Professional Documents
Culture Documents
Jiyun Zhao
Associate Professor
Dept. of Mechanical and Biomedical Engr.
City University of Hong Kong
1
Part I: Characteristics of Risk and Probabilistic
Risk Assessment (PRA)
2
Characteristics of Risk
Risk is defined as a feasible detrimental outcome of an
activity or action (e.g., launch or operation of a spacecraft)
subject to hazard(s). Risk is characterized by two
quantities:
4
Characteristics of Risk
As an example of typical societal risks, the United States
experienced roughly 15 million automobile accidents in 1971.
On the average, approximately 1 in 10 caused an injury and 1
in 300 resulted in a death. A population of 200 million persons,
thus, was subjected to the following automobile accident risks:
5
Characteristics of Risk
6
General Perception of Risks
While risks themselves may be somewhat readily calculated, human
attitudes toward risks are much more complex. A very rough correlation of
risk magnitude and relative attitude is provided in Table 14-4 for death by
involuntary society activities. The reference risk is that from death by
“natural causes” of about 10-2 per person year based on an average
lifetime of roughly 70 years.
7
General Perception of Risks
8
General Perception of Risks
9
Technological Risk Perception
10
Technological Risk Perception
11
Probabilistic Risk Assessment (PRA)
If the severity of the consequence(s) and their
likelihood of occurrence are both expressed
qualitatively (e.g., through words like high, medium,
or low), the risk assessment is called a qualitative
risk assessment.
13
Probabilistic Risk Assessment (PRA)
Probabilistic Risk Assessment usually answers three
basic questions:
1. What can go wrong with the studied
technological entity, or what are the initiators or
initiating events (undesirable starting events) that
lead to adverse consequence(s)?
2. What and how severe are the potential
detriments, or the adverse consequences that
the technological entity may be eventually
subjected to as a result of the occurrence of the
initiator?
3. How likely to occur are these undesirable
consequences, or what are their probabilities or
14
frequencies?
Event Trees
15
Fault Trees
16
Fault Trees
Data used with the fault trees included that for
component failures, human error, and testing and
maintenance time. The human error was found to
have a probability of up to 100 times greater than
that for component failure. The testing and
maintenance was included in recognition that the
related down-time is equivalent to system failure.
One hour off-line per week, for example, is
equivalent to a 6 x 10-3 /year non-availability or
failure rate.
17
What are the benefits of PRA?
Early forms of PRA had their origin in the aerospace industry
before and during the Apollo space program. Later on, other
industries (e.g., nuclear power industry, chemical industry),
US Government laboratories and US Government agencies
expanded PRA methods to higher levels of sophistication in
order to assess safety compliance and performance.
18
What are the benefits of PRA?
19
What are the benefits of PRA?
After completing the compulsory PRA efforts, however,
performing organizations usually discovered benefits beyond
mere compliance with regulation. These have included new
insights into and an in-depth understanding of:
• Design flaws and cost-effective ways to eliminate them in
design prior to construction and operation;
• Normal and abnormal operation of complex systems and
facilities even for the most experienced design and
operating personnel;
• Design flaws and hardware-related, operator-related and
institutional reasons impacting safety and optimal
performance at operating facilities and cost-effective ways
to implement upgrades;
• Approaches to reduce operation and maintenance costs
while meeting or exceeding safety requirements;
• Technical bases to request and receive exemptions from 20
unnecessarily conservative regulatory requirements.
Part II: The Reactor Safety Analysis: Deterministic
versus Probabilistic
21
Reactor Safety Analysis
22
Reactor Safety Analysis
Deterministic method uses postulated accidents and the
single failure criterion. Designers would assume that there was
an accident, such as a loss of coolant, and a single failure of
the single most important component to respond to the event,
such as the failure of a single safety injection pump. Nuclear
reactors were, and still are, designed such that given these
circumstances and conservative calculation methods, the core
will not melt, and no radiation would be released. After doing
this safety analysis to show that in a series of postulated
accidents and single failures there is no core melt, a reactor is
deemed safe enough.
