Embed Size (px)
Citation preview
IAEA-TECDOC-1511
Determining the quality ofprobabilistic safety assessment
(PSA) for applications innuclear power plants
July 2006
IAEA SAFETY RELATED PUBLICATIONS
IAEA SAFETY STANDARDS
Under the terms of Article III of its Statute, the IAEA is authorized to establish or adopt standards of safety for protection of health and minimization of danger to life and property, and to provide for the application of these standards.
The publications by means of which the IAEA establishes standards are issued in the IAEA Safety Standards Series. This series covers nuclear safety, radiation safety, transport safety and waste safety, and also general safety (i.e. all these areas of safety). The publication categories in the series are Safety Fundamentals, Safety Requirementsand Safety Guides.
Safety standards are coded according to their coverage: nuclear safety (NS), radiation safety (RS), transport safety (TS), waste safety (WS) and general safety (GS).
Information on the IAEA’s safety standards programme is available at the IAEA Internet site
http://www-ns.iaea.org/standards/
The site provides the texts in English of published and draft safety standards. The texts of safety standards issued in Arabic, Chinese, French, Russian and Spanish, the IAEA Safety Glossary and a status report for safety standards under development are also available. For further information, please contact the IAEA at P.O. Box 100, A-1400 Vienna, Austria.
All users of IAEA safety standards are invited to inform the IAEA of experience in their use (e.g. as a basis for national regulations, for safety reviews and for training courses) for the purpose of ensuring that they continue to meet users’ needs. Information may be provided via the IAEA Internet site or by post, as above, or by e-mail to [email protected].
OTHER SAFETY RELATED PUBLICATIONS
The IAEA provides for the application of the standards and, under the terms of Articles III and VIII.C of its Statute, makes available and fosters the exchange of information relating to peaceful nuclear activities and serves as an intermediary among its Member States for this purpose.
Reports on safety and protection in nuclear activities are issued in other publications series, in particular the Safety Reports Series. Safety Reports provide practical examples and detailed methods that can be used in support of the safety standards. Other IAEA series of safety related publications are the Provision for the Application of Safety Standards Series, the Radiological Assessment Reports Series and the International Nuclear Safety Group’s INSAG Series. The IAEA also issues reports on radiological accidents and other special publications.
Safety related publications are also issued in the Technical Reports Series, the IAEA-TECDOC Series, the Training Course Series and the IAEA Services Series, and as Practical Radiation Safety Manuals and Practical Radiation Technical Manuals.Security related publications are issued in the IAEA Nuclear Security Series.
IAEA-TECDOC-1511
Determining the quality ofprobabilistic safety assessment
(PSA) for applications innuclear power plants
July 2006
The originating Section of this publication in the IAEA was:
Safety Assessment Section International Atomic Energy Agency
Wagramer Strasse 5 P.O. Box 100
A-1400 Vienna, Austria
DETERMINING THE QUALITY OF PROBABILISTIC SAFETY ASSESSMENT (PSA) FOR APPLICATIONS IN NUCLEAR POWER PLANTS
IAEA, VIENNA, 2006 IAEA-TECDOC-1511 ISBN 92–0–108706–3
ISSN 1011–4289 © IAEA, 2006
Printed by the IAEA in Austria July 2006
FOREWORD Probabilistic safety assessment (PSA) of nuclear power plants (NPPs) complements
the traditional deterministic analysis and is widely recognized as a comprehensive, structured approach to identifying accident scenarios and deriving numerical estimates of risks dealing with NPP operation and associated plant vulnerabilities. Increasingly, during the last years, PSA has been broadly applied to support numerous applications and risk-informed decisions on various operational and regulatory matters. The expanded use of PSA in the risk-informed decision making process requires that PSA possess certain features to ensure its technical consistency and quality.
This publication is aimed to further promote the use and application of PSA
techniques in Member States. The publication provides a comprehensive list of PSA applications and describes what technical features (termed ‘attributes’) of a PSA should be satisfied to reliably support the PSA applications of interest. A consideration has been also given to the basic set of attributes characterizing a ‘base case PSA’ that is performed with the purpose of assessing the overall plant safety.
This publication can support PSA practitioners in appropriate planning of a PSA
project taking into account possible uses of the PSA in the future. The publication can be also used by reviewers as an aid in assessing the quality of PSAs and judging the adequacy of a PSA for particular applications. In addition, it is also foreseen to use the publication to support the independent peer reviews conducted by the IAEA in the framework of the International Probabilistic Safety Assessment Review Team (IPSART) safety service.
The IAEA acknowledges the work of all of the participating experts and wishes to
thank them for their valuable contribution to this publication. The IAEA would like to especially thank K. Fleming of Karl N. Fleming Consulting Services (USA), R. Gubler of Ingburo Dr. Reinhard Gubler (Switzerland), P. Hellstrom of Relcon (Sweden), A. Lyubarskiy of SEC NRS (Russian Federation), G. Parry of the US NRC (USA), and G. Schoen and R. Schultz of HSK (Switzerland), for the active support and effective contribution to the IAEA project on development of this TECDOC.
The IAEA officer responsible for the preparation of this publication was I. Kouzmina
of the Division of Nuclear Installation Safety.
EDITORIAL NOTE
The use of particular designations of countries or territories does not imply any judgement by the publisher, the IAEA, as to the legal status of such countries or territories, of their authorities and institutions or of the delimitation of their boundaries.
The mention of names of specific companies or products (whether or not indicated as registered) does not imply any intention to infringe proprietary rights, nor should it be construed as an endorsement or recommendation on the part of the IAEA.
CONTENTS
1. INTRODUCTION.................................................................................................................. 1 1.1. Background ................................................................................................................... 1 1.2. Objectives of the report................................................................................................. 2 1.3. Quality of a PSA for an application.............................................................................. 3 1.4. Scope of the report ........................................................................................................ 5 1.5. Structure of the report ................................................................................................... 6 1.6. Applicability ................................................................................................................. 6
1.6.1. Applicability for reactors other than vessel type LWRs .................................... 6 1.6.2. Applicability for NPPs in different stages of the plant’s lifetime...................... 7
2. OVERVIEW OF PSA APPLICATIONS............................................................................... 9 2.1. PSA application categorization..................................................................................... 9 2.2. PSA results and metrics used in decision making ........................................................ 9
3. PROCEDURE TO ACHIEVE QUALITY IN PSA APPLICATIONS ............................... 12 3.1. PSA elements and attributes ....................................................................................... 12 3.2. Coding scheme for attributes identifiers ..................................................................... 13 3.3. Connection to IAEA PSA guidelines.......................................................................... 14 3.4. The procedure for use of the TECDOC ...................................................................... 14
4. PSA ELEMENT ‘IE’: INITIATING EVENTS ANALYSIS .............................................. 17 4.1. Main objectives ........................................................................................................... 17 4.2. Initiating events analysis tasks and their attributes..................................................... 18
5. PSA ELEMENT ‘AS’: ACCIDENT SEQUENCE ANALYSIS ......................................... 35 5.1. Main objectives ........................................................................................................... 35 5.2. Accident sequence analysis tasks and their attributes................................................. 35
6. PSA ELEMENT ‘SC’: SUCCESS CRITERIA FORMULATION AND SUPPORTING ANALYSIS................................................................................................ 44
6.1. Main objectives ........................................................................................................... 44 6.2. Success criteria formulation and supporting analysis tasks and their attributes ......... 44
7. PSA ELEMENT ‘SY’: SYSTEMS ANALYSIS ................................................................. 52 7.1 Main objectives ........................................................................................................... 52 7.2. Systems analysis tasks and their attributes ................................................................. 52
8. PSA ELEMENT ‘HR’: HUMAN RELIABILITY ANALYSIS.......................................... 66 8.1. Main objectives ........................................................................................................... 66 8.2. Human reliability analysis tasks and their attributes .................................................. 66
9. PSA ELEMENT ‘DA’: DATA ANALYSIS ....................................................................... 81 9.1. Main objectives ........................................................................................................... 81 9.2. Data analysis tasks and their attributes ....................................................................... 81
10. PSA ELEMENT ‘DF’: DEPENDENT FAILURES ANALYSIS...................................... 95 10.1. Main objectives ........................................................................................................... 95 10.2. Dependent failure analysis tasks and their attributes .................................................. 96
11. PSA ELEMENT ‘MQ’: MODEL INTEGRATION AND CDF QUANTIFICATION... 105 11.1. Main objectives ......................................................................................................... 105 11.2. Model integration and CDF quantification tasks and their attributes ....................... 105
12. PSA ELEMENT ‘RI’: RESULTS ANALYSIS AND INTERPRETATION .................. 112 12.1. Main objectives ......................................................................................................... 112 12.2. Results analysis and interpretation tasks and their attributes.................................... 112
13. DETERMINATION OF SPECIAL ATTRIBUTES FOR PSA APPLICATIONS ......... 117
14. CONCLUSIONS.............................................................................................................. 135
APPENDIX I: RISK METRIC DEFINITIONS..................................................................... 137
APPENDIX II: PSA APPLICATIONS.................................................................................. 143
APPENDIX III: MAPPING THE PSA ELEMENTS TO THE PSA TASKS ADDRESSED IN THE IAEA PSA GUIDELINES........................................................... 161
REFERENCES....................................................................................................................... 163
ABBREVIATIONS................................................................................................................ 165
CONTRIBUTORS TO DRAFTING AND REVIEW ........................................................... 169
1. INTRODUCTION 1.1. Background
To date, probabilistic safety assessments (PSAs) have been performed for the vast
majority of nuclear power plants (NPPs) worldwide and are under various stages of development for most of the remaining NPPs. PSA provides a comprehensive, structured approach to identifying accident scenarios and deriving numerical estimates of risks. In addition to the traditional deterministic analysis, it is a powerful tool for identification of significant accident sequences1 and associated plant vulnerabilities dealing with the design and operation of the plant. General guidance on performance and independent verification of the safety assessments for NPPs, both deterministic and probabilistic, is provided in the IAEA Safety Standards, e.g. in Ref. [1].
PSA is increasingly being used in many countries, in a complementary manner to the
traditional deterministic analysis and defence-in-depth considerations, as part of the decision making process to assess the level of safety of nuclear power plants and to support various risk-informed applications. Regulatory bodies in many countries require that a PSA be performed for licensing purposes. PSA has reached the point where, if performed to acceptable standards, it can considerably influence the design and operation of nuclear power plants. The quality of PSA is then becoming a matter of the ‘robustness’ of the decisions.
In order to promote the use and application of PSA techniques in Member States, the
IAEA has developed detailed technical guidance on how to carry out PSA for nuclear power plants. There are publications describing the overall process and procedures of performing a PSA (see Refs [2-4]). For specific PSA areas or tasks where it was felt that more detailed guidance is needed, separate publications have been produced, such as for common cause failure (CCF) modelling (see Ref. [5]) or human reliability analysis (HRA) (see Ref. [6]). The publications provide information and recommendations and reflect accepted practices consistent with the knowledge at the time they were written. Reference [2], for example, provides procedures for conducting Level-1 PSAs for internal events for full power initial conditions in accordance with the state of the art of PSA in the beginning of nineties. That publication has been successful in helping to standardize the framework, terminology, content and format of documentation of PSAs in IAEA Member States, while providing for flexibility to introduce new and alternative methods.
Increasingly, during the last years PSA has been broadly applied to support numerous
applications, such as risk-informed changes to technical specifications, risk-based plant configuration control, maintenance program optimization, etc. The IAEA has developed a technical document (see Ref. [7]), which summarizes information on up-to-date PSA applications and includes technical and methodological aspects, examples, and limitations, as well as the regulatory perspective on the use of PSA and numerical goals and acceptance criteria for decision making. A number of applications require specific features of the PSA and of certain PSA elements. A Technical Committee meeting, held in Vienna, May 28–June 1, 2001, on quality and consistency of PSAs identified the need for guidance on a
1 In this publication, it is assumed that the user will define an objective criterion to identify what is a significant accident sequence. An example of such a criterion is the following: a significant accident sequence is one of the set of sequences, defined at the functional or systemic level, that, when ranked in decreasing order of frequency, comprise a significant percentage (e.g. 95%) of the core damage frequency (CDF), or that individually contributes more than a measurable percentage (e.g. 1%) to CDF.
1
process to review a PSA to determine its technical adequacy for addressing specific applications, or in other words, to provide guidance to assure that a PSA is of sufficient quality to support the application. The same idea was highlighted at the Conference on Topical Issues in Nuclear, Radiation and Radioactive Waste Safety (IAEA, September 2001) that emphasized the necessity to ensure a high quality of PSAs for the support of risk-informed decision making. The meaning of ‘high quality’ in this context was meant to be different for each PSA and to be defined as being commensurate with the intended use of a PSA. The present publication is a response to those recommendations.
The publication takes into consideration the advanced worldwide experience in the
area of PSA quality assessment and verification, and in particular the ASME Standard for Probabilistic Risk Assessment for Nuclear Power Plant Applications (Ref. [8]). The starting point for the development of the technical attributes presented here in Sections 4 through 12 as the basis for the assessment of technical adequacy of a PSA was the set of requirements for the Capability Category II PSA presented in the ASME Standard (Capability Category II requirements are representative of currently accepted good industry practices in the USA.)
1.2. Objectives of the report
Various applications of PSA require that PSAs used to support those applications have
certain characteristics in terms of their scope, degree of detail, technical adequacy of the modelling, the capability and flexibility to perform the required calculations, the capability to support interpretation of the results, the quality and type of the data used, and of the assumptions made in modelling important aspects. The features of a PSA that are necessary to support specific applications vary with the application. This report provides information regarding the features, written in the form of attributes of the major PSA elements, which are appropriate for carrying out various PSA applications. In so doing, this publication provides a basis for judging the quality of the PSA used to support an application as discussed in the next section. General attributes are formulated for a ‘base case PSA’ that in the framework of this publication is defined to be that PSA that is used to assess the overall plant safety level. Special attributes are provided for specific applications where appropriate.
The notion of ‘PSA quality’ should be distinguished from the notion of ‘quality
assurance’. ‘PSA quality’ for a specific purpose refers to the technical adequacy of the methods, level of detail and data used to develop the PSA model. In order to assure that the chosen methods and data are used, applied, and documented in an adequate and controlled manner, a dedicated quality assurance programme needs to be established that also addresses applications of PSA. How to set up and effectively apply an appropriate quality assurance programme for PSA and its applications is described in the publication ‘A framework for a quality assurance programme for PSA’, IAEA-TECDOC-1101, Ref. [9]. As distinct from that publication, the present TECDOC focuses on the technical information regarding approaches, methodology and data to obtain appropriate technical PSA features for specific applications. Thus, for a specific PSA application with a particular PSA, the approach provided in the publication can be used as a basis to formulate a specific technical framework for carrying out the PSA application. For these reasons this publication concentrates on technical PSA aspects. In Figure 1 the overall framework for the assurance of the quality of PSA results for applications is shown identifying the roles of the existing IAEA publications and the present publication.
It is expected also that the publication will provide a technical framework for the PSA-related services and International Probabilistic Safety Assessment Review Team (IPSART)
2
missions being conducted by the IAEA on request of Member States, in addition to the existing guidelines, i.e. Ref. [10].
1.3. Quality of a PSA for an application
For the purposes of this publication, PSA quality is defined in general terms in the
following way: “In the context of an application, the PSA is of an appropriate quality if it conforms to a set of attributes that are appropriate for the application.”
Fig. 1. Framework of PSA quality and supporting IAEA publications. The key to defining quality then is in the definition of the attributes. The attributes that
are required for a particular application depend on the purpose and characteristics of the application. When used as an input to a decision, the attributes required are a function of the process for decision making, and in particular address the acceptance criteria or guidelines with which the PSA results are to be compared. The acceptance criteria are generally in the form of a numerical value associated with a specific metric. Examples of metrics are the absolute value of, or increase in, core damage frequency, and importance measures. The metrics commonly used are defined in Appendix I to this publication. The PSA has to be capable of evaluating the appropriate metrics for each application. However, the method for performing the comparison of the results of the PSA with the criterion also has an impact on the attributes required. For example, the criterion may require use only of a mean value, or it may require the full characterization of uncertainty as a probability distribution on the value of the metric. Thus identifying the additional attributes requires an understanding of the method proposed for generating and using the PSA results.
IAEA-TECDOC DETERMINING THE
QUALITY OF PSA FOR APPLICATIONS IN
NPPs
IAEA-TECDOC-1101 A Framework for a Quality Assurance Program for PSA
Technical Quality Attributes are defined
and used
The work on PSA is organized and performed
in such a way that required technical
attributes are met without introducing mistakes and
errors
The documentation is performed in a
manner that supports review and future
upgrades
Safety Series No. 50-C/SG-Q
Quality Assurance for Safety in Nuclear Power Plants and other Nuclear
Installations
Provision of the Quality of PSA Results for Applications
Safety Guide No. NS-G-1.2
Safety Assessment and Verification for Nuclear
Power Plants
3
Two types of attributes are defined in this publication:
- General attributes, which apply for a typical ‘base case PSA’ (for the definition of a ‘base case PSA’ see the discussion below). The general attributes apply for all PSAs and applications.
- Special attributes, which generally provide enhanced capabilities supporting certain applications of a PSA. Special attributes may not be met in a ’base case PSA’.
The purpose of a ‘base case PSA’ is the assessment of the overall plant safety as
described for example in Appendix II of this publication. Thus, the set of general attributes describing the technical features of a ‘base case PSA’ in this publication corresponds to the PSA application ‘Assessment of the Overall Plant Safety’. The general attributes represent a fundamental set of attributes that can be recognized as being associated with the performance of a technically correct PSA in accordance with the present state of the art methodology and technology. According to Ref. [10], “the current state of the art of PSA is defined by the way PSAs have been practically performed in recent years by Member States according to existing guidelines and using accepted methodologies and techniques.” To summarize, it is understood in this publication that the general attributes represent a minimum set of the attributes needed to perform a state of the art PSA with the aim to assess the overall plant safety. State-of-the-art is taken to be synonymous with generally accepted good practice.
Special attributes provide elevated capabilities in terms of resolution, specificity,
scope, realism, and less uncertainty for aspects of the PSA needed to support specific applications, but still corresponding to the current state of the art. Special attributes are defined in such a way that, when they are met, the corresponding general attributes will certainly be met. Different PSA applications may require different special attributes.
Special attributes may arise because of the need to model specific impacts of changes
proposed by the application, which may require a higher level of detail for certain elements than required for the base case as defined in this publication. In addition, special attributes may be required to address unique acceptance criteria for the application.
On the other hand, there might be applications for which not all the attributes would need to be met, or for which some attributes can be relaxed. These are applications for which either the risk information required is limited, or for which the approach to decision making compensates for a lesser level of detail or plant-specific fidelity in the PSA by making a more conservative decision than would be the case for the more detailed, plant-specific model. An example of the latter is an application that addresses relaxation of requirements on components considered to be of low safety significance. Use of a more detailed and more plant-specific PSA would allow more components to be classified as low safety significant, when compared with what would result from use of a less detailed model. However, even in this case, the PSA used to support that application must be technically adequate.
For many applications, the acceptance criteria may require the consideration of all
contributors to risk. It is recognized that specialized PSA methods are needed to perform the analysis of core damage resulting from internal hazards, such as internal fires and floods, or external hazards, such as earthquakes, high winds, etc., and from different plant operating modes, such as low power and shutdown modes. These specialized analyses are identified in
4
this publication as being separate modules2 of a PSA. The scope of a PSA is defined by the modules it contains.
Which attributes are met determines to some extent the role the PSA can play in the
decision making process. When it is clear that the confidence in the accuracy of the PSA results is high, the PSA can play a significant role. When confidence in the accuracy is less, it must play a lesser role. However, in either case, the PSA still has to have a quality commensurate with its role. What makes the distinction between these cases is that those attributes that enhance realism are not necessary met in the latter case.
When using information presented in this publication, it is proposed that in case a PSA
analyst considers that an application does not necessarily require compliance with a general or special attribute or attributes, this should be reliably justified in terms of the analysis consistency and absence of impact of a missing attribute(s) on PSA results and insights used for decision making. 1.4. Scope of the report
The detailed IAEA PSA procedures mentioned above (Refs [2-4]) mainly concentrate
on general features and content of PSAs. In these publications, a limited consideration is given to the particular features of PSA conditioned by specific PSA applications. It should be also mentioned that a number of approaches and techniques described in these procedures, in particular in the Level-1 PSA procedure (see Ref. [2]), have been further developed, so the present publication takes into account the current state of the art regarding various aspects related to PSA methodologies.
In recognition of the different levels of maturity in the state of the art for the various
PSA modules, and due to a comprehensive amount of information to be covered, the scope of this publication is restricted to a Level-1 PSA for at power operation for internal events caused by random equipment failures and operator errors. Consideration is not given to other sources of radioactivity except for the reactor core. Level-2 PSA, internal fires and floods, external hazards like earthquakes, tornadoes, and other natural and man-induced hazards are not included in the scope of this publication, and neither is PSA for the shutdown and low power operation modes. These PSA modules could be covered in separate publications later. However, it should be specifically pointed out that applications may require that the scope of the PSA is complete in terms of consideration of all relevant contributors to plant risk and analysis levels. It is not the intent of this publication to address what has to be done to compensate for the limited scope of the PSA in these circumstances. Nor does this publication attempt to describe what has to be done to compensate for attributes that are not met. These considerations are left to the decision-makers. However, Appendix II provides a general discussion regarding what PSA scope and risk metrics may be needed for specific applications.
An emphasis is made on describing the attributes of a ‘base case PSA’ being
fundamental for other considerations relating to specific PSA applications. The publication concentrates also on describing the appropriate features and attributes of PSA and of PSA elements and relates them to specific applications by indicating additional features and characteristics important from the viewpoint of specific applications. Only a summary of PSA 2 A PSA module is a probabilistic safety analysis, which addresses a certain type of hazard (e.g. high winds, earthquakes, internal fires), plant operating mode (full power, low power, shutdown), radioactivity source (reactor core, spent fuel pool), and analysis level (Level-1, Level-2, Level-3).
5
approaches, techniques, and tasks is given. The publication provides information on what has to be done rather than how it should be done. Thus, regarding detailed procedures for PSA tasks, reference is made to the appropriate available PSA procedures and the publication is not intended to replace them. 1.5. Structure of the report
Because this report is oriented towards supporting applications of PSA, first, an
overview of current applications is given in Section 2. Section 3 introduces the main PSA elements, and provides a description of the process one should follow to determine whether the PSA is of an appropriate quality for an application of interest. The attributes of the PSA elements are provided in Sections 4 through 12 separately for each PSA element, covering both general attributes (applicable for the ‘base case PSA’), and application-specific ones (i.e. special attributes). Section 13 discusses the special attributes appropriate for PSA applications and outlines a practical procedure for determination of the special attributes relevant for the application of interest. It also provides a table mapping the special attributes to the PSA applications. Conclusions are provided in Section 14. Appendix I provides definitions of the risk metrics referred to in the publication. Appendix II provides summary information on PSA applications, including their general description, applicable risk metrics, remarks on use of PSA models to support specific applications, and examples. Appendix III presents a table linking the PSA elements discussed in Sections 4 through 12 to the list of PSA tasks from the IAEA Procedure Guide on Level-1 Internal Event PSA (see Ref. [2]).
1.6. Applicability
There are three major limitations regarding the applicability of this publication which are as follows: 1. The information presented is directed towards PSA and PSA applications for nuclear
power plants. Thus, this publication is not directly applicable for research reactors, for example.
2. The publication focuses on PSA and PSA attributes for vessel type light water reactors
(LWRs), although a vast majority of general and special attributes are applicable for other reactor types as well. The applicability of the PSA element descriptions and of PSA attributes given in this publication for nuclear power plants with other reactor types is discussed below.
3. The publication is focused on PSA approaches, modelling and data for a typical ‘mature’
nuclear power plant, which has been in operation for a number of years without major changes in the plant. The applicability of the PSA elements descriptions and of PSA attributes given in this publication for nuclear power plants in other stages of the plants lifetime is discussed below.
