In constructing a facility as complex as a nuclear power plant, engineers must comply with a number of stringent regulations aimed at limiting the risks inherent in this type of installation, primarily the possible release of radioactivity. These regulations are applied throughout the lifetime of the facility, i.e. from the design and construction stages to the operating phases and final decommissioning. They embody the principal concern of all those involved with the plant, from construction engineers to operators or regulators: nuclear safety.
Nuclear safety has three objectives, namely to:
Pursuing these objectives enables those concerned to achieve the overall goal of nuclear safety, namely to protect man and his environment by limiting the release, under any circumstances, of the radioactive materials that the facility contains; in other words, ensuring the containment of radioactive materials.
Nuclear safety management uses two basic strategies to prevent releases of radioactive materials, notably in the event of an incident:
This analytical procedure has been widely used throughout the world in the design of nuclear reactors for the purpose of generating electricity. It attempts to ensure that the various situations, and in particular accidents, that are considered to be plausible, have been taken into account, and that the monitoring systems and engineered safety and safeguard systems will be capable of ensuring the containment of radioactive materials.
The deterministic approach is based on the two principles referred to earlier: leaktight barriers and the concept of defence-in-depth. Defence-in-depth consists of taking into account potential equipment failures and human errors, so that suitable preventive measures may be applied, and of making provisions for the installation of successive devices to counter such failures and limit their consequences. It consists of several successive stages (or levels), hence the term "defence-in-depth":
Some countries make provision for a fourth level of safety consisting of what are known as ultimate measures, designed to provide protection against severe conditions under which defences at the three levels described above prove inadequate.
Nuclear facilities are designed so that the risks associated with their operation are within acceptable limits for both the public and the environment. There is no precise definition, however, of what constitutes an "acceptable risk"; it is basically a subjective notion. In its simplest form, risk denotes the level of uncertainty associated with an individual's given action. The acceptance of risk is generally governed by the degree to which it is considered to be relatively improbable and of limited consequence.
In a nuclear facility, as in any industrial plant, risk assessment distinguishes between the potential hazards that might be encountered in the absence of any protective measures, and the residual risks that will still remain despite the measures taken. The problem lies in assessing the latter, since there is no way of ensuring that they have been completely eliminated.
The concept of event probability and its associated consequences was rapidly incorporated into safety analysis procedures, by taking account of the fact that the probability of an accident must be inversely proportional to the severity of the potential consequences for the public and the environment. This approach may be represented schematically in a probability/consequence diagram (known as a "Farmer curve"), which sets out acceptable and prohibited domains (Figure 3).
The question that the analyst asks himself when performing a risk assessment is which accident conditions should he take into consideration and to what level of probability should he pursue his analysis. As the use of probabilistic risk analysis became more widespread, the safety authorities asked design engineers to introduce appropriate measures whenever such analyses indicated that the probability of an event occurring that might potentially have unacceptable consequences for the public and the environment was sufficiently high.
Thus for example, some safety authorities stipulated that the overall probability that a nuclear reactor would be the source of an accident with unacceptable consequences must remain less than 10-6 a year. But what does this figure actually mean? It means that the theoretical probability of an event occurring amounts to once in a million years, which is equivalent to the chances of winning a lottery in which there are 1 million tickets.
PROBABILISTIC SAFETY ASSESSMENT (PSA)
The deterministic approach to the design of nuclear reactors was rapidly supplemented by the development of probabilistic studies, referred to more commonly as PSAs.
Historically, these assessments were originally developed in order to calculate the probability of external events such as an aircraft falling onto a given target. PSA techniques were subsequently used to develop scenarios for hypothetical accidents that might result in severe core damage, and to estimate the frequency of such accidents. The first study of this kind carried out in the United States was published in 1975 (Rasmussen report) and provided the first assessment of the potential risk of core damage for two power reactors.
The accident in 1979 at the Three Mile Island plant generated renewed interest in this type of study. One of the recommendations made after the accident was that probabilistic analysis techniques should be used to supplement conventional safety assessment procedures for nuclear power plants, and that probabilistic objectives should be developed in order to facilitate the determination of acceptable safety levels for nuclear facilities.
A large number of generic and plant-specific PSA studies (over one hundred to date) have been carried out or are currently in progress in those OECD countries currently operating nuclear plants. These studies are of interest not only in determining the absolute value of the risk of damage to the reactor core, but also for the information they can provide about the various components of this risk and their relative weighting.
Lastly, the accident at Chernobyl in 1986 revealed the potential consequences of failure to manage nuclear power plant safety, and lent greater urgency to the need to develop PSA applications in the areas of safety management and accident prevention.
PSAs can be used to calculate the probability of damage to the core as a result of sequences of accidents identified by the study.