24
The Single-Failure Criterion
• Fluid and electric systems are considered to be
designed against an assumed single failure if
neither (1) a single failure of any active
component (assuming passive components
function properly) nor (2) a single failure of a
passive component (assuming active components
function properly), results in a loss of the
capability of the system to perform its safety
functions.
• The intent is to achieve high reliability (probability
of success) without quantifying it.
• Looking for the worst possible single failure leads
to better system understanding. 25
Probabilistic Risk Assessment (PRA)
26
Occupational and Total Annual Fatality Risks
28
Probabilistic Safety Analysis (PSA)
29
The Pre-PRA Era (prior to 1975)
• Management of (unquantified at the time) uncertainty was
always a concern.
• Defense-in-depth and safety margins became embedded in
the regulations.
• “Defense-in-Depth is an element of the NRC’s safety
philosophy that employs successive compensatory
measures to prevent accidents or mitigate damage if a
malfunction, accident, or naturally caused event occurs at
a nuclear facility.” [Commission’s White Paper, February,
1999]
• Design Basis Accidents are postulated accidents that a
nuclear facility must be designed and built to withstand
without loss to the systems, structures, and components
necessary to assure public health and safety.
30
Historical Risk Studies
• Farmer’s Paper (1967)
He considered the public acceptability of risk, (e.g. from nuclear reactors),
arguing that a whole spectrum of events needs to be considered - not just
the Maximum Credible Accident, but also those of less consequence but
which were much more probable.
• Reactor Safety Study:WASH-1400 (1975)
• Risk Assessment Review Group Report (1979)
• German Risk Study (1979)
• Zion (near Chicago) and Indian Point (NEAR NYC) PRAs
(1981)
• NUREG-1150 (1990)
NUREG-1150 ("Severe Accident Risks: An Assessment for Five U.S.
Nuclear Power Plants", published December 1990 by the Nuclear
Regulatory Commission [NRC])
• Individual Plant Examinations
31
The Reactor Safety Study: WASH-1400
33
Probabilistic Risk Assessment (PRA)
The end states of most interest for nuclear reactors are core
damage and radiation release.
35
Level 2 PRA
36
Level 3 PRA
37
PRA Model Overview
38
Transition of a Risk Assessment
39
Core damage frequency
40
Large early release frequency
Large early release frequency (LERF) is defined
as the frequency of those accidents leading to
significant, unmitigated releases from containment
in a time frame prior to effective evacuation of the
close-in population such that there is the potential
for early health effects. Such accidents generally
include unscrubbed releases associated with early
containment failure shortly after vessel breach,
containment bypass events, and loss of
containment isolation.
41
Probabilistic Risk Assessment (PRA)
Using the results of the PRA and the event and fault tree
logic, the safety systems most important to safety can be
found. The measures most typically used are Fussell-Vesely
(FV) and Risk Achievement Worth (RAW). FV basically
measures how often failure of a system is expected to be a
contributor to risk. RAW measures how much higher the risk
would be if a system was removed from the design. These
importance measures are used to rank the risk importance of
systems.
43
Probabilistic Risk Assessment (PRA)
44
Risk-Informed Framework
45
Part III: The Reactor Safety Study: WASH-1400
46
The Reactor Safety Study: WASH-1400
47
The Reactor Safety Study: WASH-1400
48
The Reactor Safety Study: WASH-1400
49
The Reactor Safety Study: WASH-1400
50
Release Magnitudes
The magnitude of the fission-product release from the reactor
containment building varies among the accident scenarios.
The quantity of each species entering the general
environment depends on:
• its prerelease inventory,
• the transport of species from the core to the containment,
• and the mode by which the containment is breached
51
Consequence Modeling
52
Major findings of WASH-1400
53
Reactor Accident Risk
54
Reactor Accident Risk
55
Reactor Accident Risk
56
Reactor Accident Risk
57
Reactor Accident Risk
58
At Power Level 1 Results
59
At Power Level 1 Results
60
At Power Level 2 Results
61
Shutdown
62
Shutdown PRA Issues
63
64
NUREG-1150 and WASH-1400 CDF for Peach Bottom
65