1.6.1. Applicability for reactors other than vessel type LWRs
The present predominant reactor types for nuclear power plants are vessel type LWRs. PSA approaches and techniques have therefore been mostly developed and applied for this kind of NPPs. For this reason the publication focuses on PSA and PSA attributes for vessel type LWRs. Most of the PSA approaches and techniques can also be applied and used for other reactor types such as gas cooled reactors and CANDU (i.e., data analysis, human reliability analysis, systems analysis, etc.). Therefore, the attributes described in this
6
publication apply as well for these reactor types. There is however one area regarding PSA approaches and techniques where there is a significant difference. The concept of core damage as an accident sequence end state for Level-1 PSA and as a rough measure for consequences is a useful concept for vessel type LWRs. The physical background for this concept is that for the compact cores of current vessel type LWRs once there is loss of cooling to substantial portions of the core and associated fuel damage it is likely that the whole core is affected and a substantial part of the fission product inventory is released from the fuel.
For reactors with physically well-separated fuel channels and comparatively large
cores, damage might be restricted to individual fuel channels, small portions of the core, parts of the core or may extend to the entire core. Accordingly, several Level-1 fuel or core damage end-states have been defined and used in PSAs for such reactors to reflect the significantly different fractions of the fuel or core affected during different accident scenarios. The physical reason for this distinction and refinement of core damage are specific features of the reactor and system design, e.g. the design of coolant piping and the connection of emergency core cooling system (ECCS) trains to the coolant piping. The refined definition of core damage then allows obtaining a useful consequence measure in terms of the Level-1 PSA by distinguishing scenarios with significant consequences from those with low consequences but elevated frequencies. In turn such definition of core damage categories requires interpretation and adaptation regarding the description of PSA tasks and associated attributes as given in this publication.
It should be pointed out however that analytical and in particular experimental
information on details of the accident progression in the beyond design accident range is limited for other reactor types if compared to vessel type LWRs. This may also affect the formulation of safety function success criteria and delineation of accident sequences. Therefore, accident progression and the characterization of Level-1 end states for reactor types other than vessel type LWRs should be regarded as being still under development.
1.6.2. Applicability for NPPs in different stages of the plant’s lifetime
In order to provide a comprehensive description of PSA tasks and associated attributes the publication is focused on PSA approaches, modelling aspects, and data for a typical ‘mature’ nuclear power plant, which typically has been in operation for a number of years without major changes in the plant. It is recognized that significant differences exist regarding PSA approaches, modelling aspects, and data for different stages of the plants lifetime. The reason why this publication concentrates on PSA for a ‘mature’ nuclear power plant is that only at this stage the full range of PSA techniques can be applied including evaluation and use of a reasonable amount of operational experience data from the plant itself. During the design stage of a plant, for example, detailed information on design and operational features might be limited and no operational experience data from the plant is available. For a completely new design even applicable experience data from comparable plants might not be available. A number of attributes formulated in this publication for a ‘mature’ NPP therefore require interpretation and adaptation when applied for an NPP in an earlier life stage.
PSA techniques can be used beginning at an early design stage of a plant. At this time
even the conceptual design of engineered safety features (ESFs) might not be entirely fixed, e.g. the number of redundant trains in an ECCS. Diverse ECCSs might be under consideration for a particular emergency core cooling function. In these situations, PSA techniques can be used to support conceptual decisions. However, there are major differences in PSA approaches, techniques and data as listed below:
7
• Detailed design information on systems and their support systems might not or only partially be available. This missing information can be bridged by related assumptions for PSA purposes.
• Detailed operating procedures are not available. Information from similar NPPs might be used instead.
• No or only generic operational experience is available.
• Information on thermal hydraulic analyses, accident progression, accident scenarios might be limited.
• Completeness of initiating events is difficult to ascertain.
• Limited information on man-machine interface (MMI) and on training of operating staff is available.
• Limited information on maintenance practices and procedures.
• Equipment location information is limited or missing (important for CCF modelling and modelling of secondary effects).
• Details on technical specifications (TSs) are missing or limited.
In summary, a considerable number of attributes which apply for a PSA for a ‘mature’ plant do not strictly apply for a plant in the design stage, simply because the required knowledge and data are not yet available. Accordingly, simplifications and assumptions need to be made to bridge the missing information. Furthermore, the applicability and adequacy of the assumptions themselves could be limited, introducing elements of variability and uncertainty even if not directly visible or stated. A typical example for a new NPP concept in an early design stage are the advanced reactors incorporating new concepts for safety features, e.g. passive systems, where even the assessment of thermal-hydraulics and consideration of reliability aspects are still under development and where operational experience is not available.
Uncertainty inherent in PSA models and results for a reactor in the design stage needs
to be fully addressed if the PSA is used for decision making. One way to deal with these uncertainties in the early stages of plant life is to use PSA in a relative way, e.g. by comparing different design variants using similar models and assumptions. Another useful approach is to check the robustness of results by changing the assumptions to see how the results are affected by such changes.
During the further development of the plant, increasing details on design and
operational features of the plant become available. This progress is then usually reflected in refining PSA models, which in turn reduces associated variabilities and uncertainties.
Even for a ‘mature’ plant, there might be major backfits or major changes regarding
the plants design and operational features. A major change in this sense would be a significant redesign of the core, including redesign of protection instrumentation and control (I&C) and of ESFs. This in turn would mean that the PSA would need to be redone because such a major change is likely to change the entire PSA model structure and because similar conditions would apply again for parts of the plant or for the entire plant as during the design stage, which has to be reflected in the PSA techniques and data.
8
2. OVERVIEW OF PSA APPLICATIONS 2.1. PSA application categorization
Since the beginning of the nineties, PSA techniques have been used increasingly widely in many countries in the risk-informed decision making process in NPP design, operation, and licensing activities. IAEA-TECDOC-1200 (see Ref. [7]), published in 2001, identified a number of PSA applications. In this publication, some additional applications have been identified, and the PSA applications have been categorized in the following way according to their purpose:
1. Safety assessment: to assess the overall safety of the plant and to develop an understanding of the main contributors to risk
2. Design evaluation: to provide support for design evaluation
3. NPP operation: to provide support for day-to-day operation of the plant (not including permanent changes to design or operational practices)
4. Permanent changes to the operating plant: to assess the safety significance of proposed permanent changes to the plant design, hardware, or administrative controls (e.g. operating procedures, the licensing basis) as an aid to decision making
5. Oversight activities: to support plant performance monitoring and assessment (both regulatory and industry)
6. Evaluation of safety issues: to evaluate safety issues Several application groups can be defined under the six categories based on a more
specific consideration of the purpose and subject of PSA applications. Table 2.1 provides a list of PSA application categories, groups within the categories, and specific applications within the groups.
2.2. PSA results and metrics used in decision making
In order to use a PSA in the decision making process, it is necessary to define what
results are needed, and define criteria these results may be compared with. In some cases, the results may be qualitative, but in most cases, the results are quantitative. In such cases, some parameters that can be calculated using the PSA model are defined, which are referred to as metrics. Typically, used metrics are importance measures, core damage frequency (CDF), large early release frequency (LERF), conditional core damage probability (CCDP), quantitative health objectives (QHO), etc. The metrics most commonly used are defined in Appendix I. Although analysis of the LERF and the QHO typically are not in the scope of a Level-1 PSA (and this publication), these metrics can be derived and used in the decision making process in many PSA applications and therefore for the sake of completeness are also addressed in Appendixes I and II of this publication. It should be noted that some PSA applications require a wider PSA scope, e.g. emergency planning would require in principle a full-scope Level-3 PSA. The PSA scope and metrics used in decision making provide an input to the definition of application-specific PSA quality requirements. In the decision making process the evaluated metrics are compared against some decision criteria that need to be established. The various forms that such decision criteria can take are discussed elsewhere (e.g. see Ref. [7]).
9
Table 2.1 PSA Applications
Application Category Application Group Specific Application
1.1 Assessment of the overall plant safety
1.2 Periodic safety review
1. SAFETY ASSESSMENT
1.3 Analysis of the degree of defence against assumed terrorist attack scenarios
2.1 Application of PSA to support decisions made during the NPP design (plant under design)
2. DESIGN EVALUATION
2.2 Assessment of the safety importance of deviations between an existing plant design and updated/revised deterministic design rules
3.1.1 Maintenance program optimization 3.1.2 Risk-informed house keeping
3.1 NPP maintenance
3.1.3 Risk-informed support for plant ageing management program
3.2.1 Development and improvement of the emergency operating procedures
3.2.2 Support for NPP accident management (severe accident prevention, severe accident mitigation)
3.2 Accident mitigation and emergency planning
3.2.3 Support for NPP emergency planning 3.3.1 Improvement of operator training program 3.3.2 Improvement of maintenance personnel training
program
3.3 Personnel training
3.3.3 Improvement of plant management training program 3.4.1 Configuration planning (e.g. support for plant
maintenance and test activities) 3.4.2 Real time configuration assessment and control
(response to emerging conditions) 3.4.3 Exemptions to TS and justification for continued
operation
3. NPP OPERATION
3.4 Risk-based configuration control/ Risk Monitors
3.4.4 Dynamic risk-informed TS
4.1.1 NPP upgrades, back-fitting activities and plant modifications
4.1 Plant changes
4.1.2 Lifetime extension
4.2.1 Determination and evaluation of changes to allowed outage time and changes to required TS actions
4.2.2 Risk-informed optimisation of TS 4.2.3 Determination and evaluation of changes to
surveillance test intervals 4.2.4 Risk-informed in-service testing (IST)
4.2 Technical specification changes
4.2.5 Risk-informed in-service inspections (RI-ISI)
4.3.1 Equipment risk significance evaluation
4. PERMANENT CHANGES TO THE OPERATING PLANT
4.3 Establishment of graded QA program for SSC
4.3.2 Evaluation of risk impact of changes to QA requirements
10
Application Category Application Group Specific Application
5.1.1 Planning and prioritization of inspection activities (regulatory and industry)
5.1.2 Long term risk-based performance indicators
5.1 Performance monitoring
5.1.3 Short term risk based performance indicators 5.2.1 Assessment of inspection findings
5. OVERSIGHT ACTIVITIES
5.2 Performance assessment 5.2.2 Evaluation and rating of operational events
6.1.1 Risk evaluation of corrective measures 6.1 Risk evaluation 6.1.2 Risk evaluation to identify and rank safety issues 6.2.1 Long term regulatory decisions
6. EVALUATION OF SAFETY ISSUES
6.2 Regulatory decisions 6.2.2 Interim regulatory decisions
11
3. PROCEDURE TO ACHIEVE QUALITY IN PSA APPLICATIONS This section is devoted to the description of the general approach for the presentation
of information in the publication including definitions of PSA elements and attributes, the coding scheme for naming general and special PSA attributes, and how the publication can be applied for the purpose of assessing and enhancing the PSA quality. 3.1. PSA elements and attributes
The PSA features (termed ‘attributes’ in this publication) are provided for the nine
PSA elements that comprise an internal events, at-power, Level-1 PSA. The PSA elements identify the major analysis areas. It should be noted that while the nine PSA elements are identified, this division is to some extent arbitrary because all the analysis areas are interconnected and influence each other.
The PSA elements and associated abbreviations used in this publication are the
following:
1. Initiating Events Analysis IE (Section 4)
2. Accident Sequence Analysis AS (Section 5)
3. Success Criteria Formulation and Supporting Analysis SC (Section 6)
4. Systems Analysis SY (Section 7)
5. Human Reliability Analysis HR (Section 8)
6. Data Analysis DA (Section 9)
7. Dependent Failures Analysis DF (Section 10)
8. Model Integration and Core Damage Frequency Quantification MQ (Section 11)
9. Results Analysis and Interpretation RI (Section 12) Each PSA element is described in a separate section of the publication as indicated
above including a description of the objectives of the analysis relating to the PSA element, a list of major analysis tasks, and tables describing general and special attributes for the tasks.
The general and special attributes are defined as follows:
• General attributes describe the main features of the analyses, documentation, and data to be considered in the ‘base case PSA’. These features are described based on the state of the art, as defined by generally accepted good practice, of a PSA constructed to evaluate the core damage frequency.
• Special attributes describe information on specific features of PSA elements to be
satisfied in order that the PSA could be considered as appropriate for a specific application.
It is assumed that the general attributes characterise a contemporary state of the art
Level-1 internal events at-power PSA performed with the aim to assess the overall NPP safety. Special attributes provide elevated capabilities within particular PSA elements to meet special features of PSA applications. Sections 4-12 present general and special attributes for
12
the nine PSA elements listed above. An identifier is assigned to each general and special attribute in accordance with the coding scheme provided in Section 3.2. Several special attributes may be defined for a general attribute. They are provided together: special attributes underneath of the corresponding general attribute. The tables include the identifiers of general attributes in the first column (‘GA’ in the table heading), the description of general attributes and, where appropriate, the identifiers/descriptions of the associated special attributes (in Italics) in the second column, as well as rationale/comments/examples for general attributes and special attributes (in Italics) in the third column.
If a PSA meets solely the general attributes, it would not necessarily mean that the
PSA could be used consistently and reliably for any PSA application, e.g. the applications listed in Section 2. Sometimes, special attributes may be important to enhance the depth and level of detail of the analysis in specific areas to facilitate the use of PSA for specific applications. Section 13 discusses what special attributes are appropriate for particular applications and how to determine them.
It should be noted that the PSA results used in the decision making process might be
adequate even if certain attributes are not met or not met fully. However, this would generally require that either a demonstration that the attribute is not required to produce the results needed to support the application, or that the decision has compensated for this failure to meet the attribute, by, for example, restricting the scope of the application to that supported by the PSA results. The methods by which this may be demonstrated are not within the scope of the publication.
3.2. Coding scheme for attributes identifiers (1) General attribute The identifier of a general attribute is represented by the following string:
XX-YNN,
where: XX – the identifier of a PSA element as provided in Section 3.1 (IE, DA, etc.); Y – a letter (in alphabetic order) designating the task within the PSA element; NN – a two-digit number designating the sequential number of the general attribute within
Task ‘Y’.
Example: IE-A01 - this is the identifier of the first general attribute for Task ‘A’ of the PSA element ‘IE’.
(2) Special attribute
The identifier of a special attribute represents the following string: XX-YNN-SM,
where: XX-YNN – the identifier of the general attribute, for which a special attribute is provided; S – the letter ‘S’ indicating that a special attribute is defined for General Attribute
‘XX-YNN’;
13
M – an one-digit number designating the sequential number of the special attribute relating to the considered general attribute.
Example: IE-A01-S1 - this is the identifier of the first special attribute related to the first
general attribute for Task ‘A’ of the PSA element ‘IE’.
3.3. Connection to IAEA PSA guidelines The PSA elements #1 through 9 applicable to a Level-1 at-power internal event PSA
are principally addressed in the IAEA Level-1 PSA Procedure Guide (see Ref. [2]). In order to provide a link between that publication and the present publication, a mapping of the PSA tasks from Ref. [2] to the PSA elements considered in this publication is provided in Appendix III.
There are also several IAEA publications providing more details on the following PSA
elements:
• Human Reliability Analysis (Ref. [6]) • Initiating Events Analysis (Ref. [11]) • Dependent Failures Analysis (Ref. [5]).
3.4. The procedure for use of the TECDOC
This publication has two major uses:
(1) Support the PSA review as carried out by the IAEA within IPSART missions and as part of other activities.
(2) Support the use of PSA applications in planning of a PSA project, to make sure that
appropriate quality of the Level-1 internal events PSA is achieved, or assessing the applicability of an existing PSA intended for use in an application.
The general procedure of application of the approach provided in this publication for
assessing and enhancing the PSA quality involves consideration of general and special attributes. The following three major steps are involved:
STEP (1) For the PSA application, a consideration needs to be given to plant design and
operational features affected by the application (and related PSA models). PSA scope and results/metrics required for the application have to be determined. In case the scope and results/metrics are insufficient, there may be a need to refine, complete, or upgrade the PSA. For instance, in case an application (e.g. severe accident management) requires Level-2 PSA results, but these are not available, an extension of the PSA scope would be needed. Alternatively, the developer could provide supplementary arguments/analysis/data to bridge limitations, or restrict the scope of the application to that supported by the PSA.
STEP (2) For each PSA element, a determination needs to be made whether the general
attributes provided in Sections 4-12 characterizing a ‘base case PSA’ have been met. If not, refinements should be considered for the PSA to bring it in compliance with the general attributes. Alternatively, the developer could provide a supplementary justification to demonstrate that the general attributes not met are not required for the application.
14
STEP (3) For the PSA application, a determination needs to be made whether the special attributes needed for this PSA application have been met. Section 13 of this publication should be consulted regarding the practical steps for identification of a set of special attributes of the PSA elements relevant for the application of interest. A determination needs to be made whether the special attributes have been made. If not, refinements should be considered for the PSA to bring it in compliance with the special attributes.
The procedure for determination of quality of PSA for applications is illustrated in
Figure 2. For Steps 2 and 3 depicted in the figure, this publication covers only a Level-1 internal events at-power PSA. In case a PSA includes more PSA modules (e.g. internal floods, fires, shutdown PSA, etc.), other publications should be consulted regarding the technical features of the analyses, e.g. Ref. [8] for internal floods, Ref. [12] for external hazards.
15
The PSA results can support the application
Fig. 2. General procedure for determination of quality of PSA for applications.
Refine, complete, or upgrade PSA
YES
OR
STEP 1 Are the PSA scope and results/metrics
sufficient?
Identify type of PSA application (e.g. Table 2.1)
Identify plant design and operational features affected by the application
Identify PSA scope and results/metrics required (desired) for the application
Refine PSA elements acc. to Special Attributes
Refine PSA elements acc. to General Attributes
Provide supplementary arguments/analysis/data to
bridge limitations, OR restrict the scope of the application to
that supported by the PSA
NO
YES
YES
NO
NO
Demonstrate/justify that the attributes not met are not
required for the application OR
STEP 2 Do PSA elements satisfy General
Attributes?
STEP 3 Do PSA elements
relevant for the application satisfy Special
Attributes?
16
4. PSA ELEMENT ‘IE’: INITIATING EVENTS ANALYSIS
4.1. Main objectives
The initiating events analysis is a highly iterative, multi-purpose task, which provides the basis for the PSA and ensures its completeness. The risk profile can be incomplete and distorted if important initiating events (IEs) are omitted or incorrectly included in the IE groups.
The main objectives of the initiating events analysis are as follows:
• to identify a reasonably complete set of the events that interrupt normal plant operation and that require successful mitigation to prevent core damage, so that no significant contributor to core damage is omitted;
• to group initiating events to facilitate the efficient modelling of plant response and
initiating events frequency assessment while providing sufficient resolution regarding modelling of accident sequences (events included in the same group have similar mitigation requirements, or are bounded by the limiting mitigation requirements for the ‘representative initiating event’ for the group);
• to provide estimates for the frequencies of the initiating event groups using information
available and associated estimation techniques. Important aspects of the IE analysis are the following:
• Initiating event definition is correct and complete.
• Initiating events are identified taking into account all plant configurations possible at power operation.
• IEs are grouped in a consistent manner such that any event in the group has the same or less demanding mitigation requirements than initiating event chosen as the IE group representative for further modelling.
• Methods used for the estimation of the IE frequencies are clearly distinguished for the cases when:
- Estimation is based on plant specific or generic, or both kinds of statistical information.
- Estimation is based on system models (mainly refers to system initiators and includes checking system failures which may create an initiating event).
- Estimation for rare events, which is based on expert judgment or use of specific methods (e.g. structural mechanics analysis, etc.)
• Uncertainties in the IE frequencies are understood, evaluated, accounted for, and documented.
17
4.2. Initiating events analysis tasks and their attributes
The main tasks for the PSA element ‘IE Analysis’ are listed in Table 4.2. Tables 4.2-A through 4.2-H present the description of general and special attributes for these tasks.
Table 4.2 Main Tasks for IE Analysis
Task ID Task Content
IE-A Identification of IE Candidates (Preliminary Identification of IEs)
IE-B IE Screening and Final IEs List Identification
IE-C IEs Grouping
IE-D Collection and Evaluation of Generic Information for IE Frequencies Assessment
IE-E Collection of Plant-Specific Information
IE-F Handling the Effects of Plant Modifications
IE-G IE Frequencies Quantification
IE-H Documentation
18
Tab
le 4
.2-A
A
ttri
bute
s for
IE A
naly
sis:
Tas
k IE
-A ‘I
dent
ifica
tion
of IE
Can
dida
tes’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Sp
ecia
l Attr
ibut
es (i
n Ita
lics)
IE-A
A
list
of i
nitia
ting
even
ts is
def
ined
whi
ch is
as c
ompl
ete
as p
ossi
ble.
IE-A
01
IE d
efin
ition
is c
lear
and
cov
ers a
ny p
lant
dis
turb
ance
s tha
t req
uire
miti
gatio
n to
pr
even
t cor
e da
mag
e.
CO
MM
ENT :
The
follo
win
g IE
def
initi
on is
gen
eral
ly u
sed:
“IE
is a
n ev
ent w
hich
co
uld
dire
ctly
lead
to c
ore
dam
age
or c
halle
nges
nor
mal
pla
nt o
pera
tion
and
requ
ires s
ucce
ssfu
l miti
gatio
n to
pre
vent
cor
e da
mag
e”.
The
initi
atin
g ev
ents
id
entif
ied
typi
cally
incl
ude
trans
ient
s of v
ario
us ty
pes,
Loss
of C
oola
nt A
ccid
ents
(L
OC
As)
, int
erfa
cing
sys
tem
s LO
CA
s, st
eam
gen
erat
or tu
be ru
ptur
es, a
nd su
ppor
t sy
stem
initi
ator
s.
IE-A
02
All
plan
t ope
ratio
ns m
odes
with
pow
er o
pera
tion
are
cons
ider
ed to
geth
er w
ith th
eir
inte
rlock
s and
syst
em c
onfig
urat
ion.
IEs a
pplic
able
to sp
ecifi
c co
nfig
urat
ions
are
id
entif
ied.
RA
TIO
NA
LE: S
yste
ms c
onfig
urat
ion,
inte
rlock
s and
requ
irem
ents
for p
lant
sh
utdo
wn
may
be
diff
eren
t for
the
sam
e pl
ant o
pera
ting
on d
iffer
ent p
ower
leve
ls.
This
may
lead
to th
e ap
pear
ance
of a
dditi
onal
IEs a
nd/o
r to
chan
ges i
n th
e bo
unda
ry c
ondi
tions
of t
he IE
s, w
hich
wer
e id
entif
ied
for n
omin
al p
ower
leve
l.
EXA
MPL
ES:
At s
ome
plan
ts (e
.g. V
VER
-440
NPP
s) th
e fo
llow
ing
diff
eren
ces r
elat
ed to
pla
nt
pow
er o
pera
tion
mod
e ex
ist:
1) E
vent
invo
lvin
g bo
ron
dilu
tion
due
to e
rron
eous
con
nect
ion
of a
dis
conn
ecte
d lo
op is
pos
sibl
e on
ly a
t the
leve
l low
er th
an n
omin
al p
ower
.
2) T
rip o
f 3 M
CPs
lead
s to
reac
tor s
cram
onl
y at
pow
er le
vel b
elow
75%
from
no
min
al.
3) T
rip o
f las
t ope
ratin
g tu
rbin
e le
ads t
o im
med
iate
reac
tor s
cram
onl
y w
hen
the
plan
t ope
rate
s at p
ower
leve
l bel
ow 7
5% fr
om n
omin
al.
4) P
lant
con
figur
atio
n (in
par
ticul
ar se
cond
ary
side
arr
ange
men
ts) d
iffer
s si
gnifi
cant
ly w
hile
the
unit
oper
ates
at 5
0% a
nd 1
00%
pow
er le
vel (
one
and
two
turb
ines
).
