Professional Documents
Culture Documents
net/publication/251925601
CITATIONS READS
0 1,118
1 author:
Manorma Kumar
Lloyd’s Register Group Limited
26 PUBLICATIONS 13 CITATIONS
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Manorma Kumar on 14 July 2017.
Manorma
INREC10-1
Proceedings of the 1st International Nuclear and Renewable Energy Conference (INREC10), Amman, Jordan, March 21-24, 2010
conditions. There are mainly two essential logical possibilities [1] • Using RiskSpectrum the final frequency/ probability of
those are representing by AND and OR gate symbols. The OR the top events can be calculated by putting values of
gate symbol is used to model series system and the total each component’s failure and its time interval, if any.
probability of failure can be calculated by addition (+) of
probability of failure of all components in series causing top To develop a fault tree, main consequences of the fault have
event. The AND gate symbol is representing the redundant to be consider as a top, then by moving backwards to fault tree
component of the system those are parallel to each other. The analyst can find out the basic root causes of the fault. The basic
total probability of failure can be calculated by multiplying (x) root causes are divided into various logical gates like AND, OR,
the probability of failure of each component. The reliability of exclusive OR, voted and some other basic events and gates. Some
system can be calculated by subtracting one from the probability basic logic gates and event gates are described below with their
of failure of the system i.e. reliability refers to a success criterion symbols.
[1]. The common cause failure (CCF) occurs when two or more
redundant system are ANDed together. CCF often dominates the Fault tree basic events and symbols [1,2]:
unreliability of redundant system [1]. The ‘Beta’ factor is used
while assessing redundant system, which assumes that a fixed 1. – Circle - Basic Event- this is mainly primary fault
proportion (Beta) of the failures arise from a common cause [1]. event of the top event. They may be a lot of basic events
A good number of software tools are available commercially for in fault tree; it depends on the nature of the fault and its
safety risk assessments of assessing radiation doses from a consequences.
nuclear power plant onsite as well as offsite release. Next section
deals with one of the most popular software “RiskSpectrum” and 2. - Diamond - undeveloped event- an event is not
how its can be use to develop the fault tree analysis. An example developed further either because it is of insufficient
with a problem of sodium spill in Sodium Cooled Fast Reactor is consequence or because information is unavailable and
used for better description and analysis. event needs further investigation.
• This can be used to find out event trees and minimal 9. - Inhibit (Hexagonal) – output fault occurs if
cut-sets of the faults. one input fault occurs in the presence of an enabling
condition (the enabling condition is presented by a
• This software can be used to define the boundaries of conditioning event to the right of the gate).
the fault or the system such that looking only the
relevant system and ignoring the other unnecessary 10. – Transfer in – indicates that the tree is developed
components. further at the occurrence of the corresponding transfer
out (on another page).
INREC10-2
Proceedings of the 1st International Nuclear and Renewable Energy Conference (INREC10), Amman, Jordan, March 21-24, 2010
5. AN ILLUSTRATED EXAMPLE
11. - Transfer out – indicates that this portion of the
tree must be attached to the corresponding transfer in. An example for excessive radiation risk to general public/operator
has been used to illustrate the RiskSpectrum and fault tree
12. Voted gate or k/n gate- with this some voted gates are analysis. The risk assessment by developing fault tree has been
used in fault tree analysis like mooN system in which assessed on sodium coolant system of fast reactor. The main
‘m’ events need to be occur in total ‘N ’ events. problem with sodium is its highly chemical reactivity nature with
air and water. Even if, sodium leaks from primary or the
4. SODIUM COOLED FAST REACTOR secondary circuit [4], then chemical reaction will lead to sodium
fires by the subsequent common cause failure (CCF) of redundant
Fast reactors (Generation IV reactor) are basically a fast neutron systems. The whole system is very vulnerable for any leakage; if
reactor configured to produce more fissile material than it water enters in sodium circuit then the consequences would be
consumes, using fertile material such as depleted uranium [3]. very dangerous and would result into massive explosion due to
Uranium-238 (U-238) is used as a fuel in fast reactors, during release of radioactivity. With this any sodium spill can cause a
chemical reaction in reactor; U-238 is converted into another large sodium fire and would lead to a major accident. A major
element ‘Plutonium’ by absorbing an extra neutron. U-238 is accident occurred in December 1995, in the Japanese fast breeder
99.3% of the natural Uranium; however U-235 is only 0.7% of the reactor plant Monju, when 700 kg of molten sodium leaked from
natural Uranium. The half life of the U– 238 nuclide is about 4.47 the secondary circuit [5].
billion years [3]. The term fast is used because neutrons are un- A risk assessment has been done and the fault tree has been
moderated; hence the chemical reaction is very fast. Due of this constructed by using RiskSpectrum software to demonstrate a
reason high conductivity coolant like liquid sodium has been used general sodium spill in sodium fast reactor nuclear power plant.
to remove the high heat inside the reactor core. Figure 1, shows The various cause of the fault has been described by the basic
the schematic of the Sodium Cooled Fast Reactor (SFR) and flow events and gates of the fault tree. The Figure 2, shows the project
of sodium in primary as well as secondary loop [3]. window of the RiskSpectrum software. On left hand side a lot of
options have been shown like fault tree, event tree, common cause
failure (CCF) and parameters etc. User can use them as per their
requirement, for example if user is interested to check any
parameter or want to create any fault tree or event tree then they
can use this software. This is quite handy and easy to use these
options to create the fault tree.
