Professional Documents
Culture Documents
Abstract
The Nuclear Regulatory Commission (NRC) published the Maintenance Rule on July 10, 1991 with an implementation date of July 10,
1996 [1]. Maintenance rule implementation at the Duke Power Company has used probabilistic safety assessment (PSA) insights to help
focus the monitoring of structures, systems and components (SSC) performance and to ensure that maintenance is effectively performed.
This paper describes how the probabilistic risk assessment (PRA)1 group at the Duke Power Company provides support for the maintenance
rule by performing the following tasks: (1) providing a member of the expert panel; (2) determining the risk-signicant SSCs; (3) establishing
SSC performance criteria for availability and reliability; (4) evaluating past performance and its impact on core damage risk as part of the
periodic assessment; (5) providing input to the PRA matrix; (6) providing risk analyses of combinations of SSCs out of service; (7) providing
support for the SENTINEL program; and (8) providing support for PSA training. These tasks are not simply tied to the initial implementation
of the rule. The maintenance rule must be kept consistent with the current design and operation of the plant. This will require that the PRA
models and the many PSA calculations performed to support the maintenance rule are kept up-to-date. Therefore, support of the maintenance
rule will be one of the primary roles of the PSA group for the remainder of the life of the plant. q 1999 Elsevier Science Ltd. All rights reserved
Keywords: Maintenance rule; On-line maintenance; PRA matrix; Performance criteria; Probabilistic safety assessment; Expert panel
1. Introduction
The Nuclear Regulatory Commission (NRC) published
the Maintenance Rule on July 10, 1991, as 10 CFR Part
50.65, Requirements for Monitoring the Effectiveness of
Maintenance at Nuclear Power Plants, with an implementation date of July 10, 1996 [1]. The maintenance rule was
issued to address NRCs concern that maintenance was not
being performed accurately and consistently on structures,
systems and components (SSCs) important to plant safety.
However, the scope of the rule transcends maintenance
issues to prescribe an overall management program for
plant systems important to plant safety. Maintenance rule
implementation at the Duke Power Company has used probabilistic safety assessment (PSA) insights to help focus
monitoring of SSC performance and to ensure that maintenance is performed effectively. PSA is used to determine the
maintenance rule `risk-signicant SSCs' and to establish
performance criteria. It is also used to evaluate the balance
* Corresponding author
1
`PSA' generally denotes the assessment of accident frequencies, e.g.
core damage frequency (CDF), and not the quantication of accident consequences e.g. health effects, while PRA includes the quantication of
consequences.
0951-8320/99/$ - see front matter q 1999 Elsevier Science Ltd. All rights reserved
PI:I S0 95 1 -8 3 20 ( 98 ) 00 0 39 - 8
244
H.D. Brewer, K.S. Canady/Reliability Engineering and System Safety 63 (1999) 243249
The maintenance rule requires each holder of an operating license to monitor the effectiveness of maintenance at
their nuclear power plant. NUMARC 93-01, `Industry
Guideline for Monitoring the Effectiveness of Maintenance
at Nuclear Power Plants', provides the implementation
guidelines for the maintenance rule [1]. One of the tasks
required by NUMARC 93-01 is the development of a list
of the risk-signicant SSCs. This support task uses the PRA
to develop a list of risk-signicant SSCs and their risksignicant functions. The list is used as one input to an
expert panel that has nal responsibility to develop the list
of risk-signicant SSCs and functions for implementing the
maintenance rule.
The plant PRA model is used to list and rank the basic
events by their importance measures. The following criteria
for determining risk-signicant SSCs are described in
NUMARC 93-01 [1]:
The RRW is the ratio of the baseline risk level to the risk
level with the contributor probability set to zero. The RRW
is thus a measure of the signicance of a particular system
failure. The risk achievement worth (RAW) is the ratio of
risk level with the contributor probability set to one, over the
baseline risk level. The RAW is thus a measure of the risk
impact of a system being down. The risk level used for the
RRW and RAW is the core damage frequency (CDF). The
`cutsets' are the minimal cutsets which are the unique combination of an initiating event and component failure which
causes a core damage event.
To determine the risk-signicant SSCs, Duke Power has
chosen to use all three importance measures, i.e. CDF cutsets, RAW and RRW, to determine which PRA basic events
should be considered for risk-signicance [2]. Any basic
event e.g. a component failure, that is above any one of
the NUMARC 93-01 criteria is considered potentially
H.D. Brewer, K.S. Canady/Reliability Engineering and System Safety 63 (1999) 243249
The following process is used to determine which PRAbased availability performance criteria group is appropriate
for each maintenance rule risk-signicant SSC.
1. The RAW value is determined for each risk-signicant
SSC function. Basic events such as human errors and
common cause events may be excluded since they do
not represent equipment out of service. The basic event
and corresponding SSC function are placed in one of the
following RAW categories:
Very high RAW much greater than 5
High RAW $ 5
Medium 2 # RAW , 5
Low RAW , 2
2. Once the category for each risk signicant system function is determined, a sensitivity study is performed to
determine the potential total impact of unavailability
on risk. For each risk-signicant SSC, a basic event is
determined that will represent that SSCs unavailability.
The availability used for each performance criteria group
is as follows:
Very high $ 99.8% availability
High $ 98% availability
Medium $ 96% availability
Low $ 94% availability
For example, a two-train, high category SSC would have
to have both trains with at least 98% availability to have
an acceptable performance. SSCs that are within the
scope of the maintenance rule but are not considered
`risk-signicant' do not have specic availability
criteria.