IE-A
03
A st
ruct
ured
, sys
tem
atic
pro
cess
for i
dent
ifyin
g in
itiat
ing
even
ts is
em
ploy
ed. T
he
follo
win
g m
etho
ds fo
r ide
ntifi
catio
n of
pot
entia
l IEs
are
use
d:
1) A
naly
sis o
f lis
ts o
f IEs
from
PSA
s for
sim
ilar u
nits
:
List
s of I
Es d
evel
oped
in P
SAs f
or si
mila
r uni
ts a
re re
view
ed in
ord
er to
id
entif
y po
tent
ial I
Es a
pplic
able
to th
e in
vest
igat
ed u
nit.
2) A
naly
sis o
f gen
eric
list
s of I
Es:
The
lists
of I
Es fr
om g
ener
ic so
urce
s (e.
g. g
ener
ic li
sts f
rom
IAEA
, US
NR
C,
EPR
I, et
c.) f
or si
mila
r uni
ts a
re re
view
ed in
ord
er to
iden
tify
pote
ntia
l IEs
RA
TIO
NA
LE: U
se o
f onl
y on
e or
a su
bset
of t
he m
etho
ds li
sted
in IE
-A03
may
no
t pro
vide
a c
ompl
ete
list o
f ini
tiatin
g ev
ents
due
to in
here
nt li
mita
tions
of e
ach
met
hod.
CO
MM
ENT:
For
spec
ific
appl
icat
ions
the
use
of a
subs
et o
f the
met
hods
may
pr
ovid
e a
list o
f IEs
suff
icie
nt to
dea
l with
the
appl
icat
ion.
Thi
s sho
uld
incl
ude
at
leas
t: -
Pre
viou
s PSA
s lis
ts fo
r sim
ilar u
nits
. -
Ope
ratio
nal e
xper
ienc
e of
the
unit
unde
r con
side
ratio
n an
d si
mila
r uni
ts.
19
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
Spec
ial A
ttrib
utes
(in
Italic
s)
appl
icab
le to
the
inve
stig
ated
uni
t.
3) A
naly
sis o
f ope
ratio
nal e
xper
ienc
e:
- O
pera
tiona
l exp
erie
nce
of th
e un
it un
der c
onsi
dera
tion
and
sim
ilar u
nits
is
revi
ewed
in o
rder
to id
entif
y ev
ents
that
hap
pene
d in
the
past
.
- Th
e ex
perie
nce
on p
lant
-spe
cific
initi
atin
g ev
ents
is re
view
ed to
ass
ure
that
th
e lis
t of c
halle
nges
acc
ount
s for
the
plan
t exp
erie
nce.
Exp
erie
nce
and
anal
yses
at s
imila
r pla
nts a
re re
view
ed to
ass
ess w
heth
er th
e lis
t of c
halle
nges
in
clud
ed in
the
mod
el a
ccou
nts f
or th
e in
dust
ry e
xper
ienc
e.
4) D
educ
tive
anal
ysis
(e.g
. mas
ter l
ogic
dia
gram
, hea
t bal
ance
faul
t tre
es, e
tc.)
A st
ep-b
y st
ep c
onse
quen
tial a
naly
sis i
s per
form
ed in
ord
er to
iden
tify
even
ts,
whi
ch c
ould
lead
to c
ore
dam
age
or re
quire
miti
gatio
n ac
tions
.
5) In
duct
ive
anal
ysis
(e.g
. fai
lure
mod
e ef
fect
ana
lysi
s [FM
EA])
.
Syst
emat
ic e
valu
atio
n of
eac
h sy
stem
is p
erfo
rmed
to a
sses
s the
pos
sibi
lity
of
an in
itiat
ing
even
t occ
urrin
g du
e to
a fa
ilure
of t
he s
yste
m, e
.g. d
etai
led
mod
el
of sy
stem
inte
rfac
es in
clud
ing
faul
t tre
e de
velo
pmen
t and
/or F
MEA
to a
sses
s an
d do
cum
ent t
he p
ossi
bilit
y of
an
initi
atin
g ev
ent r
esul
ting
from
indi
vidu
al
syst
ems/
syst
em tr
ain/
equi
pmen
t fai
lure
s. A
ll sy
stem
s, w
hich
failu
res m
ay
brin
g di
stur
banc
e in
pla
nt o
pera
tion
(e.g
. nor
mal
ope
ratio
n, fr
ont-l
ine
and
supp
ort s
yste
ms)
are
revi
ewed
, with
the
exce
ptio
n of
thos
e, w
hich
wer
e al
read
y id
entif
ied
as th
e so
urce
of I
Es b
ased
on
othe
r ana
lysi
s. T
he a
naly
ses
are
perf
orm
ed a
fter s
yste
m m
odel
s wer
e de
velo
ped.
6) L
ists
of d
esig
n ba
sis a
ccid
ents
(DB
As)
and
bey
ond
desi
gn b
asis
acc
iden
ts
(BD
BA
s) a
re re
view
ed.
IE-A
04
Initi
atin
g ev
ents
resu
lting
from
mul
tiple
failu
res a
nd re
quiri
ng d
iffer
ent m
itiga
tion
stra
tegy
are
incl
uded
, in
parti
cula
r tho
se th
at c
an re
sult
from
a c
omm
on c
ause
. R
ATI
ON
ALE
: Eve
nts c
ause
d by
mul
tiple
equ
ipm
ent f
ailu
res m
ay b
e si
gnifi
cant
in
term
s of r
isk
even
if th
e IE
freq
uenc
y is
low
.
See
also
Tab
le 1
0.2-
D, G
ener
al A
ttrib
ute
DF-
D01
.
IE-A
05
The
plan
t ope
ratio
ns, m
aint
enan
ce, e
ngin
eerin
g, a
nd sa
fety
ana
lysi
s per
sonn
el a
re
inte
rvie
wed
to d
eter
min
e if
any
pote
ntia
l ini
tiatin
g ev
ents
hav
e be
en o
verlo
oked
. In
terv
iew
info
rmat
ion
from
sim
ilar p
lant
s is a
lso
used
.
RA
TIO
NA
LE: I
nter
view
of e
xper
ienc
ed p
lant
per
sona
l may
giv
e ad
ditio
nal
know
ledg
e on
real
pla
nt b
ehav
iour
and
may
hel
p to
iden
tify
IEs o
verlo
oked
with
th
e us
e of
met
hods
list
ed in
IE-A
03.
20
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
Spec
ial A
ttrib
utes
(in
Italic
s)
IE-A
06
Syst
em o
r equ
ipm
ent f
ailu
res o
r com
bina
tions
of t
hese
are
scre
ened
to se
e w
heth
er
they
repr
esen
t eith
er a
uni
que
IE, w
hich
nee
ds se
para
te tr
eatm
ent o
r rep
rese
nt a
co
ntrib
utin
g IE
to a
n IE
gro
up.
Dep
ende
ncie
s bet
wee
n sy
stem
initi
ator
s and
pos
t-tri
p fu
nctio
ns n
eed
to b
e id
entif
ied
in th
is p
roce
ss. (
See
also
Tab
le 1
0.2-
D, T
ask
DF-
D).
All
syst
em in
itiat
ors t
hat a
t the
sam
e tim
e re
sult
in p
ost-t
rip fu
nctio
n fa
ilure
s are
id
entif
ied.
CO
MM
ENT:
The
se ty
pes o
f eve
nts a
re k
now
n as
com
mon
cau
se in
itiat
ors o
r sy
stem
initi
ator
s. A
com
mon
cau
se in
itiat
or (C
CI)
is a
n ev
ent c
ausi
ng a
tran
sien
t (o
r req
uirin
g m
anua
l shu
tdow
n) a
nd a
t the
sam
e tim
e de
grad
ing
one
or m
ore
safe
ty
func
tions
that
may
be
need
ed a
fter t
he tr
ansi
ent/s
hut-d
own.
EXA
MPL
ES:
Failu
re m
odes
, whi
ch d
isru
pt n
orm
al o
pera
tion
are:
-
Nor
mal
ly o
pera
ting
pum
ps: f
ailu
re to
run
- St
andb
y pu
mps
: ina
dver
tent
star
t-up/
failu
re to
star
t -
Safe
ty/re
lief v
alve
s: in
adve
rtent
ope
ning
-
Nor
mal
ly c
lose
d bu
s bre
aker
: ina
dver
tent
ope
ning
Typi
cally
, the
con
trol a
nd p
rote
ctio
ns sy
stem
s, el
ectri
c po
wer
supp
ly sy
stem
, se
rvic
e w
ater
syst
em o
r oth
er su
ppor
t sys
tem
s are
sour
ces f
or u
nexp
ecte
d C
CIs
, w
here
the
plan
t's tr
ansi
ent e
xper
ienc
e ca
nnot
pro
vide
info
rmat
ion.
The
follo
win
g ar
e th
e m
ain
area
s for
iden
tific
atio
n of
CC
Is:
Loss
of p
roce
ss c
ontro
l. A
n an
alys
is o
f the
pro
cess
con
trol i
nclu
des b
oth
mea
sure
men
t and
con
trol o
f pro
cess
par
amet
ers.
A la
rge
num
ber o
f par
amet
ers
exis
t in
the
plan
t, w
hich
are
use
d to
supe
rvis
e an
d co
ntro
l the
pla
nt, p
ower
, lev
el,
pres
sure
, flo
w, t
empe
ratu
re, h
umid
ity, e
tc. L
oss o
f som
e pa
ram
eter
s may
cau
se (o
r re
quire
) a p
lant
trip
and
func
tiona
lly d
egra
de o
ne o
r mor
e sa
fety
sys
tem
s, e.
g.:
- Er
rone
ous l
evel
mea
sure
men
t in
the
reac
tor v
esse
l -
Spur
ious
isol
atio
n si
gnal
s.
Loss
of p
ower
supp
ly. S
ome
failu
res i
n th
e po
wer
supp
ly w
hich
may
cau
se (o
r re
quire
) a p
lant
trip
and
func
tiona
lly d
egra
de o
ne o
r mor
e sa
fety
sys
tem
s, e.
g.:
- Lo
ss o
f ext
erna
l pow
er
- Lo
ss o
f spe
cific
alte
rnat
e cu
rren
t (A
C) o
r dire
ct c
urre
nt (D
C) b
usba
rs.
Loss
of a
uxili
ary
syst
ems.
Som
e fa
ilure
s with
in a
uxili
ary
syst
ems m
ay c
ause
(or
requ
ire) a
pla
nt tr
ip a
nd fu
nctio
nally
deg
rade
one
or m
ore
safe
ty re
late
d sy
stem
s, e.
g.:
- Lo
ss o
f ins
trum
ent a
ir -
Loss
of c
oolin
g w
ater
Com
pone
nt fa
ilure
s in
safe
ty sy
stem
s. C
ompo
nent
failu
res i
n sa
fety
syst
ems m
ay
degr
ade
safe
ty fu
nctio
ns, a
nd m
ay a
lso
be a
requ
irem
ent f
or a
pla
nt sh
ut-d
own
(Tec
hnic
al S
peci
ficat
ion
rule
s).
21
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
Spec
ial A
ttrib
utes
(in
Italic
s)
Sp
ecia
l Attr
ibut
e IE
-A06
-S1:
Ev
ents
cau
sed
by o
pera
tor e
rror
s are
iden
tifie
d an
d fu
rthe
r ev
alua
ted.
RATI
ON
ALE:
Usu
ally
eve
nts c
ause
d by
ope
rato
r err
ors a
re a
ssum
ed to
be
take
n in
to c
onsi
dera
tion
in IE
freq
uenc
ies e
stim
ated
on
the
basi
s of o
pera
tiona
l ex
peri
ence
. H
owev
er, f
or c
erta
in a
pplic
atio
ns im
plic
it co
nsid
erat
ion
of IE
s ca
used
by
oper
ator
err
ors m
ay h
ide
the
impa
ct o
f cha
nges
in p
lant
mai
nten
ance
an
d op
erat
iona
l pra
ctic
e. T
his i
s par
ticul
arly
impo
rtan
t for
the
com
mon
cau
se
initi
ator
s bec
ause
of t
he p
oten
tial d
epen
denc
y be
twee
n th
e er
ror a
ssoc
iate
d w
ith
the
initi
atin
g ev
ent a
nd th
ose
actio
ns re
quir
ed to
resp
ond
to th
e ev
ent.
IE-A
07
Even
ts c
ause
d by
equ
ipm
ent d
amag
e du
ring
on p
ower
refu
ellin
g pr
oces
s are
co
nsid
ered
as p
oten
tial I
Es.
CO
MM
ENT:
App
licab
le fo
r the
pla
nts w
ith a
t-pow
er re
fuel
ling
(i.e.
CA
ND
U,
RB
MK
, AG
R, M
AG
NO
X, v
esse
l typ
e he
avy
wat
er re
acto
r [A
ttuch
a]).
IE-A
08
Initi
atin
g ev
ent p
recu
rsor
s and
run-
back
eve
nts (
also
cal
led
hous
e-lo
ad tu
rbin
e op
erat
ion)
are
revi
ewed
for t
he p
urpo
se o
f IE
iden
tific
atio
n.
RA
TIO
NA
LE:
Rev
iew
of I
E pr
ecur
sors
and
run-
back
eve
nts m
ay h
elp
to id
entif
y IE
s ove
rlook
ed w
ith th
e us
e of
met
hods
list
ed in
IE-A
03 a
nd p
rovi
des a
par
tial
basi
s for
qua
ntify
ing
thei
r fre
quen
cies
CO
MM
ENTS
:
1) A
run-
back
eve
nt is
an
even
t, w
hich
doe
s not
resu
lt in
a p
lant
trip
if p
lant
run-
back
syst
ems a
re su
cces
sful
.
2) A
pre
curs
or fo
r an
IE is
a k
ind
of tr
igge
r eve
nt, w
hich
alo
ne d
oes n
ot re
pres
ent
an in
itiat
ing
even
t, bu
t tog
ethe
r with
oth
er e
vent
s may
cau
se a
n IE
. A sp
ecia
l an
alys
is m
ay b
e ne
cess
ary
to m
odel
thes
e ev
ents
in th
e PS
A IE
s, e.
g. a
n IE
eve
nt
tree.
EXA
MPL
E: T
urbi
ne tr
ips,
mai
n co
olan
t pum
p tri
p, m
ain
feed
wat
er p
ump
failu
re
etc.
hav
e to
be
cons
ider
ed ta
king
into
acc
ount
the
avai
labi
lity
of a
utom
atic
ca
pabi
litie
s, e.
g. fo
r pow
er re
duct
ion,
to a
void
a re
acto
r scr
am.
IE-A
09
Even
ts th
at h
ave
occu
rred
at c
ondi
tions
oth
er th
an a
t pow
er o
pera
tion
(i.e.
dur
ing
shut
dow
n co
nditi
ons)
are
iden
tifie
d an
d ex
amin
ed o
n th
e ap
plic
abili
ty fo
r at p
ower
op
erat
ion.
RA
TIO
NA
LE: T
he IE
s hav
e oc
curr
ed a
t shu
tdow
n co
nditi
ons m
ay h
ave
a po
tent
ial t
o oc
cur a
t pow
er o
pera
tion.
The
se e
vent
s sho
uld
be in
clud
ed in
the
list o
f IE
s, un
less
it is
just
ified
that
the
IE c
anno
t phy
sica
lly o
ccur
at p
ower
ope
ratio
n.
How
ever
, the
use
of t
hese
eve
nts i
n da
ta tr
eatm
ent s
houl
d be
mad
e w
ith c
are.
22
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
Spec
ial A
ttrib
utes
(in
Italic
s)
IE-A
10
Adm
inis
trativ
e (o
rder
ly) s
hutd
own
caus
ed b
y di
ffere
nt re
ason
s (e.
g. fa
ilure
of
sing
le o
r mul
tiple
trai
ns o
f fro
nt-li
ne o
r sup
port
syst
ems)
is in
clud
ed in
the
list o
f IE
s. Th
ese
IEs a
re re
view
ed in
ord
er to
avo
id d
oubl
e co
untin
g in
shut
dow
n PS
A.
RA
TIO
NA
LE: A
dmin
istra
tive
shut
dow
n fo
r cer
tain
reas
ons m
ay c
ause
risk
si
gnifi
cant
acc
iden
t seq
uenc
es. E
xclu
sion
of I
Es o
f thi
s typ
e m
ay h
inde
r cer
tain
ap
plic
atio
ns (e
.g. t
hose
one
s dea
ling
with
exe
mpt
ions
to T
S, ju
stifi
catio
n fo
r co
ntin
ued
oper
atio
n, e
tc.)
EXA
MPL
E: A
dmin
istra
tive
orde
rly sh
utdo
wn
due
to re
quire
men
ts o
f TS
(e.g
. ex
ceed
ing
the
AO
T af
ter a
failu
re o
f the
em
erge
ncy
feed
wat
er p
ump
iden
tifie
d at
pe
riodi
cal t
est).
IE-A
11
Mul
ti-un
it si
te in
itiat
ors a
re id
entif
ied
and
incl
uded
in th
e lis
t of I
Es a
s ‘M
ulti-
units
in
itiat
ors’
.
RA
TIO
NA
LE: A
n IE
may
be
caus
ed b
y sy
stem
/equ
ipm
ent f
ailu
res a
t ano
ther
uni
t at
mul
tiple
-uni
t site
. The
se IE
s cou
ld n
ot b
e id
entif
ied
with
the
use
of m
etho
ds
liste
d in
IE-A
03; h
owev
er th
ey m
ay b
e si
gnifi
cant
con
tribu
tors
to th
e ris
k in
pa
rticu
lar t
o th
ose
mul
tiple
-uni
ts p
lant
s with
shar
ed e
quip
men
t.
EXA
MPL
E: F
or th
e m
ulti-
units
pla
nt w
hen
two
or m
ore
units
shar
e th
e sa
me
build
ing
(e.g
. tur
bine
hal
l) IE
s occ
urre
d at
one
uni
t may
aff
ect n
orm
al o
pera
tion
of
the
othe
r uni
t.
CO
MM
ENT:
Mul
ti-un
its in
itiat
ors m
ay in
clud
e th
e ev
ents
occ
urre
d bo
th a
t the
ne
arby
uni
ts a
nd a
t the
uni
t und
er c
onsi
dera
tion.
The
mai
n fe
atur
e of
thes
e in
itiat
ors t
hat t
hey
affe
ct se
vera
l uni
ts e
ither
by
caus
ing
the
dist
urba
nce
on th
e ne
arby
uni
t or b
y sh
arin
g co
mm
on e
quip
men
t. Th
e la
st fe
atur
e is
impo
rtant
for I
E gr
oupi
ng ta
sk (S
ee T
able
4.2
-C, G
ener
al A
ttrib
ute
IE-C
08).
IE-A
12
The
even
ts d
ealin
g w
ith fa
ilure
s of i
ndiv
idua
l sup
port
syst
ems (
or tr
ains
) tha
t can
ca
use
a pl
ant t
rip a
re in
clud
ed in
the
list o
f IEs
. C
OM
MEN
T: F
ailu
res o
f sup
port
syst
em tr
ain(
s) th
at m
ay c
ause
an
initi
atin
g ev
ent
shou
ld b
e in
clud
ed in
the
IE li
st in
add
ition
to th
e fa
ilure
of w
hole
syst
em.
If o
nly
the
failu
re o
f who
le su
ppor
t sys
tem
is in
clud
ed in
the
IE li
st a
s a si
ngle
mos
t co
nser
vativ
e ev
ent,
the
freq
uenc
y of
such
eve
nts m
ay b
e un
dere
stim
ated
.
IE-A
13
The
list o
f pot
entia
l ini
tiatin
g ev
ents
is d
evel
oped
bas
ed o
n th
e re
sults
of t
he
anal
yses
with
in th
e ta
sk IE
-A.
23
T
able
4.2
-B
Att
ribu
tes f
or IE
Ana
lysi
s: T
ask
IE-B
‘IE
Scr
eeni
ng a
nd F
inal
IEs L
ist I
dent
ifica
tion’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Sp
ecia
l Attr
ibut
es (i
n Ita
lics)
IE-B
A
ll id
entif
ied
even
ts a
re su
bjec
ted
to a
scre
enin
g an
alys
is in
ord
er to
scre
en o
ut e
vent
s not
ap
plic
able
for t
he u
nit u
nder
con
side
ratio
n an
d to
com
pile
a fi
nal l
ist o
f IEs
.
IE-B
01
The
even
ts a
re sc
reen
ed o
ut fr
om th
e lis
t of I
Es a
nd e
limin
ated
from
furth
er c
onsi
dera
tion
only
if c
ompl
ianc
e w
ith o
ne o
f the
follo
win
g cr
iteria
is ju
stifi
ed:
a) T
he e
vent
doe
s not
cor
resp
ond
to th
e ac
cept
ed IE
def
initi
on.
b) T
he e
vent
doe
s not
cor
resp
ond
to th
e sc
ope
of th
e PS
A.
c) T
he fr
eque
ncy
of th
e ev
ent i
s les
s tha
n th
e tru
ncat
ion
valu
e re
late
d to
the
freq
uenc
y of
a
sign
ifica
nt a
ccid
ent s
eque
nce,
and
the
even
t doe
s not
invo
lve
eith
er a
n IS
LOC
A,
cont
ainm
ent b
ypas
s, or
reac
tor p
ress
ure
vess
el ru
ptur
e. F
or th
ese
even
ts th
e tru
ncat
ion
valu
e is
at l
east
one
ord
er o
f mag
nitu
de lo
wer
than
the
trunc
atio
n va
lue
acce
pted
in th
e PS
A.
d) T
he re
sulti
ng re
acto
r shu
tdow
n is
not
an
imm
edia
te o
ccur
renc
e. T
hat i
s, th
e ev
ent d
oes
not r
equi
re th
e pl
ant t
o tra
nsfe
r to
shut
dow
n co
nditi
ons u
ntil
suff
icie
nt ti
me
has e
xpire
d du
ring
whi
ch th
e in
itiat
ing
even
t con
ditio
ns, w
ith a
hig
h de
gree
of c
erta
inty
(bas
ed o
n su
ppor
ting
calc
ulat
ions
), ar
e de
tect
ed a
nd c
orre
cted
bef
ore
norm
al p
lant
ope
ratio
n is
cu
rtaile
d (e
ither
adm
inis
trativ
ely
or a
utom
atic
ally
).
RA
TIO
NA
LE: T
he e
vent
s sho
uld
not b
e sc
reen
ed o
ut if
a p
oten
tial f
or a
hi
gh L
evel
-2 c
ontri
butio
n is
reco
gniz
ed.
Sp
ecia
l Attr
ibut
e IE
-B01
-S1:
Ev
ents
with
freq
uenc
y be
low
the
trun
catio
n va
lue
are
revi
site
d in
the
scre
enin
g pr
oces
s and
reta
ined
in th
e lis
t of I
Es to
iden
tify
a w
ider
ra
nge
of p
ossi
ble
haza
rds.
EXAM
PLE:
Cha
nges
in p
lant
test
and
mai
nten
ance
pra
ctic
e m
ay le
ad to
an
incr
ease
of t
he fr
eque
ncie
s of t
hese
IEs.
Excl
usio
n of
IEs o
f thi
s typ
e m
ay m
ask
thei
r pot
entia
l im
port
ance
for c
erta
in a
pplic
atio
ns.
IE-B
02
IEs,
the
freq
uenc
ies o
f whi
ch sh
ould
be
asse
ssed
by
FT m
odel
ling,
are
iden
tifie
d (e
.g.
supp
ort s
yste
m fa
ilure
s, C
CI,
etc.
). R
ATI
ON
ALE
: Fau
lt tre
e m
odel
ling
allo
ws t
o pr
oper
ly ta
ke in
to a
ccou
nt
supp
ort o
r aux
iliar
y sy
stem
dep
ende
ncie
s and
com
preh
ensi
vely
acc
ount
fo
r diff
eren
t cau
sal m
echa
nism
s to
estim
ate
IEs f
requ
enci
es.
IE-B
03
The
final
list
of I
Es is
dev
elop
ed. A
ll ev
ents
, whi
ch w
ere
not s
cree
ned
out a
re in
clud
ed in
th
e fin
al li
st.
