Nuclear Power Plant Safety

1
Boss: Dilbert, You have been chosen to design the world’s safest nuclear
power plant.

Dilbert: This is the great assignment that any engineer could hope for.
I'm flattered by the trust you have in me.

Boss: By “safe” I mean “not near my house.” 

(By Scott Adams)

2
 Hazard

A very large inventory of radioactive fission products (Gci/tU), some

with long half life (> years)

3
 Overarching Objective of Nuclear Safety
Protect staff, public and environment

Prevent uncontrolled release of radioactivity from plant

Implementation
• Heat removal
• Defense-in-depth
 Physical barriers
 Design, construction and operation
4
 Heat Removal

• 98% of all fission products are retained in the fuel pellet unless the
fuel melts

• It is important to keep the fuel “cool” under all modes of normal

operation:

1) Power mode (steady-state)

2) Shutdown mode (turbine not available)
3) Refueling mode

5
 Defense-in-Depth (physical barriers)
• There exist multiple physical barriers between the source of
radioactivity (the fission products) and the environment/public.

• The most important barriers are:

1) Fuel pellet
2) Cladding
3) Reactor coolant system
4) Containment

6
 Defense-in-Depth
(Design, Construction, and Operation)

• The concept of defense-in-depth extends to nuclear plant design,

construction and operation.
• Emphasis is on prevention, protection and mitigation

(1) Prevention. Minimize causes of failures/accidents before they occur:

• Design reactor with inherent safety features (e.g. negative moderator, coolant
and fuel reactivity coefficients) and margins to failure (e.g. MDNBR>1.3)
• Use of chemically compatible materials
• Thorough training of operators + conservative operation

7
 Cont’d…..Defense-in-Depth (Design, Construction, and Operation)

(2) Protection. Reactor protection system:

• Monitors plant conditions (e.g. measures temperature, pressure, flow, power,
radiation levels)
• Recognizes precursors to transients/accidents
• Actuates scram and safety systems

(3) Mitigation. When accidents do occur, mitigate consequences using:

• Engineered safety systems
• Emergency planning/evacuation

• Defense-in-depth (DID) is generally structured in five levels

8
 Cont’d…..Defense-in-Depth (Design, Construction, and Operation)

Levels of Objectives Essential Means

DID
Level 1 Prevention of abnormal operation Conservative design and high quality in
and failures construction and operation

Level 2 Control of abnormal operation and Control, limiting and protection

detection of failures systems and other surveillance
features

Level 3 Control of accidents within the Engineered safety features and

design basis accident procedures

Level 4 Control of severe plant conditions, Complementary measures and

including prevention of accident accident management
progression and mitigation of the
consequences of severe accidents

Level 5 Mitigation of radiological Off-site emergency response

consequences of significant releases
of radioactive materials
9
Cont’d…..Defense-in-Depth (Design, Construction, and Operation)

Relation between physical barriers and levels of protection in depth. 10

 Grouping Of Initiating Events By Frequency Of Occurrence
Probability of Frequency Terminology Variations in Adequate
occurrence (1/reactor characteristics used terminology acceptance
year) criteria
10-2 - 1 (expected in the Expected Anticipated Anticipated Transients, No additional fuel
life of the plant) Operational Transients, Frequent damage
Occurrences Faults, Incidents of
Moderate Frequency,
Upset Conditions,
Abnormal Conditions
10-4 - 10-2 (chance Possible Design Basis Infrequent Incidents, No radiological
greater than 1% over Accidents Infrequent Faults, Limiting impact at all or no
the life of the plant) Faults, Emergency radiological impact
Conditions outside exclusion
area
10-6 - 10-4 (chance Unlikely Beyond Design Faulted Conditions Radiological
lower than 1% over the Basis Accidents consequences
life of the plant) outside exclusion
area within limits
<10-6 (very unlikely to Remote Severe Accidents Faulted Conditions Emergency
occur) response required