the Nuclear Industry and matters of safety is secured
Decision Making Process
• Decision making process for considerations
• Auditable, proven and accepted by key stakeholders
• Including strong element of peer review
• Focuses effort where greatest benefit can be derived
• Flexible to late changes in understanding
• Leads to an accepted resilience improvement index
– Implementation
• Actions to be delivered locally, by plants
• Progress to be monitored centrally, by programme
Draft Principles
• Draft Principles for Site Resilience
– Following an incident, as far as possible, facilities should
be self-reliant for a suitable period (typically 24 hours).
They should also have the local capability to get the plant
into control and then into a quiescent state, without
external support.
– Similarly, Site should be self-reliant for a longer period,
without external support, typically at least 7 days
– Favouring simple, robust solutions providing value.
Conclusions
• Faced with translating reactor-based stress tests onto a complex suite of
nuclear chemical reprocessing plants, Sellafield Limited and its specialist
suppliers have developed an effective and systematic method of assessing
resilience.
• This method (RESEP) has focussed on the plants within the greatest potential
consequences and has provided successful new insights into many facilities
beyond their Design Basis.
• The process has identified a range of considerations and actions which will
make a genuine and sustainable improvement in resilience.
• To be success RESEP needs
– Thorough preparation
– Knowledgeable inputs
– An open environment where questioning is welcomed
• Close engagement with Regulators and industry colleagues has been important
to success
• We at Sellafield are committed to sustaining this approach to enhance
resilience and wide incorporate this approach into our long-term periodic review
of safety cases (LTPR) which is a cornerstone of the licensing system.