24
T
able
4.2
-C
Att
ribu
tes f
or IE
Ana
lysi
s: T
ask
IE-C
‘IE
Gro
upin
g’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
IE-C
IE
s are
gro
uped
in se
para
te g
roup
s with
sim
ilar m
itiga
tion
requ
irem
ents
for a
ll IE
s in
the
grou
p in
ord
er to
faci
litat
e an
eff
icie
nt, b
ut re
alis
tic e
stim
atio
n of
CD
F (e
.g. m
anag
eabl
e nu
mbe
r of a
ccid
ent s
eque
nce
mod
el a
nd su
ffic
ient
info
rmat
ion
for f
requ
ency
est
imat
ion)
.
The
diffe
rent
IE g
roup
s are
cha
ract
eriz
ed b
y di
ffer
ent i
mpa
cts o
n pl
ant p
erfo
rman
ce, s
afet
y fu
nctio
ns, a
nd p
ossi
bilit
ies f
or re
cove
ry.
CO
MM
ENT:
IEs a
re g
roup
ed in
sepa
rate
gro
up if
it is
impo
rtant
for
spec
ific
appl
icat
ion
IE-C
01
A st
ruct
ured
, sys
tem
atic
pro
cess
for g
roup
ing
the
initi
atin
g ev
ents
is u
sed.
The
acc
iden
t pr
ogre
ssio
ns a
nd su
cces
s crit
eria
are
iden
tifie
d fo
r eac
h of
the
IE (a
vaila
ble
ther
mal
hy
drau
lic a
naly
sis a
nd e
xper
t jud
gmen
t is u
sed)
. (Se
e al
so S
ectio
ns 5
and
6).
RA
TIO
NA
LE: G
roup
ing
can
be p
erfo
rmed
onl
y ba
sed
on si
mila
rity
of
acci
dent
pro
gres
sion
and
succ
ess c
riter
ia o
f all
even
t inc
lude
d in
the
grou
p.
IE-C
02
Initi
atin
g ev
ents
are
gro
uped
in a
sing
le g
roup
onl
y w
hen
the
follo
win
g ca
n be
ass
ured
:
- Ev
ents
hav
e th
e sa
me
safe
and
uns
afe
end
stat
es a
nd le
ad to
sim
ilar a
ccid
ent
prog
ress
ion
in te
rms o
f pla
nt re
spon
se, s
ucce
ss c
riter
ia, t
imin
g, a
nd th
e ef
fect
on
the
oper
abili
ty o
f rel
evan
t miti
gatin
g sy
stem
s and
ope
rato
rs p
erfo
rman
ce; o
r
- Ev
ents
can
be
subs
umed
into
a g
roup
and
bou
nded
by
the
wor
st c
ase
impa
cts w
ithin
th
e ‘n
ew’ g
roup
.
RA
TIO
NA
LE: M
eetin
g of
the
requ
ired
cond
ition
s ens
ures
that
any
sp
ecifi
c fe
atur
e of
the
IE in
clud
ed in
the
grou
p w
as n
ot tr
eate
d in
op
timis
tic m
anne
r and
ther
efor
e no
pot
entia
l ins
ight
s of t
he P
SA a
re
over
look
ed.
CO
MM
ENT:
Tho
se IE
s tha
t hav
e si
gnifi
cant
ly d
iffer
ent e
nviro
nmen
tal
impa
ct o
r cou
ld h
ave
mor
e se
vere
radi
onuc
lide
rele
ase
pote
ntia
l are
gr
oupe
d se
para
tely
from
oth
er in
itiat
ing
even
t cat
egor
ies.
EXA
MPL
E: S
uch
initi
ator
s as i
nter
faci
ng sy
stem
s LO
CA
, SG
tube
ru
ptur
es, h
igh-
ener
gy st
eam
line
bre
aks o
utsi
de c
onta
inm
ent a
re u
sual
ly
mod
elle
d as
a se
para
te g
roup
s.
Sp
ecia
l Attr
ibut
e IE
-C02
-S1:
IE
with
a re
lativ
ely
low
freq
uenc
y, b
ut m
ore
seve
re a
ccid
ent
prog
ress
ion
and
mor
e de
man
ding
succ
ess c
rite
ria
(com
pari
ng to
the
othe
r IEs
in th
e gr
oup)
is in
clud
ed in
a se
para
te IE
gro
up.
RATI
ON
ALE:
For
cer
tain
app
licat
ions
a re
alis
tic re
pres
enta
tion
of p
lant
re
spon
se to
war
ds se
vere
IEs w
ith lo
w fr
eque
ncy
is re
quir
ed.
Sp
ecia
l Attr
ibut
e IE
-C02
-S2:
If
the
sign
als f
or a
ctua
tion
of a
t lea
st o
ne m
itiga
tion
syst
em a
re d
iffer
ent
for d
iffer
ent I
Es, t
hese
IEs a
re in
clud
ed in
sepa
rate
gro
ups.
RATI
ON
ALE :
For
cer
tain
app
licat
ions
a re
alis
tic re
pres
enta
tion
of th
e pl
ant r
espo
nse
tow
ards
IEs w
ith d
iffer
ent s
igna
ls fo
r sys
tem
s act
uatio
n an
d op
erat
ion
is im
port
ant.
EXAM
PLE:
SLO
CA
and
Pres
suri
zer s
team
leak
may
hav
e di
ffere
nt
sign
als f
or a
ctua
tion
of H
PEC
C p
umps
(e.g
. low
pre
ssur
e an
d lo
w le
vel i
n pr
essu
rize
r for
SLO
CA
and
only
low
pre
ssur
e in
pre
ssur
ize
for
pres
suri
zer l
eak)
.
25
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
IE-C
03
IEs a
re in
clud
ed in
sepa
rate
gro
ups i
f diff
eren
t ope
rato
r act
ions
or c
ondi
tions
for o
pera
tor
actio
ns in
term
s of i
nfor
mat
ion
avai
labl
e, ti
me
win
dow
s, en
viro
nmen
tal c
ondi
tions
, and
pr
oced
ural
requ
irem
ents
exi
st.
EXA
MPL
E: E
vent
s req
uirin
g IS
LOC
A is
olat
ion
shou
ld b
e co
nsid
ered
se
para
tely
for e
ach
ISLO
CA
pat
h if
diff
eren
t iso
latio
n po
ssib
ilitie
s are
av
aila
ble.
IE-C
04
Plan
t spe
cific
ther
mal
hyd
raul
ic a
naly
ses s
uppo
rting
acc
iden
t seq
uenc
e m
odel
ling
and
succ
ess c
riter
ia d
efin
ition
for t
he re
pres
enta
tive
IE in
eac
h gr
oup
are
perf
orm
ed.
In c
ase
the
succ
ess c
riter
ia fo
r fre
quen
t eve
nts i
nclu
ded
in th
e gr
oup
are
muc
h le
ss se
vere
th
an su
cces
s crit
eria
for t
he re
pres
enta
tive
IE, t
he e
vent
s sho
uld
be g
roup
ed d
iffer
ently
. (S
ee a
lso
IE-C
02-S
1.)
RA
TIO
NA
LE: T
his a
ttrib
ute
help
s to
avoi
d ex
cess
ive
cons
erva
tism
.
IE-C
05
Each
com
mon
cau
se in
itiat
or is
con
side
red
as a
sepa
rate
gro
up.
RA
TIO
NA
LE: G
roup
ing
of th
is ty
pe o
f eve
nts c
ould
mas
k th
e in
sigh
ts
for c
erta
in a
pplic
atio
ns.
IE-C
06
‘Mul
tiple
-uni
ts in
itiat
ors’
aff
ectin
g sy
stem
s/eq
uipm
ent s
hare
d be
twee
n se
vera
l uni
ts a
re
cons
ider
ed a
s sep
arat
e gr
oups
. R
ATI
ON
ALE
: The
cap
acity
of m
itiga
tion
syst
ems m
ay b
e si
gnifi
cant
ly
diffe
rent
whe
n m
ore
than
one
uni
t is a
ffect
ed b
y th
e IE
.
EXA
MPL
E: C
omm
on c
oold
own
syst
em a
t VV
ER-4
40/2
30 c
ould
not
pr
ovid
e ef
ficie
nt c
oolin
g if
both
uni
ts a
re p
ut in
to sh
utdo
wn
cond
ition
s si
mul
tane
ousl
y.
IE-C
07
The
IEs,
for w
hich
the
stra
tegy
of a
ccid
ent m
itiga
tion
depe
nds o
n th
e pl
ace
of th
eir
orig
inat
ion
(e.g
. diff
eren
t pos
sibi
litie
s for
leak
isol
atio
n or
diff
eren
t im
pact
on
oper
atio
n of
ot
her e
quip
men
t), a
re c
onsi
dere
d in
sepa
rate
gro
ups u
nles
s the
impa
ct is
bou
nded
by
the
wor
st-c
ase
loca
tion.
EXA
MPL
ES:
1) F
or so
me
plan
ts, w
here
LO
CA
isol
atio
n is
pos
sibl
e, L
OC
A in
isol
able
an
d no
n-is
olab
le p
arts
can
be
cons
ider
ed.
2) F
or st
eam
lines
bre
aks o
utsi
de a
nd in
side
con
tain
men
t, th
e en
viro
nmen
tal c
ondi
tions
impo
rtant
for o
pera
tion
of o
ther
equ
ipm
ent m
ay
be si
gnifi
cant
ly d
iffer
ent.
IE-C
08
A li
st o
f IE
grou
ps is
com
pile
d. A
repr
esen
tativ
e IE
for f
urth
er m
odel
ling
of e
ach
IE g
roup
is
sele
cted
. The
stric
test
feat
ures
in te
rms o
f acc
iden
t pro
gres
sion
and
succ
ess c
riter
ia o
f an
IE in
clud
ed in
the
grou
p ar
e as
sign
ed fo
r the
repr
esen
tativ
e IE
.
CO
MM
ENT:
The
hyp
othe
tical
IE th
at c
ombi
nes t
he w
orst
suc
cess
crit
eria
of
all
IEs i
n th
e gr
oup
may
be
cons
truct
ed fo
r fur
ther
ana
lysi
s.
26
T
able
4.2
-D
Att
ribu
tes f
or IE
Ana
lysi
s: T
ask
IE-D
‘Col
lect
ing
and
Eva
luat
ing
Gen
eric
Info
rmat
ion
for
IE F
requ
enci
es A
sses
smen
t’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
IE-D
G
ener
ic in
form
atio
n re
quire
d to
per
form
the
IE fr
eque
ncie
s ass
essm
ent i
s col
lect
ed.
Gen
eric
info
rmat
ion
is e
valu
ated
rega
rdin
g its
app
licab
ility
. App
licab
le g
ener
ic so
urce
s are
se
lect
ed fo
r eac
h IE
/IE g
roup
.
CO
MM
ENT:
Gen
eric
info
rmat
ion
is n
eede
d w
hen
plan
t spe
cific
dat
a is
no
t ava
ilabl
e, a
s wel
l as f
or th
e pu
rpos
e of
Bay
esia
n up
datin
g.
IE-D
01
Gen
eric
info
rmat
ion
requ
ired
for t
he IE
freq
uenc
y es
timat
ion
is c
olle
cted
in o
rder
to
acco
unt f
or a
bro
ader
exp
erie
nce.
Bas
ical
ly th
e fo
llow
ing
gene
ric in
form
atio
n da
ta is
requ
ired:
a)
Num
ber o
f IEs
ver
sus p
lant
ope
ratio
nal t
ime.
b)
Freq
uenc
ies o
f IE
for r
are
even
ts.
c)
Des
crip
tion
of th
e m
etho
ds u
sed
and
cond
ition
s und
er w
hich
gen
eric
info
rmat
ion
was
ob
tain
ed.
d)
Uni
t typ
e w
here
dat
a ca
me
from
(i.e
. pla
nt d
esig
n)
e)
IE d
efin
ition
and
bou
ndar
y co
nditi
ons i
n ge
neric
sour
ces
f)
Uni
t ope
ratin
g m
ode
to w
hich
IE re
cord
ed is
rela
ted
The
sour
ces o
f gen
eric
dat
a an
d th
e pr
oces
s of t
he d
eriv
atio
n of
gen
eric
IE fr
eque
ncie
s es
timat
es a
re id
entif
ied
and
desc
ribed
. The
IE d
efin
ition
s and
bou
ndar
y co
nditi
ons a
re
eval
uate
d in
the
view
of c
onsi
sten
cy w
ith th
e ev
ents
det
erm
ined
in th
e ta
sk IE
-B.
Gen
eric
info
rmat
ion
is tr
aced
to th
e pr
imar
y so
urce
to a
void
inad
verte
nt d
oubl
e co
untin
g of
in
form
atio
n an
d to
ass
ure
that
no
info
rmat
ion
from
the
plan
t is c
onta
ined
in th
e ge
neric
in
form
atio
n. T
his i
s im
porta
nt fr
om th
e vi
ewpo
int o
f con
sist
ent B
ayes
ian
upda
ting.
(See
al
so T
able
4.2
-H, T
ask
IE-H
).
RA
TIO
NA
LE: A
pplic
abili
ty o
f dat
a fr
om p
lant
s of d
iffer
ent d
esig
n sh
ould
be
inve
stig
ated
and
bou
ndar
ies o
f the
IEs i
n th
e ge
neric
sour
ce
shou
ld b
e co
mpa
red
with
pla
nt-s
peci
fic IE
s bou
ndar
ies
IE-D
02
The
colle
ctio
n an
d ev
alua
tion
of g
ener
ic in
form
atio
n in
clud
e an
und
erst
andi
ng a
nd
asse
ssm
ent o
f the
app
licab
ility
and
the
unce
rtain
ty in
the
orig
inal
dat
a.
RA
TIO
NA
LE: I
nfor
mat
ion
on th
e un
certa
inty
of g
ener
ic d
ata
supp
orts
th
e de
cisi
on o
n th
e ap
plic
abili
ty o
f the
gen
eric
dat
a fo
r Bay
esia
n up
datin
g w
ith p
lant
spec
ific
data
.
IE-D
03
The
gene
ric in
form
atio
n co
llect
ed is
eva
luat
ed in
ord
er to
iden
tify
the
info
rmat
ion
appl
icab
le fo
r a sp
ecifi
c IE
and
/or I
E gr
oup.
R
ATI
ON
ALE
: In
case
app
licab
ility
of g
ener
ic d
ata
to th
e pl
ant s
peci
fic
IEs i
s not
just
ified
, spe
cial
con
side
ratio
n sh
ould
be
give
n on
the
poss
ibili
ty to
app
ly B
ayes
ian
upda
ting
proc
ess.
27
T
able
4.2
-E
Att
ribu
tes f
or IE
Ana
lysi
s: T
ask
IE-E
‘Col
lect
ing
of P
lant
-Spe
cific
Info
rmat
ion’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
IE-E
Pl
ant-s
peci
fic in
form
atio
n re
quire
d to
per
form
IE fr
eque
ncie
s ass
essm
ent i
s col
lect
ed in
ac
cord
ance
with
the
IEs l
ists
des
crib
ed in
the
attri
bute
s of t
he ta
sk IE
-B a
nd IE
gro
upin
g ou
tline
d in
the
attri
bute
s of I
E-C
.
IE-E
01
Plan
t-spe
cific
ope
ratio
nal i
nfor
mat
ion
in a
ccor
danc
e w
ith th
e IE
s lis
ts re
fere
nced
in th
e at
tribu
tes o
f the
task
s IE-
B a
nd IE
-C is
col
lect
ed.
RA
TIO
NA
LE: P
lant
spec
ific
even
ts a
re c
olle
cted
in o
rder
to p
rovi
de
info
rmat
ion,
whi
ch is
pla
nt sp
ecifi
c an
d re
flect
s pla
nt d
esig
n an
d op
erat
iona
l fea
ture
s.
IE-E
02
The
data
base
con
tain
ing
info
rmat
ion
on e
vent
s and
pla
nt o
pera
tiona
l his
tory
is c
reat
ed, w
ith
the
poss
ibili
ty to
ext
ract
the
follo
win
g da
ta:
- nu
mbe
r of I
Es fo
r eac
h IE
gro
up;
- nu
mbe
r of p
recu
rsor
s for
the
IEs;
- nu
mbe
r of r
un-b
ack
even
ts;
- un
it op
erat
ion
mod
e;
- du
ratio
n of
IE (e
.g. f
or o
ffsi
te p
ower
);
- tim
e pe
riod
of d
ata
colle
ctio
n;
- de
scrip
tion
of th
e ev
ent.
CO
MM
ENT:
Dur
atio
n of
an
IE m
ay b
e im
porta
nt fo
r est
imat
ion
of
freq
uenc
ies o
f the
IEs o
f cer
tain
dur
atio
n (i.
e. L
OO
P IE
).
IE-E
03
Whe
n sy
stem
mod
els f
or in
itiat
ing
even
ts fr
eque
ncy
asse
ssm
ent a
re u
sed,
the
appr
opria
te
syst
em in
form
atio
n is
col
lect
ed. (
See
also
Tab
le 7
.2-C
, Gen
eral
Attr
ibut
e SY
-C08
, and
Ta
ble
10.2
-D, T
ask
DF-
D).
28
T
able
4.2
-F
Att
ribu
tes f
or IE
Ana
lysi
s: T
ask
IE-F
‘Han
dlin
g of
Eff
ects
of P
lant
Mod
ifica
tions
’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
IE-F
D
iffer
ence
s bet
wee
n hi
stor
ical
pla
nt a
vaila
bilit
y ov
er th
e pe
riod
of e
vent
occ
urre
nces
in th
e pl
ant d
atab
ase
and
pres
ent p
lant
ava
ilabi
lity,
whi
ch c
ould
be
diffe
rent
from
his
toric
al
valu
es, a
re a
ccou
nted
for.
IE-F
01
Col
lect
ed in
form
atio
n on
pla
nt-s
peci
fic IE
s is c
heck
ed fo
r whe
ther
the
caus
es fo
r the
IEs
are
appl
icab
le fo
r the
act
ual p
lant
con
ditio
ns.
RA
TIO
NA
LE: I
f the
pla
nt c
hang
es m
ake
the
IEs t
hat h
appe
ned
in th
e pa
st
inap
plic
able
to th
e ac
tual
pla
nt s
tate
then
the
anal
ysis
of t
he im
pact
of t
he
chan
ges
and
asse
ssm
ent o
f the
hyp
othe
tical
eff
ect o
n th
e hi
stor
ical
dat
a to
de
term
ine
to w
hat e
xten
t the
dat
a ca
n be
use
d sh
ould
be
perf
orm
ed.
IE-F
02
Plan
t mod
ifica
tions
/cha
nges
are
eva
luat
ed in
ord
er to
iden
tify
whe
ther
the
prec
urso
rs a
nd
run-
back
eve
nts h
appe
ned
in th
e pa
st m
ay c
ause
an
IE fo
r the
act
ual p
lant
con
ditio
ns.
RA
TIO
NA
LE: S
ee IE
-F01
.
IE-F
03
The
ratio
nale
for s
cree
ning
or d
isre
gard
ing
plan
t-spe
cific
dat
a is
just
ified
(e.g
. pla
nt d
esig
n m
odifi
catio
ns, c
hang
es in
ope
ratin
g pr
actic
es).
RA
TIO
NA
LE: S
ee IE
-F01
.
IE-F
04
The
excl
usio
n of
ear
lier y
ears
that
are
not
repr
esen
tativ
e of
cur
rent
dat
a is
just
ified
. R
ATI
ON
ALE
: Thi
s attr
ibut
e he
lps t
o av
oid
exce
ssiv
e co
nser
vatis
m.
Act
ual e
xper
ienc
e sh
ows t
hat d
urin
g fir
st y
ears
of p
lant
ope
ratio
n a
num
ber o
f IEs
sign
ifica
ntly
hig
her t
han
afte
r cer
tain
per
iod.
Sp
ecia
l Attr
ibut
e IE
-F04
-S1:
Tim
e tr
end
anal
ysis
is u
sed
to a
ccou
nt fo
r est
ablis
hed
tren
ds, e
.g.
decr
easi
ng re
acto
r tri
p ra
tes i
n re
cent
yea
rs.
RATI
ON
ALE :
Tim
e tr
end
anal
ysis
may
be
impo
rtan
t for
cer
tain
ap
plic
atio
ns.
EXAM
PLE:
Ris
k ev
alua
tion
of th
e m
easu
res i
mpl
emen
ted
with
the
aim
to
elim
inat
e sp
ecifi
c IE
s.
IE-F
05
An
anal
ysis
aim
ed to
iden
tify
whe
ther
new
IEs a
re in
trodu
ced
by p
lant
m
odifi
catio
ns/c
hang
es is
per
form
ed.
EXA
MPL
E: R
epla
cem
ent o
f ana
logu
e by
dig
ital I
&C
may
lead
to
intro
duci
ng o
f new
IEs.
29
T
able
4.2
-G
Att
ribu
tes f
or IE
Ana
lysi
s: T
ask
IE-G
‘IE
Fre
quen
cies
Qua
ntifi
catio
n’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
IE-G
Fr
eque
ncy
of in
divi
dual
IE a
nd/o
r IE
grou
p is
ass
esse
d ba
sed
on re
leva
nt g
ener
ic in
dust
ry
and
plan
t-spe
cific
evi
denc
e. W
here
feas
ible
, gen
eric
and
pla
nt-s
peci
fic e
vide
nce
is
inte
grat
ed u
sing
acc
epta
ble
met
hods
to o
btai
n pl
ant-s
peci
fic IE
freq
uenc
y es
timat
es. I
E fr
eque
ncy
estim
atio
n is
acc
ompa
nied
by
a ch
arac
teriz
atio
n of
the
unce
rtain
ty.
IE-G
01
Initi
atin
g ev
ent f
requ
enci
es a
re c
alcu
late
d ta
king
into
acc
ount
the
frac
tion
of ti
me
the
plan
t is a
t pow
er.
RA
TIO
NA
LE: U
se o
f cal
enda
r yea
rs fo
r fre
quen
cy e
stim
atio
n fo
r the
PSA
at
pow
er o
pera
tion
lead
s to
unde
rest
imat
ion
of th
e IE
freq
uenc
ies.
IE-G
02
Rea
listic
IE fr
eque
ncy
estim
ates
are
cal
cula
ted
usin
g B
ayes
ian
upda
tes w
here
feas
ible
. Pr
ior d
istri
butio
ns a
re se
lect
ed a
s eith
er n
on-in
form
ativ
e, o
r rep
rese
ntat
ive
of v
aria
bilit
y in
indu
stry
dat
a.
IE-G
03
For r
are
initi
atin
g ev
ents
, the
indu
stry
gen
eric
dat
a is
use
d w
ith a
ccou
nt fo
r pla
nt-
spec
ifics
. R
ATI
ON
ALE
: Use
of B
ayes
ian
upda
ting
with
zer
o pl
ant-s
peci
fic st
atis
tics
shou
ld b
e pe
rfor
med
with
car
e in
ord
er to
avo
id d
oubl
e co
untin
g of
the
expo
sure
tim
e po
tent
ially
acc
ount
ed in
indu
stry
gen
eric
dat
a.
CO
MM
ENT:
‘Rar
e ev
ent’
is a
n ev
ent t
hat m
ight
be
expe
cted
to o
ccur
onc
e or
a fe
w ti
mes
thro
ugho
ut th
e w
orld
nuc
lear
indu
stry
exp
erie
nce.
IE-G
04
For e
xtre
mel
y ra
re in
itiat
ing
even
ts a
n en
gine
erin
g ju
dgm
ent i
s use
d, a
ugm
ente
d w
ith
appl
icab
le g
ener
ic d
ata
sour
ces a
nd sp
ecifi
c an
alys
is (e
.g. s
truct
ural
mec
hani
cs m
etho
ds,
etc.
).
RA
TIO
NA
LE: U
se o
f any
stat
istic
al a
naly
sis m
etho
ds (i
.e. t
he B
ayes
ian
upda
ting)
cou
ld n
ot p
rodu
ce u
sefu
l res
ults
for t
he ‘e
xtre
mel
y ra
re’ e
vent
s du
e to
pra
ctic
al a
bsen
ts o
f sta
tistic
al in
form
atio
n.
