See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/251925601

RiskSpectrum: Emerging software for Nuclear Power Industry

Article · March 2010

DOI: 10.1109/INREC.2010.5462562

CITATIONS READS
0 1,118

1 author:

Manorma Kumar
Lloyd’s Register Group Limited
26 PUBLICATIONS   13 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

ASAMPSA_E View project

European Spallation Source (ESS) View project

All content following this page was uploaded by Manorma Kumar on 14 July 2017.

The user has requested enhancement of the downloaded file.

Proceedings of the 1st International Nuclear and Renewable Energy Conference (INREC10), Amman, Jordan, March 21-24, 2010

RiskSpectrum: EMERGING SOFTWARE FOR NUCLEAR POWER

INDUSTRY

Manorma

Atkins Ltd., Energy

Trent House, RTC Business Park, London Road
Derby, DE24 8UP, UK
manorma.manorma@atkinsglobal.com

Heriot Watt University

Safety, Risk and Reliability Engineering
Edinburgh, Scotland, EH14 4AS, UK
mm442@hw.ac.uk

results might be undesirable. However, Power generation by

ABSTRACT
RiskSpectrum is advanced software by Relcon Scandpower AB,
which is increasingly being used to develop the fault tree and the
event tree to find out the reliability of system in various parts of
Nuclear Power Plant. In this paper, the feature and scope of
RiskSpectrum is demonstrated with a fault tree example of
Sodium Cooled Fast Reactor used in Nuclear Power Generation
Industry. A self sufficient model with software results has been
given with full details, which can work as a basic structure for an
advanced and detail studies.
1. INTRODUCTION
The safety is the most challenging area of all risk associated
industries. If the safety is related to the nuclear power plant then
the challenges increase, due to high level risk of radiation release
to the operators as well as the general public. Hence, it is very
desirable to choose a safe and reliable system to eliminate the
adverse effects of any emergent conditions. A secure environment
can be created by applying the safety principles and trying to find
out the factors/methods, which can improve the safety and
reliability of the system. The safety and reliability is very vast area
to dig out the questions of the safety and trying to find out a
reliable world. Nowadays, world is slightly moving towards the
nuclear energy and renewable energy for electricity generation.
These sources are very cost effective and efficient as compared to
the conventional sources (e.g. coal, oil and gas etc) for power
generation. These conventional sources are main contributor of
carbon emission and pollution which is very harmful for present
as well as next generations. However, human beings have to find
out the alternate solutions for the power generation. Renewable
energy is natural source of power in which energy can be
generated from Wind farms, Solar panels, Geothermal, Tidal and
Biomass etc and these sources are much safer than Nuclear energy
because they are green i.e. natural. However, the renewable
energy is totally depending upon the nature, which is very difficult
to predict the total power generation (MW) for future use. If there
are large fluctuations of power demand from consumer side then
Nuclear Power Plant is very cost effective e.g. a same capacity
nuclear plant can produce approximately 3.7 million more energy
than the same rated conventional power plant. With this, nuclear
plant is the most cost effective way of power generation.
This paper is mainly concerned with the nuclear safety and
will analyze a nuclear plant problem by using fault tree analysis.
The nuclear plant is producing much more power/energy than
conventional sources power plants, but giving high level risk of
radiation and safety in bonus. With this, Nuclear energy also has
its opposite face that always remains behind the screen, which is
related to destruction by the nuclear weapon. This is similar to that
if we are using any dangerous thing to develop the world then we
also have to take care of all of its aspects mainly safety. Nuclear
safety is main issue for the nuclear power plant operators. If
nuclear is safe then there will be no problem of power generation
and electricity consumption; hence, generation problem of the
world may be solve out by operating more number of nuclear
power plants.
To keep the safety on priority, the various software tools are
used to calculate the reliability of the nuclear power plant. These
tools are really helpful to find out the weakest area of nuclear
plant and then nuclear experts representing solutions for that
problem. To assess the radiation dose from a hazardous situation
safety assessments have been done by the nuclear safety
engineers. Also, these safety assessments have been done to get
the nuclear power plant operating license from the Nuclear
Installation Inspectorate (NII) to operate the nuclear power plants.
Probabilistic safety assessments are very crucial to get the
operating licenses of the nuclear power plants.
2. THE FAULT TREE
System failure can be defined by the combination of basic events
which are causing fault. A graphical representation method
known as the fault tree is used to describe these failure or basic
events [1]. The fault tree analysis is based on the evaluation of an
undesired state or event, called the top event or top gate [2]. Top
event is then sub divided into the various basic events and
intermediate gates to find out the state of the system in fault