With the development of this type of analyses, PSAs can now also be used to assess the size of radioactive releases from the reactor building in the event of an accident, as well as the impact of such releases on the public and the environment. These studies are referred to as level 2 and level 3 PSAs respectively (level 1 corresponding to the assessment of the risk of a core damage). Level 2 analyses have been performed, or are planned, in most NEA countries in view of their importance in determining accident management strategies and identifying potential design weaknesses in reactor containment buildings. Level 3 analyses are used for emergency planning.
The results of these analyses can therefore identify not only the weaknesses but also the strengths with regard to the plant's safety, and thus assist in setting priorities and focusing efforts on the points identified as the most sensitive in terms of the contribution they can make to improving the safety of facilities. Indeed, it is this type of assessment that is most commonly carried out, given that its use as an "analytical tool" was rapidly recognised as its most important aspect.
A PSA is an analysis that is used during both the design and the operating stages of a nuclear plant to identify and to analyse every possible situation and sequence of events that might result in severe core damage.
A typical PSA involves:
A PSA generally comprises:
Just as the deterministic approach has its limitations, so too does probabilistic assessments. These are due to the fact that the results of a PSA invariably contain uncertainties arising from three main sources:
In view of these uncertainties, the assumptions on which PSAs are based are designed to ensure sufficient safety margins. It is worth noting that the uncertainties are not intrinsic to PSAs, but may generally be attributed to lack of detailed knowledge. Indeed, one of the benefits of conducting PSAs is that they can identify areas about which we need to learn more.
Despite these uncertainties, the assessment of both the strengths and the weaknesses of the safety features can clearly suggest ways of improving both the design and operation of nuclear facilities. Probabilistic safety analysis has thus become an important supplement to deterministic analysis in checking the safety level of a facility and improving it by identifying design weaknesses. In addition to assessing the safety of a plant at a given point in its lifetime, such applications have also demonstrated the usefulness of PSAs in other areas and a certain number of programmes are already being developed which hint at future applications.
The development of probabilistic analysis has resulted not only in an increase in the number of assessments carried out, but also and more importantly in expansion of their scope of application. A study published in 1989 by the OECD Nuclear Energy Agency entitled Probabilistic Safety Assessment in Nuclear Power Plant Management demonstrated the benefits afforded by PSA in the management of safety in nuclear power plants. The conclusions set out in the study were based in particular on the example of one utility that considered the use of PSA to be an integral part of the daily activities of its organisation. The experts who drafted this report considered that the use of PSA as an instrument of safety management in nuclear power plants offers immediate benefits to those who implement PSA techniques in the design and operation of their plants, and for all those endeavouring to enhance the safety of nuclear power plants. According to the authors, the implementation of PSA will reduce the frequencies of severe incidents and accidents and will thus be of benefit to the nuclear industry as a whole.
A new report published by the Nuclear Energy Agency and entitled Living Probabilistic Safety Assessment for Nuclear Power Plant Management describes recent developments in the use of PSA. Recent applications of PSA techniques have demonstrated their unique ability to assess alternative configurations or engineering modifications that could be made to existing facilities. It has thus become apparent that PSA techniques could be successfully used in the assessment and management of safety-related operations and of the engineering modifications routinely made to nuclear power plant systems. In order to keep track of such modifications, however, they have to be incorporated in a procedure for regularly updating the PSA model in order to ensure that the latter accurately reflects the current configuration of the facility.
This process constitutes the "living" PSA programme, whose basic element is a well-structured, well-documented, reviewed, highly detailed and specific study of the plant. To ensure that this study remains "living", it is periodically updated to reflect all relevant plant changes, thereby monitoring the safety level of the plant over time.
While a PSA provides a safety profile of a plant at a given time, a "living" PSA programme monitors and influences changes in this safety profile as a function of time. This ability to monitor the impact of design and procedural changes on the safety profile of the plant, and to influence changes that improve safety, makes a "living" PSA programme a powerful tool with which to support decisions that affect plant safety and to foster understanding between the utility and the safety authorities.
After a period of cautiousness, the performance of PSAs has started to become more widespread and many applications are pending or have already been developed. Further development, however, will require a better understanding of the current limitations of PSA techniques notably the significant uncertainties that still remain. Countries that are actively implementing PSAs are currently endeavouring to reduce these uncertainties by improving their models and the reliability of their input data. These limitations should not necessarily curb the use of PSAs, provided that adequate allowance is made for them in the safety assessment.
If PSAs continue to be used by operators, constructors and safety authorities to assess the design of their installations, then we can safely predict that their use as an instrument of plant management will increase substantially for the daily management of nuclear power plants under both normal and accident conditions. It is in this respect that PSAs meet the overall objective of nuclear safety and thereby constitute an indispensable tool for assessment and dialogue between the various actors responsible for the safety of nuclear installations.