CO
MM
ENT:
‘Ext
rem
ely
rare
eve
nt’ i
s an
even
t tha
t wou
ld n
ot b
e ex
pect
ed
to o
ccur
eve
n on
ce th
roug
hout
the
indu
stry
exp
erie
nce.
IE-G
05
Gen
eric
and
pla
nt sp
ecifi
c da
ta a
re u
sed
in a
just
ifiab
le m
anne
r. W
hen
the
Bay
esia
n ap
proa
ch is
use
d to
der
ive
a di
strib
utio
n an
d m
ean
valu
e of
IE fr
eque
ncy,
the
chec
k is
m
ade
that
the
post
erio
r dis
tribu
tions
der
ived
are
reas
onab
le g
iven
the
prio
r dis
tribu
tions
an
d th
e pl
ant s
peci
fic e
vide
nce.
CO
MM
ENT:
If th
e es
timat
or fo
r the
mea
n va
lue
of a
par
amet
er b
ased
on
plan
t evi
denc
e is
out
side
of a
95%
con
fiden
ce in
terv
al a
roun
d th
e m
edia
n va
lue
of th
e pr
ior d
istri
butio
n th
e ap
plic
abili
ty o
f tha
t par
ticul
ar p
rior d
ata
and
dist
ribut
ion
shou
ld b
e re
cons
ider
ed re
gard
ing
its a
pplic
abili
ty to
the
initi
atin
g ev
ent u
nder
con
side
ratio
n.
30
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
IE-G
06
Whi
le u
sing
syst
em m
odel
s for
initi
atin
g ev
ents
freq
uenc
y as
sess
men
t the
syst
em m
odel
s ar
e m
odifi
ed in
such
a w
ay th
at (S
ee a
lso
Tabl
e 4.
2-B
, Gen
eral
Attr
ibut
e IE
-B02
):
- IE
freq
uenc
ies a
re q
uant
ified
(rat
her t
han
prob
abili
ties)
.
- A
ll re
leva
nt c
ombi
natio
ns o
f eve
nts i
nvol
ving
the
annu
al fr
eque
ncy
of o
ne
com
pone
nt fa
ilure
com
bine
d w
ith th
e un
avai
labi
lity
(or f
ailu
re d
urin
g th
e re
pair
time
of th
e fir
st c
ompo
nent
) of o
ther
com
pone
nts a
re c
aptu
red.
- Pr
obab
ility
of s
purio
us a
ctua
tion
of th
e eq
uipm
ent a
nd C
CF
are
cons
ider
ed a
nd
acco
unte
d fo
r.
- Sp
urio
us a
ctua
tion
of th
e eq
uipm
ent a
nd p
assi
ve fa
ilure
s not
con
side
red
in th
e PS
A
mod
el a
re in
clud
ed in
the
mod
el.
- Su
ppor
t sys
tem
failu
res a
re in
clud
ed in
the
mod
el (u
nles
s the
supp
ort s
yste
m is
an
own
initi
ator
).
- Pr
e-ac
cide
nt h
uman
err
ors a
re in
clud
ed in
the
mod
el.
- Im
pact
of n
earb
y un
its is
acc
ount
ed fo
r.
RA
TIO
NA
LE: T
his a
ttrib
ute
help
s to
avoi
d un
dere
stim
atio
n of
IE
freq
uenc
ies f
or th
e IE
s tre
ated
with
the
use
of F
T m
odel
ling
tech
niqu
e.
CO
MM
ENT:
It i
s im
porta
nt to
cor
rect
ly m
odel
in F
Ts th
e fo
llow
ing
aspe
cts o
f sys
tem
ope
ratio
n:
- po
ssib
ilitie
s for
reco
very
of t
he re
dund
ant e
quip
men
t; -
mis
sion
tim
e co
rres
pond
ing
to a
ctua
l sys
tem
(com
pone
nt)
oper
atin
g tim
e w
ithin
a y
ear,
incl
udin
g C
CF
(e.g
. 800
0 h
inst
ead
of
24 h
use
d in
the
acc
iden
t seq
uenc
es a
naly
ses)
, etc
.
IE-G
07
Each
syst
em a
lignm
ent a
nd a
lignm
ents
of s
uppo
rting
syst
ems t
hat c
ould
influ
ence
the
likel
ihoo
d th
at fa
ilure
s cau
se a
n in
itiat
ing
even
t, or
mag
nify
the
seve
rity
of th
e ch
alle
nge
to p
lant
safe
ty fu
nctio
ns th
at w
ould
resu
lt fr
om su
ch a
n ev
ent i
s acc
ount
ed fo
r.
RA
TIO
NA
LE: R
ealig
nmen
t of t
he e
quip
men
t may
lead
to in
crea
se o
f the
fr
eque
ncy
of s
yste
m fa
ilure
s cau
sing
the
IE.
EXA
MPL
E: A
t som
e pl
ants
dur
ing
test
of r
eact
or p
rote
ctio
n sy
stem
one
sy
stem
trai
n is
out
of o
pera
tion.
Dur
ing
this
per
iod
the
syst
em c
onfig
urat
ion
(2 o
ut o
f 3) c
hang
es (1
out
of 2
), w
hich
may
lead
to a
sign
ifica
nt in
crea
se in
th
e fr
eque
ncy
of sp
urio
us a
ctua
tion
of th
e re
acto
r scr
am.
IE-G
08
In th
e IS
LOC
A fr
eque
ncy
anal
ysis
, tho
se fe
atur
es o
f pla
nt a
nd p
roce
dure
s tha
t cou
ld
sign
ifica
ntly
influ
ence
the
ISLO
CA
freq
uenc
y ar
e ac
coun
ted
for.
EXA
MPL
E: A
bsen
ce o
f tes
t pos
sibi
lity
for o
ne c
heck
val
ve in
the
sequ
ence
of
two
lead
to si
gnifi
cant
incr
ease
of t
he e
vent
with
leak
age
due
to h
igh
prob
abili
ty th
at th
e se
cond
che
ck v
alve
s is i
n th
e fa
iled
stat
e.
IE-G
09
The
freq
uenc
y of
IEs,
for w
hich
the
stra
tegy
of a
ccid
ent m
itiga
tion
depe
nds o
n th
e pl
ace
of th
eir o
rigin
atio
n (e
.g. d
iffer
ent p
ossi
bilit
ies f
or le
ak is
olat
ion
or d
iffer
ent i
mpa
ct o
n op
erat
ion
of o
ther
equ
ipm
ent),
is e
stim
ated
for t
he sp
ecifi
c lo
catio
n ta
king
into
acc
ount
ge
omet
rical
cha
ract
eris
tics o
f the
NPP
s pip
elin
es.
EXA
MPL
ES:
1) F
or so
me
plan
ts, w
here
SLO
CA
isol
atio
n is
pos
sibl
e, S
LOC
A in
isol
able
an
d no
n-is
olab
le p
art c
an b
e ca
lcul
ated
by
parti
tioni
ng o
f the
tota
l fre
quen
cy
taki
ng in
to a
ccou
nt th
e le
ngth
of t
he p
ipel
ines
bef
ore
and
afte
r the
isol
atio
n va
lve.
2) F
or st
eam
line
s bre
aks,
the
freq
uenc
y of
the
IEs o
ccur
red
insi
de a
nd
outs
ide
cont
ainm
ent c
an b
e ca
lcul
ated
by
parti
tioni
ng o
f the
tota
l IE
freq
uenc
y ta
king
into
acc
ount
the
leng
th o
f the
pip
elin
es in
side
and
out
side
co
ntai
nmen
t.
31
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
IE-G
10
Plan
t-spe
cific
info
rmat
ion
is u
sed
in th
e as
sess
men
t and
qua
ntifi
catio
n of
reco
very
act
ions
w
here
ava
ilabl
e fo
r IE
freq
uenc
ies e
stim
atio
n. T
hese
reco
very
act
ions
shou
ld b
e cl
early
de
fined
in o
rder
to a
void
dou
ble
cred
iting
in IE
freq
uenc
y as
sess
men
t tas
k an
d ac
cide
nt
sequ
ence
mod
ellin
g ta
sk.
RA
TIO
NA
LE: U
se o
f gen
eric
info
rmat
ion
for q
uant
ifica
tion
of th
e re
cove
ry
actio
n fo
r IE
freq
uenc
y es
timat
ion
may
intro
duce
exc
essi
ve
optim
ism
/con
serv
atis
m in
the
resu
lts d
ue to
non
-acc
ount
ing
of p
lant
sp
ecifi
city
:
1) A
bsen
ce/a
vaila
bilit
y of
rele
vant
pro
cedu
res.
2) T
echn
ical
pos
sibi
lity
for r
ecov
ery
actio
n.
3) P
lant
-dep
ende
nt ti
me
mar
gins
for t
he re
cove
ry a
ctio
ns.
EXA
MPL
ES:
1) R
ecov
ery
actio
n fo
r clo
sure
of p
ress
uriz
er sa
fety
val
ves a
fter s
purio
us
open
ing
is d
epen
dent
on
the
actu
al c
ause
of s
purio
us o
peni
ng a
nd d
esig
n of
th
e co
ntro
l circ
uit o
f the
val
ve
2) R
ecov
ery
of th
e of
f-si
te p
ower
dep
ende
nt o
n th
e si
te-s
peci
fic e
xter
nal
grid
cha
ract
eris
tics.
IE-G
11
The
resu
lts o
f the
initi
atin
g ev
ent a
naly
sis a
re c
ompa
red
with
gen
eric
dat
a so
urce
s to
prov
ide
a re
ason
able
ness
che
ck o
f the
qua
ntita
tive
and
qual
itativ
e re
sults
. The
dev
iatio
ns
from
gen
eric
sour
ces a
re re
solv
ed a
nd/o
r exp
lain
ed.
See
CO
MM
ENT
for I
E-G
05.
32
T
able
4.2
-H
Att
ribu
tes f
or IE
Ana
lysi
s: T
ask
IE-H
‘Doc
umen
tatio
n’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
IE-H
D
ocum
enta
tion
and
info
rmat
ion
stor
age
is p
erfo
rmed
in a
man
ner f
acili
tatin
g a
peer
revi
ew,
as w
ell a
s fut
ure
upgr
ades
and
app
licat
ions
of t
he P
SA b
y de
scrib
ing
the
proc
esse
s tha
t w
ere
used
and
pro
vidi
ng d
etai
ls o
f the
met
hods
use
d, a
ssum
ptio
ns m
ade,
and
thei
r bas
es.
IE-H
01
The
follo
win
g is
doc
umen
ted:
I.
IE Id
entif
icat
ion
and
Gro
upin
g:
- IE
def
initi
on.
- Th
e pr
oced
ure
of se
arch
ing
the
spec
ific
initi
atin
g ev
ents
, inc
ludi
ng:
- gen
eric
list
s of I
Es;
- the
ana
lysi
s per
form
ed fo
r sea
rchi
ng p
lant
-uni
que
and
plan
t-spe
cific
initi
ator
s. -
The
appr
oach
for a
sses
sing
the
com
plet
enes
s and
con
sist
ency
of i
nitia
ting
even
ts w
ith
the
plan
t-spe
cific
exp
erie
nce,
indu
stry
exp
erie
nce,
oth
er c
ompa
rabl
e PS
As,
and
gene
ric
initi
atin
g ev
ents
. -
The
ratio
nale
for s
cree
ning
out
initi
ator
s.
- Th
e lis
t of I
Es sc
reen
ed o
ut a
nd sc
reen
ed in
eve
nts.
-
The
basi
s for
gro
upin
g an
d su
bdiv
idin
g in
itiat
ing
even
ts.
- Th
e as
sum
ptio
ns m
ade
to id
entif
y, sc
reen
out
, and
gro
up IE
s. -
The
list o
f IE
grou
ps a
nd p
artic
ular
IEs a
ssig
ned
to.
II. F
requ
enci
es A
sses
smen
t:
- Th
e m
odel
use
d to
eva
luat
e th
e fr
eque
ncy
of e
ach
IE.
- Th
e pr
oces
s for
com
putin
g th
e in
itiat
ing
even
t fre
quen
cies
. -
Sour
ces f
or g
ener
ic e
stim
ates
and
just
ifica
tion
for t
he c
hoic
e of
par
ticul
ar g
ener
ic d
ata
sour
ce(s
). -
The
plan
t-spe
cific
dat
a, in
clud
ing
the
perio
ds, f
or w
hich
pla
nt-s
peci
fic d
ata
wer
e ga
ther
ed fo
r eac
h IE
. -
Just
ifica
tion
for e
xclu
sion
of a
ny d
ata.
-
The
ratio
nale
for a
ny d
istri
butio
ns u
sed
for f
requ
ency
est
imat
ions
. -
Estim
ated
freq
uenc
ies,
incl
udin
g th
e ch
arac
teriz
atio
n of
unc
erta
inty
. -
Pote
ntia
l tim
e de
pend
ent a
spec
ts o
f the
initi
atin
g ev
ent f
requ
enci
es.
- K
ey a
ssum
ptio
ns m
ade
in th
e an
alys
is a
nd th
eir j
ustif
icat
ion
(eng
inee
ring
judg
men
t, sp
ecifi
c an
alys
is, s
tatis
tical
info
rmat
ion,
etc
.).
CO
MM
ENTS
:
1) IE
s fre
quen
cies
mea
n, m
edia
n, 5
% a
nd 9
5% p
erce
ntile
shou
ld b
e as
sess
ed a
nd d
ocum
ente
d.
2) A
ging
of t
he p
lant
shou
ld b
e in
vest
igat
ed fo
r tim
e tre
nds.
33
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
IE-H
02
All
the
unde
rlyin
g da
ta a
nd in
form
atio
n so
urce
s and
ana
lyse
s are
doc
umen
ted
and
stor
ed.
Sp
ecia
l Attr
ibut
e IE
-H02
-S1:
Th
e in
form
atio
n fr
om th
e IE
ana
lysi
s inc
ludi
ng th
e IE
dat
abas
es c
reat
ed
is p
art o
f the
PSA
doc
umen
tatio
n. T
hese
dat
a in
clud
ing
the
data
base
s an
d th
e de
taile
d ba
ckgr
ound
info
rmat
ion
is st
ored
in a
retr
ieva
ble
and
acce
ssib
le e
lect
roni
c fo
rm a
nd fo
rmat
. Due
to th
e am
ount
of
info
rmat
ion
aris
ing
from
the
IE a
naly
sis t
asks
ele
ctro
nic
stor
age
of th
is
info
rmat
ion
is e
ssen
tial f
or m
any
of th
e ap
plic
atio
ns.
CO
MM
ENT:
Ele
ctro
nic
stor
age
of IE
dat
abas
e is
ess
entia
l for
man
y ap
plic
atio
ns.
34
5. PSA ELEMENT ‘AS’: ACCIDENT SEQUENCE ANALYSIS
5.1. Main objectives
The objective of the accident sequence (AS) analysis is to ensure that the response of the plant’s systems and operators to an initiating event is reflected in the assessment of CDF in such a way that:
• Significant operator actions, mitigation systems, and phenomena that influence or determine the course of sequences are appropriately included in the accident sequence model and sequence definition.
• Plant-specific dependencies due to initiating events, human interfaces, functional dependencies, environmental, and spatial impact, and common cause failures are reflected in the accident sequence structure.
• The individual function successes, mission times, and time windows for operator actions for each critical safety function modelled in the accident sequences reflects the success criteria evaluated in accordance with the attributes of Section 6 of this publication.
• End states are clearly defined to be either a core damage or successful prevention with the capability to support the interface between Level-1 and Level-2 PSA.
The important aspects of AS analysis are the following:
• Clear definition of success and non-success end states
• Comprehensive list of key safety functions and systems performing the functions
• Realistic accident progression identification
• Clear presentation of AS models
• Completeness of AS models
• Justification for end states for all ASs. 5.2. Accident sequence analysis tasks and their attributes
Table 5.2 lists the main tasks for the PSA element ‘AS Analysis’. Tables 5.2-A through 5.2-E present the description of general and special attributes for these tasks. Table 5.2 Main Tasks for AS Analysis
Task ID Task Content
AS-A Selection of a Method and Provision of Related Tools for Accident Sequences Modelling
AS-B Definition of Success and Non-Success End States and Key Safety Functions
AS-C Accident Sequences Progression Identification and AS Models Development
AS-D Accident Sequence Success Criteria Definition
AS-E Documentation
35
T
able
5.2
-A A
ttri
bute
s for
AS
Ana
lysi
s: T
ask
AS-
A ‘S
elec
tion
of a
Met
hod
and
Prov
isio
n of
Rel
ated
Too
ls fo
r A
ccid
ent S
eque
nces
Mod
ellin
g’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
AS-
A
The
task
incl
udes
the
sele
ctio
n of
a m
etho
d an
d pr
ovis
ion
of re
late
d to
ols f
or a
ccid
ent
sequ
ence
s mod
ellin
g.
AS-
A01
Th
e m
etho
d ch
osen
for A
ccid
ent S
eque
nce
Ana
lysi
s pro
vide
s for
the
poss
ibili
ty to
ex
plic
itly
mod
el th
e ap
prop
riate
com
bina
tions
of s
yste
m re
spon
ses a
nd o
pera
tor a
ctio
ns th
at
affe
ct th
e ke
y sa
fety
func
tions
for e
ach
mod
elle
d in
itiat
ing
even
t /IE
gro
up a
nd p
rovi
des a
fr
amew
ork
to su
ppor
t seq
uenc
e qu
antif
icat
ion.
The
met
hod
supp
orts
gra
phic
al re
pres
enta
tion
of th
e ac
cide
nt se
quen
ce lo
gic
(e.g
. ‘ev
ent
tree
stru
ctur
e’).
RA
TIO
NA
LE: G
raph
ical
repr
esen
tatio
n of
the
AS
logi
c pr
ovid
es fo
r the
po
ssib
ility
to a
naly
se a
nd re
view
AS
mod
els.
This
feat
ure
is o
f hig
h im
porta
nce
for a
num
ber o
f app
licat
ions
.
36
T
able
5.2
-B
Att
ribu
tes f
or A
S A
naly
sis:
Tas
k A
S-B
‘Def
initi
on o
f Suc
cess
and
Non
-Suc
cess
End
Sta
tes a
nd K
ey S
afet
y Fu
nctio
ns’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
AS-
B
For e
ach
initi
atin
g ev
ent g
roup
the
key
safe
ty fu
nctio
ns th
at a
re n
eces
sary
to re
ach
a su
cces
s en
d st
ate
are
iden
tifie
d. S
ucce
ss a
nd n
on-s
ucce
ss e
nd st
ates
are
cle
arly
def
ined
. (Se
e al
so
Tabl
e 6.
2-A
, Tas
k SC
-A).
AS-
B01
Th
e su
cces
s and
non
-suc
cess
stat
es a
re d
efin
ed in
a m
anne
r tha
t pro
vide
s the
pos
sibi
lity
to
just
ify th
e ac
hiev
emen
t (no
n-ac
hiev
emen
t) of
the
succ
ess e
nd st
ate
for e
ach
acci
dent
se
quen
ce w
ith th
e us
e of
ava
ilabl
e to
ols (
e.g.
ther
mal
hyd
raul
ic a
naly
sis,
test
s and
ex
perim
ents
, etc
.). (S
ee a
lso
Tabl
e 6.
2-A
, Gen
eral
Attr
ibut
e SC
-A01
).
All
end
stat
es a
re id
entif
ied
as su
cces
s or n
on-s
ucce
ss; n
o en
d-st
ate
is u
ndet
erm
ined
.
RA
TIO
NA
LE: U
ndef
ined
end
-sta
tes p
reve
nt a
use
ful i
nter
pret
atio
n of
the
resu
lts.
AS-
B02
Fo
r eac
h in
itiat
ing
even
t gro
up th
e ke
y sa
fety
func
tions
are
iden
tifie
d. S
yste
ms a
nd
proc
edur
ally
dire
cted
ope
rato
r act
ions
requ
ired
to p
erfo
rm sa
fety
func
tions
are
iden
tifie
d fo
r ea
ch IE
gro
up w
ith a
ccou
nt fo
r ava
ilabi
lity
of sp
ecifi
c eq
uipm
ent a
nd c
ondi
tions
for
oper
ator
act
ions
(e.g
. inf
orm
atio
n av
aila
ble
for o
pera
tor,
acce
ptab
ility
for m
anua
lly
cont
rolle
d eq
uipm
ent,
time
win
dow
, etc
.).
For e
ach
safe
ty fu
nctio
n, sy
stem
mod
els a
re d
evel
oped
with
acc
ount
for s
ucce
ss c
riter
ia
defin
ed fo
r spe
cific
IE g
roup
and
AS.
(See
als
o Se
ctio
ns 6
and
7).
AS-
B03
A
just
ifica
tion
for t
he a
chie
vem
ent o
f sta
ble
succ
ess e
nd st
ate
cond
ition
s is p
rovi
ded
for
each
AS
with
acc
ount
of a
ll un
certa
intie
s ass
ocia
ted
with
the
appl
icab
le to
ols.
(See
als
o Ta
ble
6.2-
A, G
ener
al A
ttrib
ute
SC-A
02).
RA
TIO
NA
LE: I
gnor
ing
the
unce
rtain
ties a
ssoc
iate
d w
ith th
e av
aila
ble
tool
s use
d to
just
ify a
chie
vem
ent o
f the
succ
ess e
nd st
ate
may
lead
to lo
ss
of si
gnifi
cant
insi
ght o
f the
PSA
.
Sp
ecia
l Attr
ibut
e AS
-B03
-S1:
Ju
stifi
catio
n fo
r the
ach
ieve
men
t of t
he n
on-s
ucce
ss e
nd st
ate
cond
ition
s is
per
form
ed w
ith th
e us
e of
‘bes
t est
imat
e’ m
odel
s and
pa
ram
eter
s of
the
appl
icab
le ju
stifi
catio
n to
ols.
RATI
ON
ALE:
Use
of c
onse
rvat
ive
para
met
ers f
or ju
stifi
catio
n of
non
-su
cces
s end
stat
es m
ay le
ad to
exc
essi
vely
con
serv
ativ
e co
nsid
erat
ion
of
cert
ain
ASs,
bias
the
resu
lts a
nd in
sigh
ts a
nd m
ake
cert
ain
appl
icat
ions
no
n-cr
edib
le.
37
T
able
5.2
-C
Att
ribu
tes f
or A
S A
naly
sis:
Tas
k A
S-C
‘Acc
iden
t Seq
uenc
es P
rogr
essi
on Id
entif
icat
ion
and
AS
Mod
els D
evel
opm
ent’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
AS-
C
For e
ach
IE g
roup
the
acci
dent
pro
gres
sion
for a
ll se
quen
ces i
s ide
ntifi
ed a
nd ju
stifi
ed. F
or
each
IE g
roup
the
acci
dent
sequ
ence
mod
els a
re d
evel
oped
. AS
mod
els e
xplic
itly
addr
ess
real
istic
pla
nt b
ehav
iour
in re
spon
se to
IE in
term
s of n
orm
al p
lant
syst
ems o
pera
tion,
op
erat
or a
ctio
ns, a
nd m
itiga
tion
syst
ems t
hat s
uppo
rt th
e ke
y sa
fety
func
tions
nec
essa
ry to
ac
hiev
e a
stab
le sa
fe st
ate.
AS-
C01
Th
e en
d st
ates
of t
he a
ccid
ent s
eque
nces
are
ach
ieve
d w
hen
eith
er a
‘non
-suc
cess
ful’
or
‘sta
ble
succ
essf
ul’ p
lant
con
ditio
ns h
ave
been
reac
hed.