INREC10-1
Proceedings of the 1st International Nuclear and Renewable Energy Conference (INREC10), Amman, Jordan, March 21-24, 2010
conditions. There are mainly two essential logical possibilities [1]
those are representing by AND and OR gate symbols. The OR
gate symbol is used to model series system and the total
probability of failure can be calculated by addition (+) of
probability of failure of all components in series causing top
event. The AND gate symbol is representing the redundant
component of the system those are parallel to each other. The
total probability of failure can be calculated by multiplying (x)
the probability of failure of each component. The reliability of
system can be calculated by subtracting one from the probability
of failure of the system i.e. reliability refers to a success criterion
[1]. The common cause failure (CCF) occurs when two or more
redundant system are ANDed together. CCF often dominates the
unreliability of redundant system [1]. The ‘Beta’ factor is used
while assessing redundant system, which assumes that a fixed
proportion (Beta) of the failures arise from a common cause [1].
A good number of software tools are available commercially for
safety risk assessments of assessing radiation doses from a
nuclear power plant onsite as well as offsite release. Next section
deals with one of the most popular software “RiskSpectrum” and
how its can be use to develop the fault tree analysis. An example
with a problem of sodium spill in Sodium Cooled Fast Reactor is
used for better description and analysis.
3. THE RiskSpectrum SOFTWARE
The RiskSpectrum is the one of the most popular software tools
used for the probabilistic safety assessments of the nuclear power
plant. In this paper, the use of RiskSpectrum software is explained
in detail to calculate the reliability of the system with a simple
example of safety concern in the nuclear power plant.
RiskSpectrum is basically a computer based program that is
used in probabilistic safety assessments and for fault tree
development for nuclear power plant. With this, it is also used in
Marine, Submarines, Aerospace and Defence applications to find
out the reliability of the overall system. This software basically
evaluates risk by using fault tree, event tree and the overall system
dominant factors can be seen by cut sets. After knowing the
dominant cut sets, an attempt is made to decrease its values such
that final frequency of the effect by using protective or
preventative measures and methods. The main advantages of this
software are as under:
• This software is very helpful in probabilistic safety
assessment those are main requirement for the nuclear
power plant’s operation.
• This is a powerful tool to analyse risk in the nuclear
power generation design, operation as well as
decommissioning states.
• This can be used to find out event trees and minimal
cut-sets of the faults.
• This software can be used to define the boundaries of
the fault or the system such that looking only the
relevant system and ignoring the other unnecessary
components.
INREC10-2
• Using RiskSpectrum the final frequency/ probability of
the top events can be calculated by putting values of
each component’s failure and its time interval, if any.
To develop a fault tree, main consequences of the fault have
to be consider as a top, then by moving backwards to fault tree
analyst can find out the basic root causes of the fault. The basic
root causes are divided into various logical gates like AND, OR,
exclusive OR, voted and some other basic events and gates. Some
basic logic gates and event gates are described below with their
symbols.
Fault tree basic events and symbols [1,2]:
1. – Circle - Basic Event- this is mainly primary fault
event of the top event. They may be a lot of basic events
in fault tree; it depends on the nature of the fault and its
consequences.
2. - Diamond - undeveloped event- an event is not
developed further either because it is of insufficient
consequence or because information is unavailable and
event needs further investigation.
3. - House - external event- This event is not a fault
event, it is normally occurring event and its probability
of occurring may be 1 or 0.
4. - Rectangular - intermediate event- a fault event that
occurs because of one or more subordinate causes acting
through logic gates.
5. - AND- logic gate representing all inputs to occur
for fault occurrence. This is related to the multiplication
of all the basic events under AND gate.
6. - OR- logic gate representing at least one of the
inputs to occur for fault occurrence. This is related to
the addition of all the basic events under OR gate.
7. - XOR- exclusive OR gate- in this logic gate
output occurs if only one of the input faults occurs.
8. - Priority AND- output occurs if all of the input
faults occur in a specific sequence (the sequence is
represented by a conditioning event drawn to the right