3. The basic events representing the SSC unavailability
are then put into the PRA model to determine the
impact on risk. The risk impact is then evaluated against
the criteria provided in the Electric Power ResearchInstitute (EPRI) `PSA applications guide' [3]. An
additional sensitivity study is performed assuming half
the allowed unavailability. Since planned unavailability
is limited to one-half of the maintenance rule value,
this represents the expected impact of unavailability on
risk.
The results of the above process are used to demonstrate that the maintenance rule performance criteria
chosen are commensurate with the safety signicance of
the SSC.
4.2. System reliability
Reliability performance criteria are established for all
risk-signicant SSCs. Reliability of a SSC function is the
measure of the ability to perform its intended maintenance
rule function upon demand from the standby mode or to
continue to provide the function while in operating mode.
245
No MPFFs per
18 months
No more than
1 MPFF per
18 months
No more than
2 MPFFs per
18 months
No more than
2 MPFFs per
18 months
No more than
4 MPFFs per
18 months
The MPFF criteria are established to identify when maintenance improvements are needed to improve the reliability
of the SSC. The numerical values selected are based on
information contained in EPRI Technical Bulletin 96-1101, `Monitoring Reliability for the Maintenance Rule' [4].
Generally, the intent is to recognize that an eighteen month
period is inadequate to statistically determine the reliability
of an SSC and that even an adequately performing SSC will
occasionally experience one or two failures as random
events. No attempt has been made by Duke Power to
show the PRA impact of all maintenance rule SSCs having
the maximum allowed number of failures in a single cycle.
Instead, Duke Power has committed to perform a cyclespecic PRA update as part of the periodic assessment.
The calculation for unavailability performance criteria
also forms the basis for the reliability grouping of
2
246
H.D. Brewer, K.S. Canady/Reliability Engineering and System Safety 63 (1999) 243249
maintenance rule SSCs. In some special cases the maintenance rule coordinator may request system or component-specic reliability performance criteria that are
different from the criteria indicated by the grouping method.
These are performed on a case-by-case basis.
5. Evaluating past performance and its impact on core
damage risk as part of the periodic assessment
Part A(3) of the maintenance rule requires that a periodic
assessment of the effectiveness of the maintenance rule
program be performed [1]. As part of the maintenance
rule periodic assessment, the risk impact of actual SSC
unavailability and functional failures over the assessment
period are evaluated using the plant PRA models and appropriate statistical analysis methods [2]. This PRA assessment
considers:
The system and component reliability impact of functional failures experienced by maintenance rule SSCs
that are modeled in the plant PRA.
The recorded unavailability of the risk-signicant systems over the assessment period.
H.D. Brewer, K.S. Canady/Reliability Engineering and System Safety 63 (1999) 243249
Table 1
Increase in CDF (per hour)
7
5 3 10 1 3 10
1 3 10 7 1 3 10
1 3 10 8 1 3 10
1 3 10 9 1 3 10
,1 3 10 10
7
8
9
10
to 12 h
to 60 h
to 600 h
to 6000 h
particular limit
1) (BRAW
1) (CRAW
1)
247
have very little interaction with each other and it does not
matter whether they are taken out together or separately.
The total risk impact will be the same. However, if the
RAW for the combination of the two SSCs is greater than
would be obtained through addition, then there must be
some risk multiplying effect of having both out at the
same time. These intersections are identied as a risk
signicant combination that should be avoided.
6. Providing risk analyses of combinations of SSCS out
of service
From time to time, plant personnel may wish to perform
maintenance on combinations of equipment that are not
allowed by the PRA matrix. They may contact the PRA
group for an evaluation of the actual risk impact of the
proposed maintenance. To evaluate the impact, the PRA
engineer will do the following:
To better understand the interaction, the PRA engineer
will rst review the matrix interaction basis and system/
equipment functions list. The engineer will also ask questions to determine if there are any other factors to consider.
For example, in evaluating an interaction associated with
two sources of emergency power, the engineer should consider whether the other sources of emergency power are
available as well as the potential for severe weather that
would increase the likelihood of needing emergency
power during the time of the proposed maintenance. The
engineer should have a questioning attitude, so that no
pertinent data is overlooked.
The assessment will consider the three components of
risk:
248
H.D. Brewer, K.S. Canady/Reliability Engineering and System Safety 63 (1999) 243249
H.D. Brewer, K.S. Canady/Reliability Engineering and System Safety 63 (1999) 243249
249
9. Conclusion
Maintenance rule implementation at the Duke Power
Company has used PSA insights to help focus the monitoring of SSC performance and to ensure that maintenance is
effectively performed. As changes are made to the plant, the
maintenance rule must be kept consistent with the current
design and operation of the plant. This requires that the PRA
models and the many PSA calculations performed to support the maintenance rule must also be kept up-to-date [6].
Therefore, support of the maintenance rule will be one of the
primary roles of the PSA group for the remainder of the life
of the plant.
References
[1] NUMARC 93-01, Industry guideline for monitoring the effectiveness
of maintenance at nuclear power plants NUMARC, May 1993.
[2] Engineering Directives Manual 210, Requirements for monitoring the
effectiveness of maintenance at nuclear power plants or the Maintenance Rule.
[3] Electric Power Research Institute (EPRI) Technical Report-105396,
PSA applications guide, EPRI, August, 1995.
[4] Electric Power Research Institute (EPRI) Technical Bulletin 96-1101, Monitoring reliability for the Maintenance Rule EPRI, November
1996.
[5] Duke Power Company Work Process Manual, Procedure 607; Maintenance Rule assessment of equipment removed from service.
[6] Duke Power Company Procedure XSAA-106, Workplace procedure
for assessment of station `living PRA' validity.