C
OM
MEN
T: ‘S
tabl
e su
cces
sful
’ pla
nt c
ondi
tions
are
the
cond
ition
s w
hich
may
be
mai
ntai
ned
durin
g an
d af
ter t
he d
efin
ed m
issi
on ti
me
with
the
set o
f equ
ipm
ent p
ostu
late
d to
be
oper
able
for t
he sp
ecifi
c ac
cide
nt se
quen
ce. I
n ca
se st
able
succ
essf
ul p
lant
con
ditio
ns fo
r se
quen
ces a
re n
ot a
chie
ved
with
in 2
4 ho
urs,
a lo
nger
mis
sion
tim
e is
to
be c
onsi
dere
d an
d/or
add
ition
al p
lant
equ
ipm
ent a
nd h
uman
inte
ract
ions
ar
e m
odel
led.
EXA
MPL
E: T
he p
ossi
bilit
y to
rem
ove
heat
via
the
seco
ndar
y si
de u
sing
lim
ited
amou
nt o
f wat
er in
the
dem
iner
alis
ed w
ater
tank
s for
ap
prox
imat
ely
24 h
ours
shou
ld n
ot b
e co
nsid
ered
as a
succ
essf
ul st
able
en
d st
ate.
AS-
C02
R
ealis
tic a
nd ‘a
pplic
able
’ (i.e
., fr
om ‘s
imila
r’ p
lant
s) th
erm
al h
ydra
ulic
ana
lyse
s are
use
d to
de
term
ine
the
acci
dent
pro
gres
sion
par
amet
ers (
e.g.
tim
ing,
tem
pera
ture
, pre
ssur
e). A
ll no
rmal
ope
ratio
n an
d st
and-
by sy
stem
s, th
e op
erab
ility
of w
hich
may
impa
ct th
e ac
cide
nt
prog
ress
ion
are
acco
unte
d fo
r.
Sp
ecia
l Attr
ibut
e AS
-C02
-S1:
Plan
t-spe
cific
real
istic
ther
mal
hyd
raul
ic a
naly
ses a
re u
sed
to
dete
rmin
e th
e ac
cide
nt p
rogr
essi
on fo
r ASs
. RA
TIO
NAL
E : U
se o
f the
rmal
hyd
raul
ic a
naly
sis f
rom
sim
ilar u
nits
may
pr
oduc
e re
sults
, whi
ch d
o no
t acc
ount
for s
peci
fic p
lant
feat
ures
in
fluen
cing
acc
iden
t pro
gres
sion
for s
peci
fic se
quen
ces.
The
ASs
cons
truc
ted
with
out t
akin
g in
to a
ccou
nt p
lant
-spe
cific
feat
ures
may
not
be
app
ropr
iate
for s
ome
PSA
appl
icat
ions
.
Con
serv
ativ
e as
sum
ptio
ns a
re m
ade
whe
n pa
rticu
lar c
ours
e of
acc
iden
t pro
gres
sion
for
spec
ific
ASs
are
not
just
ified
by
supp
ortin
g an
alys
es (e
.g. t
herm
al h
ydra
ulic
, fra
ctur
al
mec
hani
cs, r
eact
ivity
ana
lysi
s, et
c.).
RA
TIO
NA
LE: T
his a
ttrib
ute
is st
ated
in o
rder
to a
void
mis
sing
of
pote
ntia
l ins
ight
due
to la
ck o
f kno
wle
dge
on a
ctua
l pla
nt b
ehav
iour
. If
safe
ty si
gnifi
cant
insi
ghts
can
not b
e ac
hiev
ed w
ith th
e us
e of
co
nser
vativ
e as
sum
ptio
ns, m
ore
effo
rts sh
ould
be
take
n to
rem
ove
cons
erva
tism
with
app
ropr
iate
just
ifica
tion.
AS-
C03
Spec
ial A
ttrib
ute
AS-C
03-S
1:
Plan
t-spe
cific
real
istic
ana
lyse
s are
per
form
ed fo
r spe
cific
ASs
in o
rder
to
obt
ain
a re
alis
tic d
escr
iptio
n an
d m
odel
of a
ccid
ent s
eque
nces
. RA
TIO
NAL
E : U
se o
f con
serv
ativ
e as
sum
ptio
ns in
stea
d of
real
istic
an
alys
is m
ay b
ias t
he b
enef
its o
f cer
tain
app
licat
ions
aim
ed a
t im
prov
ing/
chec
king
the
influ
ence
of s
peci
fic p
lant
cha
nges
.
38
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
The
proc
edur
es a
re re
view
ed w
ith e
ngag
emen
t of p
lant
ope
ratio
ns a
nd tr
aini
ng p
erso
nnel
to
conf
irm th
at th
e in
terp
reta
tion
of th
e pr
oced
ures
and
the
expe
cted
resp
onse
s are
con
sist
ent
with
the
exis
ting
ther
mal
hyd
raul
ic a
naly
ses a
nd p
lant
ope
ratio
nal p
ract
ices
.
The
acci
dent
sequ
ence
mod
els a
re c
onsi
sten
t with
the
plan
t-spe
cific
em
erge
ncy
proc
edur
es,
train
ing
sim
ulat
or e
xerc
ises
, and
exi
stin
g th
erm
al h
ydra
ulic
ana
lyse
s. In
cas
e of
alte
rnat
ives
, th
e m
ost r
estri
ctiv
e ac
cide
nt p
rogr
essi
on is
mod
elle
d.
(See
als
o Ta
ble
8.2-
E, G
ener
al A
ttrib
utes
HR
-E01
, HR
-E02
, and
Tab
le 8
.2-G
, Gen
eral
A
ttrib
ute
HR
-G04
).
A
S-C
04
Spec
ial A
ttrib
ute
AS-C
04-S
1:
Whe
n ex
istin
g pr
oced
ures
allo
w o
pera
tor t
o fo
llow
diff
eren
t miti
gatio
n st
rate
gies
, the
acc
iden
t seq
uenc
e m
odel
s acc
ount
for a
ll po
ssib
le
stra
tegi
es.
The
likel
ihoo
d of
eac
h st
rate
gy is
est
imat
ed b
ased
on
the
resu
lts o
f int
ervi
ew w
ith p
lant
ope
rato
rs, a
ctua
l pla
nt e
xper
ienc
e, a
nd
trai
ning
pra
ctic
e.
RATI
ON
ALE:
Inc
ompl
ete
mod
ellin
g of
acc
iden
t pro
gres
sion
dea
ling
with
non
-cle
ar re
quir
emen
ts o
f pla
nt e
mer
genc
y pr
oced
ures
may
bia
s th
e be
nefit
s of c
erta
in a
pplic
atio
ns a
imed
at i
mpr
ovin
g th
e ac
cide
nt
proc
edur
es.
For a
ll ac
cide
nt se
quen
ces c
onst
ruct
ed b
ased
on
the
resu
lts o
f rea
listic
ther
mal
hyd
raul
ic
anal
yses
, whi
ch re
quire
hum
an in
tera
ctio
ns n
ot c
onsi
dere
d in
pla
nt e
mer
genc
y pr
oced
ures
for
the
parti
cula
r sce
nario
, the
failu
re o
f tho
se h
uman
inte
ract
ions
is a
ssum
ed o
r add
ition
al
inve
stig
atio
ns a
re p
erfo
rmed
to a
ssur
e th
e po
ssib
ility
to p
erfo
rm re
quire
d ac
tions
(e.g
. pla
nt -
spec
ific
ther
mal
hyd
raul
ic a
naly
sis f
or sp
ecifi
c se
quen
ces,
inte
rvie
ws w
ith p
lant
ope
rato
rs,
anal
ysis
of p
lant
exp
erie
nce,
sim
ulat
or e
xerc
ises
, etc
.)
(See
als
o Ta
ble
8.2-
E, G
ener
al A
ttrib
utes
HR
-E01
, HR
-E02
, and
Tab
le 8
.2-G
, Gen
eral
A
ttrib
ute
HR
-G04
).
RA
TIO
NA
LE:
Opt
imis
tic c
redi
ting
the
hum
an in
tera
ctio
ns n
ot
desc
ribed
in th
e em
erge
ncy
proc
edur
es m
ay m
ask
the
prob
lem
s in
the
emer
genc
y pr
oced
ures
.
CO
MM
ENT:
Em
erge
ncy
proc
edur
es m
ay b
e le
ss d
etai
led
than
acc
iden
t se
quen
ce m
odel
s in
the
PSA
.
AS-
C05
Spec
ial A
ttrib
ute
AS-C
05-S
1:
For a
ll ac
cide
nt se
quen
ces c
onst
ruct
ed b
ased
on
the
resu
lts o
f rea
listic
th
erm
al h
ydra
ulic
ana
lyse
s, w
hich
requ
ire
hum
an in
tera
ctio
ns n
ot
cons
ider
ed in
pla
nt e
mer
genc
y pr
oced
ures
for t
he p
artic
ular
scen
ario
, ad
ditio
nal i
nves
tigat
ions
are
per
form
ed to
ass
ure
the
poss
ibili
ty to
pe
rfor
m re
quir
ed a
ctio
ns (e
.g. p
lant
-spe
cific
ther
mal
hyd
raul
ic a
naly
sis
for s
peci
fic se
quen
ces,
inte
rvie
ws w
ith p
lant
ope
rato
rs, a
naly
sis o
f pla
nt
expe
rien
ce, s
imul
ator
exe
rcis
es, e
tc.)
RATI
ON
ALE:
Rea
listic
mod
ellin
g of
acc
iden
t pro
gres
sion
s dea
ling
with
no
n-cl
ear r
equi
rem
ents
of p
lant
em
erge
ncy
proc
edur
es h
elps
to a
sses
s re
al b
enef
its fr
om im
prov
emen
ts in
em
erge
ncy
oper
atin
g pr
oced
ures
.
AS-
C06
If e
mer
genc
y pr
oced
ures
per
mit
perf
orm
ing
an a
ctio
n, b
ut th
e re
alis
tic t/
h an
alys
es
dem
onst
rate
that
the
actio
n im
pose
s an
adve
rse
effe
ct, t
he A
Ss n
ever
thel
ess i
nclu
de th
ose
actio
ns. (
See
also
Tab
le 8
.2-E
, Gen
eral
Attr
ibut
es H
R-E
01, H
R-E
02, a
nd T
able
8.2
-G,
Gen
eral
Attr
ibut
e H
R-G
04).
RA
TIO
NA
LE: U
njus
tifie
d op
timis
m sh
ould
be
avoi
ded
in A
Ss
mod
ellin
g.
39
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
Sp
ecia
l Attr
ibut
e AS
-C06
-S1:
If em
erge
ncy
proc
edur
es p
erm
it to
per
form
an
actio
n bu
t the
real
istic
t/h
ana
lyse
s dem
onst
rate
that
the
actio
n im
pose
s an
adve
rse
effe
ct,
addi
tiona
l inv
estig
atio
ns a
re p
erfo
rmed
to a
sses
s the
real
ope
rato
r re
spon
se (
e.g.
int
ervi
ews w
ith p
lant
ope
rato
rs, a
naly
sis o
f pla
nt
expe
rien
ce, s
imul
ator
exe
rcis
es, e
tc.).
RATI
ON
ALE:
Rea
listic
mod
ellin
g of
acc
iden
t pro
gres
sion
s dea
ling
with
no
n-cl
ear r
equi
rem
ents
of p
lant
em
erge
ncy
proc
edur
es h
elps
to a
sses
s re
al b
enef
its fr
om im
prov
emen
ts in
em
erge
ncy
oper
atin
g pr
oced
ures
.
AS-
C07
Th
e ac
cide
nt se
quen
ces p
ossi
ble
for e
ach
initi
atin
g ev
ent g
roup
are
dev
elop
ed. F
or e
ach
initi
atin
g ev
ent g
roup
, the
acc
iden
t seq
uenc
es m
odel
is d
evel
oped
to a
suff
icie
nt le
vel o
f de
tail
that
the
diff
eren
ces i
n re
quire
men
ts o
n sy
stem
s and
ope
rato
r res
pons
es a
re c
aptu
red.
D
iver
se sy
stem
s pro
vidi
ng si
mila
r fun
ctio
n ar
e m
odel
led
sepa
rate
ly if
the
choi
ce o
f one
sy
stem
ove
r ano
ther
sign
ifica
ntly
cha
nges
the
requ
irem
ents
for o
pera
tor i
nter
vent
ion
or th
e ne
ed fo
r oth
er sy
stem
s.
CO
MM
ENT:
Acc
iden
t seq
uenc
es c
an b
e m
odel
led
at v
ario
us le
vels
of
deta
il ra
ngin
g fr
om s
mal
l fun
ctio
nal l
evel
eve
nt tr
ees,
thro
ugh
syst
em
leve
l eve
nt tr
ees (
com
mon
ly re
ferr
ed to
as t
he sm
all e
vent
tree
app
roac
h w
ith fa
ult t
ree
linki
ng) t
o ve
ry la
rge
even
t tre
es th
at m
odel
supp
ort
syst
em a
nd fr
ont l
ine
syst
em s
tatu
s at t
he tr
ain
leve
l (th
e so
-cal
led
‘larg
e ev
ent t
ree’
or ‘
even
t tre
e lin
king
’ app
roac
h). (
See
also
Tab
le 1
1.2-
A,
Gen
eral
Attr
ibut
e M
Q-A
01).
AS-
C08
Fo
r eac
h ke
y sa
fety
func
tion
its d
epen
denc
e on
the
succ
ess o
r fai
lure
of p
rece
ding
func
tions
an
d th
e im
pact
on
acci
dent
pro
gres
sion
are
add
ress
ed.
EX
AM
PLE:
The
succ
ess o
f low
pre
ssur
e sy
stem
inje
ctio
n is
dep
ende
nt
on th
e su
cces
s of R
PV d
epre
ssur
isat
ion.
AS-
C09
W
hen
deve
lopi
ng a
ccid
ent s
eque
nces
, the
phe
nom
enol
ogic
al c
ondi
tions
cre
ated
by
the
acci
dent
pro
gres
sion
are
iden
tifie
d so
that
the
effe
ct o
n po
tent
ial m
itiga
ting
syst
ems i
s pr
oper
ly a
ccou
nted
for.
(See
als
o Ta
ble
10.2
-C, G
ener
al A
ttrib
ute
DF-
C01
).
EXA
MPL
E: P
heno
men
olog
ical
con
ditio
ns in
clud
e ge
nera
tion
of h
arsh
en
viro
nmen
tal e
ffec
ts, i
nclu
ding
tem
pera
ture
, pre
ssur
e, d
ebris
, wat
er
leve
ls, a
nd h
umid
ity.
The
effe
cts o
f the
se c
ondi
tions
cou
ld d
irect
ly
caus
e eq
uipm
ent f
ailu
re, o
r mig
ht re
quire
pro
cedu
ral o
pera
tor a
ctio
ns to
pr
even
t equ
ipm
ent d
amag
e (e
.g. t
o te
mpo
rary
dis
able
equ
ipm
ent).
AS-
C10
If
pla
nt c
onfig
urat
ions
and
mai
nten
ance
pra
ctic
es c
reat
e de
pend
enci
es a
mon
g va
rious
sys
tem
al
ignm
ents
, the
se c
onfig
urat
ions
and
alig
nmen
ts a
re d
efin
ed a
nd in
clud
ed in
the
mod
el in
a
man
ner t
hat r
efle
cts t
hese
dep
ende
ncie
s.
AS-
C11
Ev
ents
for w
hich
tim
e-ph
ased
dep
ende
ncie
s mig
ht e
xist
are
def
ined
and
are
incl
uded
in A
Ss
mod
els a
ppro
pria
tely
. EX
AM
PLES
of t
ime
phas
ed e
vent
s inc
lude
: AC
pow
er re
cove
ry, D
C
batte
ry ti
me
depe
nden
t dis
char
ge, e
nviro
nmen
tal c
ondi
tions
for
oper
atin
g eq
uipm
ent a
nd th
e co
ntro
l roo
m (e
.g. r
oom
coo
ling)
, etc
.
AS-
C12
If
ATW
S se
quen
ces a
re g
roup
ed a
nd m
odel
led
as a
sing
le e
vent
tree
, the
mos
t res
trict
ive
case
is
con
side
red.
C
OM
MEN
T: M
any
PSA
s gro
up A
TWS
sequ
ence
s tog
ethe
r and
de
velo
p a
mod
el fo
r the
mos
t res
trict
ive
case
(e.g
. LO
OP,
etc
.)
Sp
ecia
l Attr
ibut
e AS
-C
12-S
1 AT
WS
sequ
ence
s are
mod
elle
d as
par
t of a
ccid
ent s
eque
nce
mod
el fo
r ea
ch IE
gro
up. S
peci
fic a
naly
ses j
ustif
y th
e po
ssib
ility
to p
reve
nt c
ore
dam
age
for e
ach
ATW
S se
quen
ce w
ith su
cces
sful
end
stat
e.
CO
MM
ENT:
For
mod
ellin
g of
ATW
S se
quen
ces t
he sp
ecifi
c co
nditi
ons
whi
ch a
re in
pla
ce fo
r the
rela
ted
initi
atin
g ev
ent g
roup
are
acc
ount
ed
for,
as w
ell a
s the
con
ditio
ns a
nd e
vent
s con
nect
ed to
a p
artic
ular
fa
ilure
of t
he re
acto
r shu
tdow
n fu
nctio
n.
40
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
AS-
C13
W
hen
trans
fers
bet
wee
n ev
ent t
rees
are
use
d to
redu
ce th
e si
ze a
nd c
ompl
exity
of i
ndiv
idua
l ev
ent t
rees
the
met
hod
for i
mpl
emen
ting
an e
vent
tree
tran
sfer
that
pre
serv
es th
e de
pend
enci
es th
at a
re p
art o
f the
tran
sfer
red
sequ
ence
is u
sed.
The
se in
clud
e fu
nctio
nal,
syst
em, i
nitia
ting
even
t, op
erat
or, a
nd sp
atia
l or e
nviro
nmen
tal d
epen
denc
ies.
CO
MM
ENT:
If so
ftwar
e be
ing
used
for P
SA is
not
cap
able
of e
vent
tre
es li
nkin
g, c
are
mus
t be
take
n th
at a
ll bo
unda
ry c
ondi
tions
of p
aren
t ev
ent t
ree
top
even
t are
tran
sfer
red
to su
bseq
uent
eve
nt tr
ees.
The
cons
eque
nces
of s
ucce
ssfu
l ope
ratio
n of
miti
gatin
g sy
stem
s on
acci
dent
pro
gres
sion
are
de
term
ined
by
cons
ider
ing
the
actu
al p
lant
resp
onse
.
EXA
MPL
ES:
1) O
n re
ceip
t of a
LO
CA
sign
al, t
hree
con
tain
men
t spr
ay p
umps
star
t ev
en th
ough
onl
y on
e is
requ
ired
by th
e su
cces
s crit
eria
. If
ther
e is
no
dire
ctiv
e to
the
oper
ator
s to
turn
off
pum
ps, o
r dec
reas
e flo
w, t
he
incr
ease
d flo
w w
ill d
ecre
ase
the
time
of d
eple
tion
of th
e ta
nk sh
ared
by
com
mon
spay
and
inje
ctio
n sy
stem
s. E
ven
if th
ere
is p
roce
dura
l di
rect
ion
to d
ecre
ase
flow
, the
pos
sibi
lity
that
the
oper
ator
s wou
ld fa
il to
do
so sh
ould
be
take
n in
to a
ccou
nt.
2) O
peni
ng o
f all
stea
m sa
fety
val
ves w
hile
onl
y on
e is
nee
ded
to
prev
ent e
xces
sive
pre
ssur
e in
crea
se in
the
stea
m li
nes m
ay le
ad to
fa
ilure
to re
-clo
se o
f sev
eral
val
ves.
AS-
C14
Spec
ial A
ttrib
ute
AS-C
14-S
1:
Real
istic
pla
nt-s
peci
fic a
naly
ses a
re m
ade
for s
peci
fic A
Ss in
ord
er to
ve
rify
whe
ther
the
cond
ition
s for
ope
rato
r act
ions
and
ope
ratio
n of
the
spec
ific
equi
pmen
t are
ach
ieve
d. (S
ee a
lso
Tabl
e 8.
2-E,
Spe
cial
At
trib
ute
HR-
E01-
S1).
RATI
ON
ALE:
Use
of c
onse
rvat
ive
assu
mpt
ions
inst
ead
of re
alis
tic
anal
ysis
may
bia
s the
ben
efits
of m
any
appl
icat
ions
aim
ed a
t im
prov
ing/
chec
king
the
influ
ence
of s
peci
fic p
lant
cha
nges
(e.g
. ha
rdw
are
or p
roce
dure
s).
AS-
C15
A
ccid
ent p
rogr
essi
on is
dis
cuss
ed a
nd ‘a
gree
d’ w
ith p
lant
ope
rato
rs.
RA
TIO
NA
LE: E
xper
ienc
ed p
lant
ope
rato
rs c
ould
iden
tify
inco
nsis
tenc
ies b
etw
een
PSA
ASs
mod
els a
nd a
ctua
l pla
nt b
ehav
iour
in
term
of a
ccid
ent p
rogr
essi
on, s
yste
m re
quire
men
ts, p
roce
dura
lly
dire
cted
ope
rato
r act
ions
, etc
.
Sp
ecia
l Attr
ibut
e AS
-C15
-S1:
An
exp
ande
d gr
aphi
cal r
epre
sent
atio
n of
acc
iden
ts p
rogr
essi
on (e
.g.
‘eve
nt se
quen
ce d
iagr
am’)
for I
E gr
oups
is u
sed
to v
erify
the
AS m
odel
s w
ith p
lant
ope
rato
rs.
RATI
ON
ALE:
Gra
phic
al re
pres
enta
tion
of a
ccid
ent p
rogr
essi
on h
elps
no
n-PS
A sp
ecia
lists
to u
nder
stan
d AS
mod
els.
41
T
able
5.2
-D
Att
ribu
tes f
or A
S A
naly
sis:
Tas
k A
S-D
‘Suc
cess
Cri
teri
a fo
r A
ccid
ent S
eque
nces
’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
AS-
D
The
task
incl
udes
the
defin
ition
of a
ccid
ent s
eque
nce
succ
ess c
riter
ia.
AS-
D01
Fo
r eac
h in
itiat
ing
even
t gro
up a
nd fo
r eac
h ac
cide
nt se
quen
ce, t
he su
cces
s crit
eria
for
safe
ty re
late
d fu
nctio
ns, o
pera
tor a
ctio
ns, s
yste
ms,
and
equi
pmen
t are
def
ined
. (Se
e de
taile
d at
tribu
tes i
n Se
ctio
n 6)
.
42
T
able
5.2
-E
Att
ribu
tes f
or A
S A
naly
sis:
Tas
k A
S-E
‘Doc
umen
tatio
n’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
AS-
E
Doc
umen
tatio
n an
d in
form
atio
n st
orag
e is
per
form
ed in
a m
anne
r tha
t fac
ilita
tes p
eer
revi
ew, a
s wel
l as f
utur
e up
grad
es a
nd a
pplic
atio
ns o
f the
PSA
by
desc
ribin
g th
e pr
oces
ses
that
wer
e us
ed a
nd p
rovi
ding
det
ails
of t
he m
etho
ds u
sed,
ass
umpt
ions
mad
e an
d th
eir
base
s.
AS-
E01
The
treat
men
t of e
ach
initi
ator
and
acc
iden
t seq
uenc
e m
odel
is d
ocum
ente
d to
supp
ort
revi
ews a
nd a
pplic
atio
ns.
The
follo
win
g im
porta
nt a
spec
ts a
re d
ocum
ente
d:
- G
raph
ical
repr
esen
tatio
n of
eac
h ac
cide
nt se
quen
ce fo
r eac
h IE
gro
up;
- A
des
crip
tion
of th
e ac
cide
nt p
rogr
essi
on fo
r eac
h se
quen
ce o
r gro
up o
f sim
ilar
sequ
ence
s;
- Th
e su
cces
s crit
eria
est
ablis
hed
for e
ach
initi
atin
g ev
ent c
ateg
ory
incl
udin
g th
e ba
ses
for t
he c
riter
ia;
- A
ny a
ssum
ptio
ns th
at w
ere
mad
e in
dev
elop
ing
the
acci
dent
sequ
ence
s, as
wel
l as t
he
base
s for
the
assu
mpt
ions
; -
Exis
ting
anal
yses
per
form
ed to
def
ine
succ
ess c
riter
ia a
nd e
xpec
ted
sequ
ence
ph
enom
ena
incl
udin
g ne
cess
ary
timin
g co
nsid
erat
ions
; -
Suff
icie
nt sy
stem
ope
ratio
n in
form
atio
n to
supp
ort t
he m
odel
led
depe
nden
cies
; -
Cal
cula
tions
or o
ther
bas
es u
sed
to ju
stify
equ
ipm
ent o
pera
bilit
y be
yond
its ‘
norm
al’
desi
gn p
aram
eter
s and
for w
hich
cre
dit h
as b
een
take
n;
- Ju
stifi
catio
n fo
r the
non
-loss
of d
epen
denc
es if
mod
ellin
g si
mpl
ifica
tions
wer
e im
plie
d.