of the gate).
9. - Inhibit (Hexagonal) – output fault occurs if
one input fault occurs in the presence of an enabling
condition (the enabling condition is presented by a
conditioning event to the right of the gate).
10. – Transfer in – indicates that the tree is developed
further at the occurrence of the corresponding transfer
out (on another page).
Proceedings of the 1st International Nuclear and Renewable Energy Conference (INREC10), Amman, Jordan, March 21-24, 2010
11. - Transfer out – indicates that this portion of the
tree must be attached to the corresponding transfer in.
12. Voted gate or k/n gate- with this some voted gates are
used in fault tree analysis like mooN system in which
‘m’ events need to be occur in total ‘N ’ events.
4. SODIUM COOLED FAST REACTOR
Fast reactors (Generation IV reactor) are basically a fast neutron
reactor configured to produce more fissile material than it
consumes, using fertile material such as depleted uranium [3].
Uranium-238 (U-238) is used as a fuel in fast reactors, during
chemical reaction in reactor; U-238 is converted into another
element ‘Plutonium’ by absorbing an extra neutron. U-238 is
99.3% of the natural Uranium; however U-235 is only 0.7% of the
natural Uranium. The half life of the U– 238 nuclide is about 4.47
billion years [3]. The term fast is used because neutrons are un-
moderated; hence the chemical reaction is very fast. Due of this
reason high conductivity coolant like liquid sodium has been used
to remove the high heat inside the reactor core. Figure 1, shows
the schematic of the Sodium Cooled Fast Reactor (SFR) and flow
of sodium in primary as well as secondary loop [3].
Source:
http://www.ne.doe.gov/genIV/documents/gen_iv_roadmap.pdf
Figure1: Schematic of Sodium Cooled Fast Reactor
Currently, fast reactors are not commercially accepted
because they are much more expensive than the other “thermal
reactors [3]”, hence they are still in limited use. However, they
have potential to increase the energy available from a given
quantity of Uranium by a factor of 50 or more, as a result they
have capacity to utilise the existing natural Uranium stock [3].
The SFR is dedicated to actinide management, and also the
production of electricity and heat if enhanced economics for the
system can be realized. The SFR is an attractive energy source for
nations that desire to make the best use of limited nuclear fuel
resources and manage nuclear waste by closing the fuel cycle [4].
INREC10-3
5. AN ILLUSTRATED EXAMPLE
An example for excessive radiation risk to general public/operator
has been used to illustrate the RiskSpectrum and fault tree
analysis. The risk assessment by developing fault tree has been
assessed on sodium coolant system of fast reactor. The main
problem with sodium is its highly chemical reactivity nature with
air and water. Even if, sodium leaks from primary or the
secondary circuit [4], then chemical reaction will lead to sodium
fires by the subsequent common cause failure (CCF) of redundant
systems. The whole system is very vulnerable for any leakage; if
water enters in sodium circuit then the consequences would be
very dangerous and would result into massive explosion due to
release of radioactivity. With this any sodium spill can cause a
large sodium fire and would lead to a major accident. A major
accident occurred in December 1995, in the Japanese fast breeder
reactor plant Monju, when 700 kg of molten sodium leaked from
the secondary circuit [5].
A risk assessment has been done and the fault tree has been
constructed by using RiskSpectrum software to demonstrate a
general sodium spill in sodium fast reactor nuclear power plant.
The various cause of the fault has been described by the basic
events and gates of the fault tree. The Figure 2, shows the project
window of the RiskSpectrum software. On left hand side a lot of
options have been shown like fault tree, event tree, common cause
failure (CCF) and parameters etc. User can use them as per their
requirement, for example if user is interested to check any
parameter or want to create any fault tree or event tree then they
can use this software. This is quite handy and easy to use these
options to create the fault tree.
On the left hand side, if user will select fault tree then a fault
tree box will come on the right hand side of project window as
shown by Figure 2. Then user can create any fault tree ID and can
write its description in one line.
Figure2: RiskSpectrum project parameter window
By clicking on the fault tree ID, user will move to fault tree
window from project parameter window then they can create their
fault tree according to situations. User can use and select any gate
from the top list of the fault tree window as shown in Figure 3. A
fault tree has been constructed and shown in Figure 3 using
Proceedings of the 1st International Nuclear and Renewable Energy Conference (INREC10), Amman, Jordan, March 21-24, 2010