On the left hand side, if user will select fault tree then a fault
tree box will come on the right hand side of project window as
shown by Figure 2. Then user can create any fault tree ID and can
write its description in one line.
Source:
http://www.ne.doe.gov/genIV/documents/gen_iv_roadmap.pdf
INREC10-3
Proceedings of the 1st International Nuclear and Renewable Energy Conference (INREC10), Amman, Jordan, March 21-24, 2010
INREC10-4
Proceedings of the 1st International Nuclear and Renewable Energy Conference (INREC10), Amman, Jordan, March 21-24, 2010
Figure 5: Fault tree result with parameter values Figure 6: Minimal cut-sets results
Figure 7: Minimal cut-set (MCS) contribution graph Figure 8: RiskSpectrum result window
INREC10-5
Proceedings of the 1st International Nuclear and Renewable Energy Conference (INREC10), Amman, Jordan, March 21-24, 2010
6. RESULTS 8. CONCULSION
The final results of RiskSpectrum software have been A complete model for safety and reliability study of a man
demonstrated by the Figure 5 to 8. Once the fault tree has been machine system has been developed using RiskSpectrum
created and the appropriate data entered into the fault tree software. It is basically a logic gates, basic events and gates
reliability models i.e. basic events, fault tree analysis can be representation of the system risk response. A variety of
done for results. To find out the result from the software first we component gates are readily available in the RiskSpectrum
have to save and run the fault tree first, for this user need to libraries and also in other compatible toolboxes such as
press ‘F12’ and then ‘F11’ taps of the keyboard. The analysis PROFAT, ISOGRAPH etc. Thus a RiskSpectrum fault tree
case calculates the top event frequency and generates the model is not only best suited for an analytical study of a typical
minimal cut-sets for inspection [7]. The top event of Figure 4 is nuclear power plant system, but also can be incorporating the
showing the final frequency/result of the fault tree. The fault tree state of the art tools for a detailed study and parameter
basic event and all parameter value used during analysis have optimization. A RiskSpectrum model is very user friendly, with
been explained in Figure 5. Figure 6, is showing the dominant tremendous interactive capacity and unlimited hierarchical
cut-set with its percentage in fault occurrence and its frequency. model structures for probabilistic safety analysis of the nuclear
Figure 7 represents the Minimal Cut-set (MCS) contribution power plants and the defence industries etc. The user can easily
graph generated by the software; this graph is showing the main select or modify all gates, its probabilities with the help of an
contributor to the top frequency of the fault tree. With this, appropriate menu from within RiskSpectrum. Any parameter
Figure 8 is showing the main result window of the fault tree within any gate or subsystem of the model can be easily
analysis. modified through simple RiskSpectrum commands to suit the
By using view results in project window, the final results changes in the original reliability network due to fault or
of the fault tree can be shown in Table 1. The final frequency of corrective action.
the fault is 5.001 x 10-7, which is low and can be tolerable at
‘risk carrot’ scale. The results can be compared on ‘ALARP’ ACKNOWLEDGEMENT
and ‘Risk Carrot Model’ to find out the radiation dose for the
operator and general public which is explained in next section. The author acknowledges the special thanks to Atkins Ltd.,
Energy, UK for use of RiskSpectrum software for this work.
7. ‘ALARP’ and ‘RISK CRITERIA CARROT’
REFERENCES
ALARP is related to “as low as reasonably practicable”
radiation risk associated with nuclear operator/general public [1] Dr. D. J. Smith, “Reliability, Maintainability and Risk,”
and risk carrot model is divided the risk on associated people in Butterworth Heinemann, 2001.
three different areas which depends on the level of risk and [2] “RiskSpectrum User’s Manual version 2.1” Relcon Teknik
radiation dose of the personnel. As per risk carrot model of AB, Sweden, April 1994.
Health and Safety Executive (HSE) [6], a value lower than 10-4 [3] “IET Nuclear Factfiles Series ”, provided by The
and 10-3 is not acceptable for general public and worker Institution of Engineering and Technology (IET),
respectively. The final results in this analysis for the small spill www.theiet.org/factflies.
of sodium coolant from sodium cooled fast reactor nuclear [4] http://www.gen-4.org
power plant can be tolerated and as per results find out from [5] “Nuclear Reactor Hazards – Ongoing Dangers of Operating
fault tree analysis the final frequency is lower than the targets Nuclear Technology in the 21st Century”, Report Prepared
set by the HSE. However, this depends on the discretionary for GREENPEACE International, April 2005.
behaviour of the system and the basic event values can be [6] Health and Safety Executive (HSE), “Reducing Risks,
increased by including more factors and failure rates of Protecting Peoples”, ISBN 0-7176-2151-0, 2001, UK.
components as per system complexity.
INREC10-6