AS-
E02
The
inte
rfac
es b
etw
een
Acc
iden
t Seq
uenc
e A
naly
sis a
nd th
e fo
llow
ing
PSA
task
s are
de
fined
and
doc
umen
ted:
-
The
defin
ition
of i
nitia
ting
even
t cat
egor
y in
the
Initi
atin
g Ev
ent A
naly
sis T
ask;
-
The
defin
ition
of c
ore
dam
age
and
asso
ciat
ed su
cces
s crit
eria
in S
ucce
ss C
riter
ia
Def
initi
on T
ask;
-
Key
def
initi
ons o
f ope
rato
r act
ions
and
sequ
ence
-spe
cific
tim
ing
and
depe
nden
cies
re
flect
ed in
the
acci
dent
sequ
ence
mod
els i
n th
e H
RA
task
for t
hese
act
ions
; -
The
basi
s for
the
sequ
ence
and
cut
set q
uant
ifica
tion
in th
e Le
vel-1
Qua
ntifi
catio
n an
d R
esul
ts In
terp
reta
tion
Task
; -
A fr
amew
ork
for a
n in
tegr
ated
trea
tmen
t of d
epen
denc
ies i
n th
e in
itiat
ing
even
ts
anal
ysis
, sys
tem
s ana
lysi
s, da
ta a
naly
sis,
hum
an re
liabi
lity
anal
ysis
, Lev
el-1
qu
antif
icat
ion.
43
6. PSA ELEMENT ‘SC’: SUCCESS CRITERIA FORMULATION AND SUPPORTING ANALYSIS
6.1. Main objectives
The main objective of the success criteria formulation task is to determine for given initiating events what represents a successful or unsuccessful plant response and to translate this information into detailed plant system and operator action success criteria. Thermal hydraulic analyses simulating the course of accident sequence progression and other assessment means are used for this purpose. These analyses and assessments are called in this section supporting analyses for the success criteria formulation.
As a first task core or fuel damage or other unsuccessful accident sequence end states
are defined in order to provide the basis for the derivation of detailed success criteria for safety related functions or human interactions. The description of the formulation of success criteria and of related attributes in this section is limited to success criteria required for a Level-1 PSA.
Success criteria regarding the plant response to initiating events are used to specify
whether safety related functions meet the requirements to prevent damage to the core or mitigate significant releases of radioactivity. These safety-related functions in terms of a PSA may be functions of operating systems, front line safety systems, I&C, support systems, structures, components, and operator actions. For operator actions success criteria are characterized by statements that certain actions are successfully carried out within a defined time window.
Success criteria are used to construct the logic PSA model, including for example the
determination of event tree branch point probabilities and probabilities for other events in the logic model. They also determine the required number of trains of a safety related system. Top-level safety related function requirements are translated into the requirements for systems performing that function, a process, which is continued down to support systems. Event tree branch point probabilities also may reflect operator actions with their specific success criteria, e.g. a time window. Other operator actions may be modelled at the system level. There is therefore a close connection between HRA (Human Reliability Analysis), systems analysis, and success criteria formulation.
6.2. Success criteria formulation and supporting analysis tasks and their attributes
Table 6.2 lists the main tasks for the PSA element ‘Success Criteria Formulation and
Supporting Analysis’. Tables 6.2-A through 6.2-C present the description of general and special attributes for these tasks.
44
Table 6.2 Main Tasks for Success Criteria Formulation and Supporting Analysis
Task ID Task Content
SC-A Definition of Overall and Detailed Success Criteria
SC-B Thermal Hydraulic Analyses and other Assessment Means Supporting the Derivation of Detailed Success Criteria
SC-C Documentation
45
T
able
6.2
-A
Att
ribu
tes f
or S
ucce
ss C
rite
ria
Form
ulat
ion
and
Supp
ortin
g A
naly
sis:
Tas
k SC
-A ‘D
efin
ition
of O
vera
ll an
d D
etai
led
Succ
ess
Cri
teri
a’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
SC-A
D
efin
ition
of t
he o
vera
ll su
cces
s crit
eria
for t
he P
SA a
nd d
efin
ition
of t
he su
cces
s crit
eria
fo
r sys
tem
s, st
ruct
ures
, com
pone
nts,
and
hum
an in
tera
ctio
ns is
per
form
ed in
a m
anne
r w
hich
is c
onsi
sten
t with
pla
nt fe
atur
es, p
roce
dure
s and
ope
ratin
g pr
actic
es.
SC-A
01
Def
initi
on o
f cor
e da
mag
e or
oth
er u
nsuc
cess
ful a
ccid
ent s
eque
nce
end
stat
es
Cor
e or
fuel
dam
age
is d
efin
ed in
term
s of p
hysi
cal p
roce
sses
and
phe
nom
ena
and
failu
re
mec
hani
sms,
whi
ch m
ay c
ause
a su
bsta
ntia
l rel
ease
of r
adio
activ
e m
ater
ial f
rom
the
reac
tor f
uel.
The
follo
win
g in
form
atio
n so
urce
s are
use
d to
der
ive
the
defin
ition
of c
ore
or fu
el
dam
age:
- Th
e av
aila
ble
desi
gn b
asis
info
rmat
ion
for a
pla
nt a
nd re
late
d in
form
atio
n, e
.g. d
esig
n ba
sis a
ccid
ent a
naly
ses i
s use
d.
- A
vaila
ble
info
rmat
ion
on c
ore
or fu
el d
amag
e m
echa
nism
s and
phe
nom
ena
for s
imila
r pl
ants
and
from
rela
ted
expe
rimen
tal i
nves
tigat
ions
is u
sed.
CO
MM
ENT:
For
ves
sel t
ype
LWR
s the
re a
re u
sual
ly o
nly
two
type
s of
end-
stat
es d
efin
ed in
term
s of t
he L
evel
-1 P
SA:
(1) S
ucce
ssfu
l end
-sta
tes w
ithou
t sig
nific
ant c
ore
dam
age,
and
(2) U
nsuc
cess
ful e
nd-s
tate
s with
cor
e da
mag
e.
For o
ther
reac
tor t
ypes
, for
exa
mpl
e fo
r cha
nnel
type
reac
tors
, diff
eren
t le
vels
of c
ore
or fu
el d
amag
e ar
e us
ed to
refle
ct sc
enar
ios w
here
dam
age
is li
mite
d to
onl
y on
e ch
anne
l, a
grou
p of
cha
nnel
s, to
a p
ortio
n of
the
core
or e
xten
ds to
the
entir
e co
re.
SC-A
02
The
phys
ical
pla
nt p
aram
eter
s (e.
g. h
ighe
st n
ode
tem
pera
ture
, cor
e co
llaps
ed li
quid
leve
l) an
d as
soci
ated
acc
epta
nce
crite
ria o
r lim
it va
lues
(e.g
. tem
pera
ture
lim
it, p
erce
ntag
e of
cl
addi
ng th
ickn
ess o
xidi
zed)
to b
e us
ed in
det
erm
inin
g co
re o
r fue
l dam
age
are
defin
ed.
The
para
met
ers a
re se
lect
ed in
such
a w
ay th
at th
e de
term
inat
ion
of c
ore
or fu
el d
amag
e is
as
real
istic
as p
ract
ical
and
con
sist
ent w
ith c
urre
nt b
est p
ract
ices
and
kno
wle
dge.
For
the
appl
icat
ion
of p
aram
eter
acc
epta
nce
crite
ria w
ith th
e re
sults
of t
herm
al h
ydra
ulic
ca
lcul
atio
n a
suff
icie
nt m
argi
n is
spec
ified
and
use
d to
take
car
e of
lim
itatio
ns o
f the
co
mpu
ter c
odes
, suc
h as
lim
itatio
ns in
the
soph
istic
atio
n of
mod
els,
and
unce
rtain
ties i
n th
e re
sults
.
EXA
MPL
ES o
f par
amet
ers a
nd a
ssoc
iate
d ac
cept
ance
crit
eria
that
are
us
ed in
PSA
s inc
lude
:
- BW
R: C
olla
psed
liqu
id le
vel l
ess t
han
1/3
core
hei
ght o
r cod
e-pr
edic
ted
peak
cor
e te
mpe
ratu
re >
250
0°F
(137
0°C
)
- PW
R: C
olla
psed
liqu
id le
vel b
elow
top
of a
ctiv
e fu
el fo
r a p
rolo
nged
pe
riod,
or c
ode-
pred
icte
d co
re p
eak
node
tem
pera
ture
> 2
200°
F (1
200°
C)
usin
g a
code
with
det
aile
d co
re m
odel
ling,
or c
ode-
pred
icte
d co
re p
eak
node
tem
pera
ture
> 1
800°
F (1
000°
C) u
sing
a c
ode
with
sim
plifi
ed (e
.g.
sing
le-n
ode
core
mod
el, l
umpe
d pa
ram
eter
) cor
e m
odel
ling,
or c
ode-
pred
icte
d co
re e
xit t
empe
ratu
re >
120
0°F
(650
°C) f
or 3
0 m
in u
sing
a c
ode
with
sim
plifi
ed c
ore
mod
ellin
g.
SC-A
03
Succ
ess c
riter
ia fo
r eac
h of
the
safe
ty re
late
d fu
nctio
n ar
e sp
ecifi
ed in
the
acci
dent
se
quen
ces f
or e
ach
initi
atin
g ev
ent g
roup
. C
OM
MEN
T: T
he fo
rmul
atio
n of
succ
ess c
riter
ia a
t the
func
tiona
l lev
el,
syst
em le
vel,
syst
em tr
ain
leve
l and
for s
truct
ures
and
equ
ipm
ent i
s ac
com
pani
ed b
y a
desc
riptio
n of
acc
iden
t seq
uenc
es, i
nclu
ding
refe
renc
es
to th
e pl
ants
pro
tect
ive
I&C
and
EO
Ps w
hich
prim
arily
det
erm
ine
the
plan
t sys
tem
s res
pons
e.
46
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
SC-A
04
Syst
ems c
apab
le o
f mee
ting
the
spec
ified
succ
ess c
riter
ia o
f saf
ety
rela
ted
func
tions
are
id
entif
ied
toge
ther
with
ass
ocia
ted
oper
ator
act
ions
if a
pplic
able
. The
succ
ess c
riter
ia fo
r th
e sa
fety
rela
ted
func
tions
are
tran
slat
ed a
ccor
ding
ly to
the
syst
ems a
nd a
ssoc
iate
d op
erat
or a
ctio
ns.
From
the
leve
l of s
yste
ms,
succ
ess c
riter
ia a
re c
ontin
ued
to sy
stem
trai
ns if
nec
essa
ry a
nd
furth
er d
own
to th
e as
soci
ated
supp
ort s
yste
ms.
For m
ultip
le u
nits
pla
nts t
he sy
stem
s tha
t are
shar
ed b
etw
een
units
are
iden
tifie
d, a
nd th
e m
anne
r in
whi
ch th
e sh
arin
g is
per
form
ed sh
ould
the
units
exp
erie
nce
a co
mm
on in
itiat
ing
even
t (e.
g. L
OO
P). T
his i
nclu
des o
pera
tor a
ctio
ns a
s req
uire
d an
d sp
ecifi
ed b
y pl
ant
proc
edur
es o
r ope
ratin
g pr
actic
es.
CO
MM
ENT:
As s
peci
fied
unde
r oth
er P
SA ta
sks i
n th
is p
ublic
atio
n de
pend
enci
es o
f fro
nt li
ne sy
stem
s on
supp
ort s
yste
ms a
nd I&
C a
re
pref
erab
ly m
odel
led
expl
icitl
y fo
r exa
mpl
e by
mea
ns o
f tra
nsfe
rs fr
om
supp
ort s
yste
m tr
ains
to th
e eq
uipm
ent o
f the
fron
t lin
e sy
stem
whi
ch
depe
nd o
n a
parti
cula
r sup
port
syst
ems.
Dep
endi
ng o
n th
e de
sign
this
re
quire
s for
mul
atio
n of
succ
ess c
riter
ia fo
r sup
port
syst
ems a
s wel
l. A
n ex
ampl
e fo
r thi
s is a
DC
ele
ctric
al p
ower
supp
ly fr
om tw
o D
C su
pply
tra
ins v
ia se
para
tion
diod
es. A
part
from
thes
e st
raig
htfo
rwar
d tra
in
depe
nden
cies
on
supp
orts
ther
e ar
e us
ually
dep
ende
ncie
s req
uirin
g ad
ditio
nal a
naly
ses,
for e
xam
ple
room
coo
ling
requ
irem
ents
rega
rdin
g th
e op
erat
ion
of sa
fety
rela
ted
equi
pmen
t dur
ing
the
mis
sion
tim
e.
SC-A
05
A m
issi
on ti
me
for t
he a
ccid
ent s
eque
nces
is d
eter
min
ed. T
he m
issi
on ti
me
is th
e tim
e du
ring
whi
ch sa
fety
rela
ted
func
tions
are
requ
ired
to w
ork
to a
chie
ve a
stab
le e
nd-s
tate
af
ter a
n in
itiat
ing
even
t. It
is u
sual
pra
ctic
e to
ass
ume
as a
firs
t app
roac
h a
gene
ral m
issi
on
time
of 2
4 ho
urs.
For s
eque
nces
in w
hich
stab
le p
lant
con
ditio
ns w
ould
not
be
achi
eved
by
24 h
ours
usi
ng th
e m
odel
led
plan
t equ
ipm
ent a
nd h
uman
inte
ract
ions
, a lo
nger
mis
sion
tim
e is
use
d if
need
ed to
ach
ieve
stab
le p
lant
con
ditio
ns. (
See
also
AS-
02).
Add
ition
al e
valu
atio
n or
mod
ellin
g is
car
ried
out f
or se
quen
ces i
n w
hich
a sa
fe, s
tabl
e st
ate
has n
ot b
een
achi
eved
by
the
end
of th
e m
issi
on ti
me
defin
ed fo
r the
PSA
by
usin
g te
chni
ques
like
:
a) a
ssig
ning
an
appr
opria
te p
lant
dam
age
stat
e fo
r tha
t seq
uenc
e if
this
is u
sefu
l and
doe
s no
t sig
nific
antly
hin
der a
pplic
atio
ns;
b) e
xten
ding
the
mis
sion
tim
e, a
nd e
xten
ding
the
affe
cted
ana
lyse
s to
the
poin
t at w
hich
co
nditi
ons a
nd p
aram
eter
s can
be
show
n to
reac
h ac
cept
able
val
ues;
c) m
odel
ling
addi
tiona
l sys
tem
reco
very
or o
pera
tor i
nter
actio
ns fo
r the
sequ
ence
, in
acco
rdan
ce w
ith re
quire
men
ts st
ated
in th
e sy
stem
s ana
lysi
s and
HR
A se
ctio
ns o
f thi
s gu
ide,
to d
emon
stra
te th
at a
succ
essf
ul o
utco
me
is a
chie
ved
toge
ther
with
an
asse
ssm
ent o
f the
pro
babi
lity
for s
ucce
ss a
nd fa
ilure
of t
he a
dditi
onal
eve
nts.
47
T
able
6.2
-B
Att
ribu
tes f
or S
ucce
ss C
rite
ria
Form
ulat
ion
and
Supp
ortin
g A
naly
sis:
Tas
k SC
-B ‘T
herm
al H
ydra
ulic
Ana
lyse
s and
Oth
er
Ass
essm
ent M
eans
Sup
port
ing
the
Form
ulat
ion
of S
ucce
ss C
rite
ria’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
SC-B
D
etai
led
succ
ess c
riter
ia a
nd e
vent
tim
ing
suff
icie
nt fo
r the
qua
ntifi
catio
n of
CD
F, a
nd th
e de
term
inat
ion
of im
pact
of s
ucce
ss c
riter
ia o
n sy
stem
s, st
ruct
ures
, com
pone
nts a
nd h
uman
in
tera
ctio
ns a
re d
evel
oped
by
appr
opria
te th
erm
al h
ydra
ulic
ana
lyse
s and
oth
er a
sses
smen
t m
eans
.
SC-B
01
App
licab
le a
nd p
rove
n co
mpu
ter c
odes
are
use
d fo
r the
mod
ellin
g of
the
cour
se o
f acc
iden
t se
quen
ces a
nd fo
r the
der
ivat
ion
of a
ssoc
iate
d su
cces
s crit
eria
. Pre
fera
bly
and
if av
aila
ble
best
est
imat
e co
des a
nd m
odel
s are
use
d fo
r thi
s pur
pose
and
the
plan
t and
sequ
ence
mod
el
refle
cts t
he sp
ecifi
c de
sign
and
ope
ratio
nal f
eatu
res o
f the
pla
nt.
Bes
t-est
imat
e m
odel
s or a
naly
ses c
an b
e su
pple
men
ted
with
pla
nt sp
ecifi
c or
gen
eric
FSA
R
or o
ther
con
serv
ativ
e an
alys
es a
pplic
able
to th
e pl
ant a
ccom
pani
ed w
ith a
just
ifica
tion
and
an a
sses
smen
t of a
ssoc
iate
d un
certa
intie
s.
Sp
ecia
l Attr
ibut
e SC
-B01
-S1:
Appl
icab
le a
nd p
rove
n co
mpu
ter c
odes
are
use
d fo
r the
mod
ellin
g th
e co
urse
of a
ll re
leva
nt a
ccid
ent s
eque
nces
and
for t
he d
eriv
atio
n of
as
soci
ated
succ
ess c
rite
ria.
Bes
t est
imat
e co
des a
nd m
odel
s are
use
d fo
r th
is p
urpo
se a
nd th
e pl
ant a
nd se
quen
ce m
odel
refle
cts t
he sp
ecifi
c de
sign
and
ope
ratio
nal f
eatu
res o
f the
pla
nt.
RATI
ON
ALE:
Use
of g
ener
ic a
sses
smen
ts m
ay p
rovi
de in
suffi
cien
t pla
nt
spec
ifici
ty fo
r par
ts o
f the
mod
el a
ffect
ed b
y ap
plic
atio
ns. C
onse
rvat
ive
asse
ssm
ents
may
cau
se m
aski
ng e
ffect
s hin
deri
ng c
erta
in a
pplic
atio
ns.
SC-B
02
Expe
rt ju
dgm
ent i
s onl
y us
ed to
ass
ess t
he c
ondi
tions
or r
espo
nse
of sy
stem
s, st
ruct
ures
and
eq
uipm
ent i
n si
tuat
ions
whe
n th
ere
is a
lack
of a
vaila
ble
info
rmat
ion,
kno
wle
dge
or
anal
ytic
al m
etho
ds u
pon
whi
ch a
pre
dict
ion
can
be b
ased
if it
can
be
dem
onst
rate
d th
at th
e va
riabi
lity
and
unce
rtain
ty p
oten
tially
inhe
rent
in th
e as
sess
men
t doe
s not
sign
ifica
ntly
im
pact
on
the
PSA
mod
els a
nd re
sults
.
SC-B
03
Whe
n de
finin
g su
cces
s crit
eria
, the
rmal
hyd
raul
ic, s
truct
ural
, or o
ther
ana
lyse
s and
ev
alua
tions
are
use
d w
hich
are
app
ropr
iate
to th
e ev
ent a
nd th
e ev
ent s
eque
nce
bein
g an
alys
ed. T
he le
vel o
f det
ail i
n th
ese
anal
yses
and
eva
luat
ions
is c
onsi
sten
t with
the
initi
atin
g ev
ent g
roup
ing
and
acci
dent
sequ
ence
ana
lysi
s tas
ks.
48
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
SC-B
04
Ana
lysi
s mod
els a
nd c
ompu
ter c
odes
are
use
d th
at h
ave
suff
icie
nt c
apab
ility
to m
odel
the
cond
ition
s and
phe
nom
ena
of in
tere
st in
the
dete
rmin
atio
n of
succ
ess c
riter
ia a
nd th
at
prov
ide
resu
lts re
pres
enta
tive
for t
he p
lant
. Com
pute
r cod
es a
nd m
odel
s are
onl
y us
ed
with
in k
now
n lim
its o
f app
licab
ility
.
SC-B
05
The
plan
t mod
el a
nd p
aram
eter
s use
d fo
r the
rmal
hyd
raul
ic a
naly
ses a
re e
stab
lishe
d in
a
way
that
pro
vide
s suf
ficie
nt re
solu
tion
and
refle
cts t
he a
ctua
l des
ign
and
oper
atio
nal
feat
ures
of t
he p
lant
.
Para
met
er v
alue
s (in
clud
ing
setp
oint
s, lim
it po
ints
, trig
ger v
alue
s, en
try a
nd e
xit v
alue
s for
pr
oced
ures
, and
sets
of p
aram
eter
val
ues w
hich
are
use
d fo
r con
trol f
unct
ions
) det
erm
ine
whe
n op
erat
or a
ctio
ns a
re c
arrie
d ou
t and
det
erm
ine
the
func
tion
of sa
fety
rela
ted
syst
ems.
In th
is re
spec
t the
pla
nt m
odel
and
the
mod
el o
f rel
ated
con
trol s
yste
m fu
nctio
ns a
re
supp
orte
d by
a d
etai
led
desc
riptio
n in
clud
ing
refe
renc
es to
the
plan
ts p
rote
ctiv
e I&
C a
nd
EOPs
.
Whe
n sp
ecify
ing
para
met
er v
alue
s, un
certa
intie
s, va
riabi
lity,
and
del
ays f
or m
easu
ring
and
actu
atin
g de
vice
s and
for a
ctua
ted
equi
pmen
t are
take
n in
to a
ccou
nt.
SC-B
06
The
plau
sibi
lity,
reas
onab
lene
ss, a
nd a
ccep
tabi
lity
of th
erm
al h
ydra
ulic
, stru
ctur
al o
r oth
er
supp
ortin
g en
gine
erin
g ba
ses u
sed
to su
ppor
t suc
cess
crit
eria
is c
heck
ed w
ith a
ppro
pria
te
met
hods
, suc
h as
:
a)
Com
paris
on o
f res
ults
with
resu
lts o
f sim
ilar a
naly
ses p
erfo
rmed
for s
imila
r pla
nts,
acco
untin
g fo
r diff
eren
ces i
n un
ique
pla
nt fe
atur
es.
b)
Com
paris
on w
ith re
sults
of s
imila
r ana
lyse
s with
oth
er c
odes
.
c)
Che
ck b
y ot
her m
eans
, e.g
. sim
plifi
ed e
ngin
eerin
g ca
lcul
atio
ns.
49
T
able
6.2
-C
Att
ribu
tes f
or S
ucce
ss C
rite
ria
Form
ulat
ion
and
Supp
ortin
g A
naly
sis:
Tas
k SC
-C ‘D
ocum
enta
tion’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
SC-C
Th
e do
cum
enta
tion
of su
cces
s crit
eria
form
ulat
ion
and
of th
e su
ppor
ting
anal
ysis
is c
arrie
d ou
t in
a m
anne
r, w
hich
is fu
lly tr
acea
ble
and
allo
ws c
hang
ing
and
repr
oduc
tion
of th
e as
sess
men
t if r
equi
red
by a
n ap
plic
atio
n.