RiskSpectrum software. However, Figure 4 is showing the pdf

print of the complete fault tree.
In Figure 4, the top event is ‘Radiation risk to the public due
to sodium coolant release’ has been created. This is the final state
of the all consequences and basic events/gates. All factors have
been shown and described in detail in the fault tree. The fault tree
can be divided into different fault tree pages by using a transfer
gate, hence user can create as many as sub-fault tree in one fault
tree window by using transfer gate, however, these should be the
part of the top gate. The component failure rate can be decided as
per failure rate assessment and human error probability (HEP) can
be calculated by human factor assessments.
User can implement these values in their fault tree model to
get the final frequency of the top event. Many undeveloped basic
events (diamond shape) like ‘Fire protection system fails high’,
‘Adequate Oxygen- Further investigation required’, ‘Spill area
overflow’ and ‘Sodium Ignition Temperature reaches 250F’ have
probability of one in this assessment.

Figure 3: RiskSpectrum fault tree window

Figure 4: Complete fault tree of sodium coolant

small spill

INREC10-4
Proceedings of the 1st International Nuclear and Renewable Energy Conference (INREC10), Amman, Jordan, March 21-24, 2010

Figure 5: Fault tree result with parameter values Figure 6: Minimal cut-sets results

Figure 7: Minimal cut-set (MCS) contribution graph Figure 8: RiskSpectrum result window

INREC10-5
Proceedings of the 1st International Nuclear and Renewable Energy Conference (INREC10), Amman, Jordan, March 21-24, 2010

ID Description Calc. type Mean

Nuclear Power Excessive risk to General Public F 5.00E-07
Top event frequency F = 5.001E-07
No Freq. % Event 1 Event 2 Event 3 Event 4 Event 5 Event 6
1 5.000E-07 99.99 (BARRIER) ADEQUATE ADVERSE AREA CCF EMERGENCY
OXYGEN CONDITIONS OVERFLOW
2 5.000E-11 0.01 (BARRIER) ADEQUATE ADVERSE AREA COMPONENT EMERGENCY
OXYGEN CONDITIONS OVERFLOW FAILURE
3 5.000E-12 0.00 (BARRIER) ADEQUATE ADVERSE AREA EMERGENCY FIRE
OXYGEN CONDITIONS OVERFLOW SYSTEM
Table 1: Final results generated from fault tree analysis using RiskSpectrum

6. RESULTS 8. CONCULSION

The final results of RiskSpectrum software have been
demonstrated by the Figure 5 to 8. Once the fault tree has been
created and the appropriate data entered into the fault tree
reliability models i.e. basic events, fault tree analysis can be
done for results. To find out the result from the software first we
have to save and run the fault tree first, for this user need to
press ‘F12’ and then ‘F11’ taps of the keyboard. The analysis
case calculates the top event frequency and generates the
minimal cut-sets for inspection [7]. The top event of Figure 4 is
showing the final frequency/result of the fault tree. The fault tree
basic event and all parameter value used during analysis have
been explained in Figure 5. Figure 6, is showing the dominant
cut-set with its percentage in fault occurrence and its frequency.
Figure 7 represents the Minimal Cut-set (MCS) contribution
graph generated by the software; this graph is showing the main
contributor to the top frequency of the fault tree. With this,
Figure 8 is showing the main result window of the fault tree
analysis.
By using view results in project window, the final results
of the fault tree can be shown in Table 1. The final frequency of
the fault is 5.001 x 10-7, which is low and can be tolerable at
‘risk carrot’ scale. The results can be compared on ‘ALARP’
and ‘Risk Carrot Model’ to find out the radiation dose for the
operator and general public which is explained in next section.
7. ‘ALARP’ and ‘RISK CRITERIA CARROT’
ALARP is related to “as low as reasonably practicable”
radiation risk associated with nuclear operator/general public
and risk carrot model is divided the risk on associated people in
three different areas which depends on the level of risk and
radiation dose of the personnel. As per risk carrot model of
Health and Safety Executive (HSE) [6], a value lower than 10-4
and 10-3 is not acceptable for general public and worker
respectively. The final results in this analysis for the small spill
of sodium coolant from sodium cooled fast reactor nuclear
power plant can be tolerated and as per results find out from
fault tree analysis the final frequency is lower than the targets
set by the HSE. However, this depends on the discretionary
behaviour of the system and the basic event values can be
increased by including more factors and failure rates of
components as per system complexity.
A complete model for safety and reliability study of a man
machine system has been developed using RiskSpectrum
software. It is basically a logic gates, basic events and gates
representation of the system risk response. A variety of
component gates are readily available in the RiskSpectrum
libraries and also in other compatible toolboxes such as
PROFAT, ISOGRAPH etc. Thus a RiskSpectrum fault tree
model is not only best suited for an analytical study of a typical
nuclear power plant system, but also can be incorporating the
state of the art tools for a detailed study and parameter
optimization. A RiskSpectrum model is very user friendly, with
tremendous interactive capacity and unlimited hierarchical
model structures for probabilistic safety analysis of the nuclear
power plants and the defence industries etc. The user can easily
select or modify all gates, its probabilities with the help of an
appropriate menu from within RiskSpectrum. Any parameter
within any gate or subsystem of the model can be easily
modified through simple RiskSpectrum commands to suit the
changes in the original reliability network due to fault or
corrective action.
ACKNOWLEDGEMENT
The author acknowledges the special thanks to Atkins Ltd.,
Energy, UK for use of RiskSpectrum software for this work.
REFERENCES
[1] Dr. D. J. Smith, “Reliability, Maintainability and Risk,”
Butterworth Heinemann, 2001.
[2] “RiskSpectrum User’s Manual version 2.1” Relcon Teknik
AB, Sweden, April 1994.
[3] “IET Nuclear Factfiles Series ”, provided by The
Institution of Engineering and Technology (IET),
www.theiet.org/factflies.
[4] http://www.gen-4.org
[5] “Nuclear Reactor Hazards – Ongoing Dangers of Operating
Nuclear Technology in the 21st Century”, Report Prepared
for GREENPEACE International, April 2005.
[6] Health and Safety Executive (HSE), “Reducing Risks,
Protecting Peoples”, ISBN 0-7176-2151-0, 2001, UK.

INREC10-6

View publication stats