SC-C
01
Each
of t
he su
cces
s crit
eria
and
the
supp
ortin
g as
sess
men
ts, e
ngin
eerin
g ba
ses,
refe
renc
es
and
assu
mpt
ions
are
doc
umen
ted
in d
etai
l:
- C
onse
rvat
ive
assu
mpt
ions
are
des
crib
ed a
nd d
ocum
ente
d in
clud
ing
the
ratio
nale
for
usin
g co
nser
vatis
m a
nd a
n as
sess
men
t of i
mpa
cts.
- A
det
aile
d an
d tra
ceab
le d
escr
iptio
n of
con
dens
atio
n, g
roup
ing,
bin
ning
, ag
glom
erat
ion,
scre
enin
g an
d si
mpl
ifica
tion
step
s is g
iven
incl
udin
g ju
stifi
catio
ns a
nd
an a
sses
smen
t of e
ffect
s and
whi
ch is
con
sist
ent w
ith th
e in
itiat
ing
even
t and
acc
iden
t se
quen
ce a
naly
sis t
asks
.
- Th
e ba
sis f
or th
e su
cces
s crit
eria
dev
elop
men
t pro
cess
is d
ocum
ente
d in
a w
ay, w
hich
is
con
sist
ent w
ith th
e in
itiat
ing
even
t and
acc
iden
t seq
uenc
e an
alys
is ta
sks.
SC-C
02
The
uses
, rat
iona
le a
nd b
ackg
roun
d in
form
atio
n fo
r exp
ert j
udgm
ent i
s doc
umen
ted
in a
w
ay w
hich
is tr
acea
ble
and
repr
oduc
ible
.
Unc
erta
intie
s and
var
iabi
litie
s in
expe
rt ju
dgm
ent a
re st
ated
. The
impa
cts o
r effe
cts o
f the
se
unce
rtain
ties a
nd v
aria
bilit
ies a
re a
sses
sed
as p
art o
f the
Res
ults
Ana
lysi
s and
Inte
rpre
tatio
n Ta
sk.
(See
als
o Ta
ble
12.2
-B, G
ener
al A
ttrib
ute
RI-
B02
).
RA
TIO
NA
LE:
App
licat
ions
may
requ
ire re
doin
g ex
pert
judg
men
ts,
parti
ally
or a
s a w
hole
. Mea
ning
ful r
esul
ts a
nd c
ompa
rison
s can
onl
y be
ac
hiev
ed in
such
cas
e if
the
expe
rt ju
dgm
ent p
roce
ss in
clud
ing
back
grou
nd in
form
atio
n an
d ju
stifi
catio
ns a
re su
ffic
ient
ly d
ocum
ente
d.
SC-C
03
The
ratio
nale
use
d in
the
appl
icat
ion
of su
cces
s crit
eria
for s
ituat
ions
for w
hich
ther
e is
m
ore
than
one
tech
nica
l app
roac
h, n
one
of w
hich
is u
nive
rsal
ly a
ccep
ted
as c
orre
ct, i
s do
cum
ente
d an
d th
e ef
fect
s of u
sing
a p
artic
ular
app
roac
h is
just
ified
and
impa
cts
disc
usse
d.
SC-C
04
The
follo
win
g is
doc
umen
ted
cons
iste
nt w
ith a
nd n
ot e
xten
sive
ly d
oubl
ing
the
info
rmat
ion
pres
ente
d in
the
task
s for
initi
atin
g ev
ents
, acc
iden
t seq
uenc
e as
sess
men
t, hu
man
inte
ract
ion
anal
ysis
and
syst
ems a
naly
sis:
a)
The
defin
ition
of c
ore
dam
age
used
in th
e PS
A in
clud
ing
the
basi
s for
any
sele
cted
pa
ram
eter
s and
par
amet
er v
alue
s.
b)
Cal
cula
tions
(gen
eric
and
pla
nt-s
peci
fic) o
r oth
er re
fere
nces
use
d to
est
ablis
h su
cces
s cr
iteria
, and
iden
tific
atio
n of
cas
es fo
r whi
ch th
ey a
re u
sed.
c)
Iden
tific
atio
n of
com
pute
r cod
es o
r oth
er m
etho
ds u
sed
to e
stab
lish
plan
t-spe
cific
su
cces
s crit
eria
.
50
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
d)
A d
escr
iptio
n of
the
limita
tions
(e.g
. pot
entia
l con
serv
atis
ms o
r lim
itatio
ns th
at c
ould
ch
alle
nge
the
appl
icab
ility
of c
ompu
ter c
ode
mod
els i
n ce
rtain
cas
es) o
f the
ca
lcul
atio
ns o
r cod
es.
e)
Iden
tific
atio
n of
impo
rtant
ass
umpt
ions
use
d in
est
ablis
hing
succ
ess c
riter
ia.
f)
A d
etai
led
and
trace
able
des
crip
tion
of c
onde
nsat
ion,
gro
upin
g, b
inni
ng,
aggl
omer
atio
n, sc
reen
ing-
out a
nd si
mpl
ifica
tion
step
s whe
re u
sed
incl
udin
g ju
stifi
catio
ns a
nd im
pact
ass
essm
ent a
nd c
onsi
sten
t with
the
initi
atin
g ev
ent a
nd
acci
dent
sequ
ence
ana
lysi
s tas
ks.
g)
A su
mm
ary
of su
cces
s crit
eria
for t
he sa
fety
rela
ted
func
tions
, sys
tem
s and
hum
an
inte
ract
ions
for e
ach
acci
dent
initi
atin
g ev
ent g
roup
.
h)
The
basi
s for
det
erm
inin
g th
e tim
e w
indo
ws a
nd o
ther
con
ditio
ns fo
r hum
an
inte
ract
ions
.
i) Th
e de
scrip
tion
of p
roce
sses
use
d to
def
ine
succ
ess c
riter
ia fo
r gro
uped
initi
atin
g ev
ents
or a
ccid
ent s
eque
nces
.
51
7. PSA ELEMENT ‘SY’: SYSTEMS ANALYSIS
7.1 Main objectives The objectives of the systems analysis element are to identify and quantify the causes
of failure for each plant system represented in the initiating event analysis and accident sequence analysis in such a way that:
• For each safety function in accident sequence models, system models are developed with account for success criteria.
• System-level success criteria, mission times, time windows for operator actions, different initial system alignments and assumptions provide the basis for the system logic models as reflected in the model. A reasonably complete set of system failure and unavailability modes for each system is represented.
• Human errors and operator actions that could influence the system unavailability or the system’s contribution to accident sequences are identified for development as part of the HRA element.
• Intersystem dependencies and intra-system dependencies including functional, human, phenomenological, and common-cause failures that could influence system unavailability or the system’s contribution to accident-sequence frequencies are identified and accounted for.
7.2. Systems analysis tasks and their attributes Table 7.2 lists the main tasks for the PSA element ‘Systems Analysis’. Tables 7.2-A
through 7.2-D present the description of general and special attributes for these tasks.
Table 7.2 Main Tasks for Systems Analysis
Task ID Task Content
SY-A System Characterisation and System Boundary Definition
SY-B Failure Cause Identification and Modelling
SY-C Identification and Modelling of Dependencies
SY-D Documentation
52
T
able
7.2
-A
Att
ribu
tes f
or S
yste
ms A
naly
sis:
Tas
k SY
-A ‘S
yste
m C
hara
cter
isat
ion
and
Syst
em B
ound
ary
Def
initi
on’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
SY-A
Sy
stem
cha
ract
eris
tics i
nclu
ding
bou
ndar
ies a
re d
efin
ed fo
r all
syst
ems,
incl
udin
g su
ppor
t sy
stem
s, ne
eded
for p
erfo
rmin
g th
e fu
nctio
ns id
entif
ied
in th
e ac
cide
nt se
quen
ce a
naly
sis.
SY-A
01
Plan
t inf
orm
atio
n so
urce
s are
revi
ewed
in o
rder
to:
- D
efin
e sy
stem
func
tion
durin
g no
rmal
and
acc
iden
t con
ditio
ns
- Es
tabl
ish
syst
em b
ound
arie
s
- Id
entif
y in
terf
aces
with
oth
er sy
stem
s
- Id
entif
y in
stru
men
tatio
n an
d co
ntro
l req
uire
men
ts in
clud
ing
oper
ator
inte
rfac
e
- Id
entif
y te
stin
g an
d m
aint
enan
ce re
quire
men
ts a
nd p
ract
ices
- Id
entif
y op
erat
ing
limita
tions
such
as t
hose
impo
sed
by te
chni
cal s
peci
ficat
ions
- Id
entif
y pr
oced
ures
for t
he o
pera
tion
of th
e sy
stem
dur
ing
norm
al a
nd a
ccid
ent
cond
ition
s
- Id
entif
y sy
stem
con
figur
atio
n du
ring
norm
al a
nd a
ccid
ent c
ondi
tions
- Id
entif
y sy
stem
test
and
surv
eilla
nce
proc
edur
es
- A
scer
tain
syst
em o
pera
ting
hist
ory
- A
scer
tain
sys
tem
mod
ifica
tion
hist
ory.
EXA
MPL
ES o
f inf
orm
atio
n so
urce
s inc
lude
:
Syst
em P
&ID
s, on
e-lin
e di
agra
ms,
inst
rum
enta
tion
and
cont
rol
draw
ings
, spa
tial l
ayou
t dra
win
gs, s
yste
m o
pera
ting
proc
edur
es,
abno
rmal
ope
ratin
g pr
oced
ures
, em
erge
ncy
proc
edur
es, s
ucce
ss
crite
ria c
alcu
latio
ns, t
he fi
nal o
r upd
ated
SA
R, t
echn
ical
sp
ecifi
catio
ns, t
rain
ing
info
rmat
ion,
syst
em d
escr
iptio
ns a
nd re
late
d de
sign
doc
umen
ts, a
ctua
l sys
tem
ope
ratin
g ex
perie
nce
and
inte
rvie
ws
with
syst
em e
ngin
eers
and
ope
rato
rs.
SY-A
02
Com
pone
nts r
equi
red
for s
yste
m o
pera
tion
and
the
supp
ort s
yste
ms i
nter
face
s req
uire
d fo
r ac
tuat
ion
and
oper
atio
n of
the
syst
em c
ompo
nent
s are
iden
tifie
d.
CO
MM
ENT:
The
bou
ndar
ies o
f sys
tem
s def
ined
in a
PSA
may
be
diffe
rent
from
the
boun
dary
use
d in
the
plan
t bei
ng a
naly
sed.
53
T
able
7.2
-B
Att
ribu
tes f
or S
yste
ms A
naly
sis:
Tas
k SY
-B: ‘
Failu
re C
ause
Iden
tific
atio
n an
d M
odel
ling’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
SY-B
Sy
stem
mod
els a
re d
evel
oped
for a
ll sy
stem
s inc
lude
d in
Tas
k A
.
SY-B
01
The
syst
em m
odel
s inc
lude
with
in th
e bo
unda
ry th
e co
mpo
nent
s req
uire
d fo
r sys
tem
op
erat
ion
(as i
dent
ified
abo
ve),
incl
udin
g in
terf
aces
as i
dent
ified
in S
Y-A
02 (T
able
7.2
-A).
SY-B
02
Bot
h no
rmal
and
alte
rnat
e sy
stem
alig
nmen
ts a
re m
odel
led.
C
OM
MEN
T: D
epen
ding
on
the
mod
ellin
g te
chni
que,
a si
ngle
sy
stem
mod
el m
ay b
e co
nstru
cted
that
add
ress
es a
ll al
ignm
ents
, or
sepa
rate
mod
els m
ay b
e de
velo
ped
for e
ach
diffe
rent
alig
nmen
t.
SY-B
03
Syst
em m
odel
s are
dev
elop
ed fo
r all
succ
ess c
riter
ia re
quire
d in
the
acci
dent
sequ
ence
m
odel
s.
COM
MEN
TS:
1) S
ucce
ss c
riter
ia fo
r all
syste
ms a
re d
evel
oped
acc
ordi
ng to
Sec
tion
6.
2) D
epen
ding
on
the
mod
ellin
g te
chni
que,
a si
ngle
syste
m m
odel
may
be
con
struc
ted
that
add
ress
es a
ll su
cces
s crit
eria
, or s
epar
ate
mod
els
may
be
deve
lope
d fo
r eac
h su
cces
s crit
erio
n.
EXA
MPL
E: (a
) diff
eren
t suc
cess
crit
eria
are
requ
ired
for s
ome
syste
ms t
o m
itiga
te d
iffer
ent a
ccid
ent s
cena
rios:
the
num
ber o
f pum
ps
requ
ired
to o
pera
te in
som
e sy
stem
s is d
epen
dent
upo
n th
e ac
cide
nt
initi
atin
g ev
ent;
(b) s
ucce
ss c
riter
ia fo
r som
e sy
stem
s are
dep
ende
nt o
n th
e su
cces
s of a
noth
er c
ompo
nent
in th
e sy
stem
; (c)
succ
ess c
riter
ia
for s
ome
syste
ms a
re ti
me-
depe
nden
t.
SY-B
04
The
boun
darie
s of t
he c
ompo
nent
s req
uire
d fo
r sys
tem
ope
ratio
n m
atch
the
defin
ition
s use
d to
es
tabl
ish th
e co
mpo
nent
failu
re d
ata.
Thi
s attr
ibut
e co
mpl
ies a
lso w
ith G
ener
al A
ttrib
ute
SY-
C02
(Tab
le 7
.2-C
).
EXA
MPL
E: A
loca
l con
trol c
ircui
t for
a p
ump
does
not
nee
d to
be
incl
uded
exp
licitl
y in
the
syste
m m
odel
if th
e co
ntro
l circ
uit i
s not
sh
ared
with
ano
ther
com
pone
nt a
nd th
e pu
mp
failu
re d
ata
used
in
quan
tifyi
ng th
e sy
stem
mod
el in
clud
e co
ntro
l circ
uit f
ailu
res.
SY-B
05
A sy
stem
atic
met
hod
is u
sed
for i
dent
ifica
tion
of c
ompo
nent
una
vaila
bilit
y an
d fa
ilure
m
odes
. EX
AM
PLE
is th
e us
e of
FM
EA.
54
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
Syst
ems m
odel
s are
dev
elop
ed to
incl
ude
all c
ompo
nent
failu
re m
odes
and
una
vaila
bilit
ies
that
lead
to fa
ilure
to a
chie
ve sy
stem
func
tion
as d
efin
ed b
y th
e sy
stem
succ
ess c
riter
ia e
xcep
t as
exc
lude
d by
SY
-B13
.
EXA
MPL
E of
failu
re m
odes
(not
a c
ompr
ehen
sive
list
): -
activ
e co
mpo
nent
fails
to st
art;
- ac
tive
com
pone
nt fa
ils to
con
tinue
to ru
n;
- fa
ilure
of a
clo
sed
com
pone
nt to
ope
n;
- fa
ilure
of a
clo
sed
com
pone
nt to
rem
ain
clos
ed;
- fa
ilure
of a
n op
en c
ompo
nent
to c
lose
; -
failu
re o
f an
open
com
pone
nt to
rem
ain
open
; -
activ
e co
mpo
nent
spur
ious
ope
ratio
n;
- pl
uggi
ng o
f an
activ
e or
pas
sive
com
pone
nt;
- le
akag
e of
an
activ
e or
pas
sive
com
pone
nt;
- ru
ptur
e of
an
activ
e or
pas
sive
com
pone
nt;
- in
tern
al le
akag
e of
a c
ompo
nent
; -
inte
rnal
rupt
ure
of a
com
pone
nt;
- fa
ilure
to p
rovi
de si
gnal
(e.g
. ins
trum
enta
tion)
; -
spur
ious
sign
al/o
pera
tion;
-
pre-
initi
ator
hum
an fa
ilure
eve
nts3 .
SY-B
06
Spec
ial A
ttrib
ute
SY-B
06-S
1 Le
akag
es/r
uptu
res o
f pas
sive
com
pone
nts a
re in
clud
ed in
the
mod
el.
RATI
ON
ALE :
Mod
ellin
g of
pas
sive
com
pone
nts f
ailu
res (
e.g.
pip
e se
gmen
ts) i
s use
ful f
or P
SA a
pplic
atio
ns d
ealin
g w
ith o
ptim
izat
ion
of
ISI.
SY-B
07
The
mod
els i
nclu
de c
onsi
dera
tion
to fl
ow d
iver
sion
as a
resu
lt of
com
pone
nt fa
ilure
s whe
n th
e flo
w d
iver
sion
is su
ffici
ent t
o fa
il a
syst
em o
r a tr
ain
func
tion
as d
efin
ed b
y th
e sy
stem
su
cces
s crit
eria
. Ex
clus
ion
of fl
ow d
iver
sion
failu
re m
odes
from
the
mod
el is
just
ified
by
anal
ysis
.
EXA
MPL
ES a
re:
- Fl
ow is
div
erte
d th
roug
h re
circ
ulat
ion
lines
. -
Flow
is d
iver
ted
by ro
und
pum
ping
due
to p
ump
failu
re a
nd
failu
re o
f che
ck v
alve
to re
-clo
se.
- Fl
ow is
div
erte
d th
roug
h sp
urio
usly
ope
n ov
erpr
essu
re
prot
ectio
n sa
fety
relie
f val
ve in
the
syst
em.
3 ‘Pre
-initi
ator
hum
an fa
ilure
eve
nt’ r
epre
sent
s the
failu
re o
f pla
nt st
aff t
o pe
rform
cor
rect
ly th
e re
quire
d ac
tiviti
es th
at c
ause
s the
una
vaila
bilit
y of
the
com
pone
nt, s
yste
m, o
r fun
ctio
n. T
hese
ac
tiviti
es a
re u
sual
ly d
ealin
g w
ith te
st a
nd m
aint
enan
ce.
55
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
SY-B
08
Una
vaila
bilit
y fo
r com
pone
nts d
ue to
test
ing
and
mai
nten
ance
(bot
h pr
even
tive
and
corr
ectiv
e) is
incl
uded
in th
e sy
stem
mod
els c
onsi
sten
t with
the
actu
al p
ract
ices
and
his
tory
of
the
plan
t for
rem
ovin
g eq
uipm
ent f
rom
serv
ice:
-
unav
aila
bilit
y ca
used
by
test
ing
whe
n a
com
pone
nt o
r sys
tem
trai
n is
reco
nfig
ured
from
its
requ
ired
acci
dent
miti
gatin
g po
sitio
n su
ch th
at th
e co
mpo
nent
can
not f
unct
ion
as
requ
ired
if an
initi
atin
g ev
ent o
ccur
; -
mai
nten
ance
eve
nts a
t the
trai
n le
vel w
hen
proc
edur
es re
quire
isol
atin
g th
e en
tire
train
fo
r mai
nten
ance
; -
mai
nten
ance
eve
nts a
t a su
b-tra
in le
vel (
i.e.,
betw
een
tag
out b
ound
arie
s, su
ch a
s a
func
tiona
l equ
ipm
ent g
roup
) whe
n di
rect
ed b
y pr
oced
ures
. R
estri
ctio
ns o
n co
inci
dent
una
vaila
bilit
y of
com
pone
nts/
train
s due
to m
aint
enan
ce b
ased
on
plan
t adm
inis
trativ
e pr
actic
es su
ch a
s Tec
hnic
al S
peci
ficat
ions
are
add
ress
ed.
EXA
MPL
ES o
f out
-of-
serv
ice
unav
aila
bilit
y to
be
mod
elle
d:
- Tr
ain
outa
ges d
urin
g a
wor
k w
indo
w fo
r pre
vent
ive/
corr
ectiv
e m
aint
enan
ce
- A
func
tiona
l equ
ipm
ent g
roup
rem
oved
from
serv
ice
for
prev
entiv
e/co
rrec
tive
mai
nten
ance
-
A re
lief v
alve
take
n ou
t of s
ervi
ce
CO
MM
ENT:
The
coi
ncid
ent m
aint
enan
ce o
n tw
o re
dund
ant t
rain
s, if
perm
itted
, may
be
an im
porta
nt ri
sk c
ontri
buto
r, an
d th
is
poss
ibili
ty n
eeds
to b
e co
nsid
ered
.
Sp
ecia
l Attr
ibut
e SY
-B08
-S1:
Th
e sy
stem
mod
els i
nclu
de th
e ab
ility
to tu
rn te
st a
nd m
aint
enan
ce
cont
ribu
tions
on
and
off.
RATI
ON
ALE :
E.g
. a R
isk
Mon
itor r
efle
cts a
ctua
l con
figur
atio
n an
d m
aint
enan
ce a
ctiv
ities
and
mea
n va
lue
mai
nten
ance
una
vaila
bilit
y ar
e no
t use
d.
Sp
ecia
l Attr
ibut
e SY
-B08
-S2:
Sy
stem
mod
els r
efle
ct th
e re
al m
aint
enan
ce si
tuat
ion
with
mai
nten
ance
un
avai
labi
lity
attr
ibut
ed to
eac
h tr
ain.
Attr
ibut
ing
all m
aint
enan
ce
unav
aila
bilit
y to
one
par
ticul
ar tr
ain
is a
void
ed.
RATI
ON
ALE:
Cer
tain
app
licat
ions
will
requ
ire
trai
n-sp
ecifi
c m
odel
ling.
Sp
ecia
l Attr
ibut
e SY
-B08
-S3:
Sy
mm
etri
c m
odel
s are
dev
elop
ed to
avo
id o
vere
stim
atio
n of
impo
rtan
ce o
f so
me
part
icul
ar re
dund
ant c
ompo
nent
s or t
rain
s and
und
eres
timat
ion
of
othe
rs. A
ttrib
utin
g th
e IE
loca
lizat
ion
or c
halle
nges
for e
quip
men
t ac
tuat
ion
to p
artic
ular
com
pone
nts f
rom
the
set o
f red
unda
nt c
ompo
nent
s is
avo
ided
.
RATI
ON
ALE:
The
app
licat
ions
dea
ling
with
rank
ing
com
pone
nts i
n ac
cord
ance
with
thei
r im
port
ance
mea
sure
s req
uire
equ
al
cons
ider
atio
n of
the
poss
ibili
ty o
f an
IE to
occ
ur in
any
of t
he
redu
ndan
t tra
ins o
r loo
ps a
nd o
f the
redu
ndan
t com
pone
nts t
o op
erat
e w
hen
dem
ande
d.
EXAM
PLE:
N
on-s
ymm
etri
c m
odel
: Ste
am li
ne ru
ptur
e is
mod
eled
as a
rupt
ure
on a
sing
le se
lect
ed S
G (e
.g. S
G1)
with
the
tota
l IE
freq
uenc
y at
trib
uted
to th
e st
eam
line
ass
ocia
ted
with
SG
1; in
this
cas
e th
e ef
fect
of u
nava
ilabi
lity
of th
e SG
1 is
olat
ion
valv
e w
ill b
e ov
eres
timat
ed a
nd th
e ef
fect
of u
nava
ilabi
litie
s of e
quiv
alen
t is
olat
ion
valv
es o
n ot
her S
Gs u
nder
estim
ated
. Sy
mm
etri
c m
odel
: Ste
am li
ne ru
ptur
e is
mod
eled
as a
rupt
ure
on a
ny
SG w
ith th
e fr
eque
ncy
part
ition
ed e
qual
ly b
etw
een
all S
Gs.
In th
is
case
, im
port
ance
mea
sure
s of r
edun
dant
com
pone
nts a
re n
ot b
iase
d.
56
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
SY-B
09
In th
e sy
stem
s ana
lysi
s, al
l hum
an e
rror
s tha
t cau
se th
e sy
stem
or c
ompo
nent
to b
e un
avai
labl
e w
hen
dem
ande
d ar
e in
clud
ed (s
ee T
asks
HR
-A th
roug
h H
R-C
in S
ectio
n 8)
. EX
AM
PLE:
An
oper
ator
fails
to re
stor
e a
com
pone
nt to
its c
orre
ct
stat
e af
ter m
aint
enan
ce a
nd e
rron
eous
cal
ibra
tion.
Tas
k an
alys
is is
an
exa
mpl
e of
a m
etho
d th
at c
an b
e us
ed to
iden
tify
pote
ntia
l err
ors.
SY-B
10
In th
e sy
stem
mod
el, o
pera
tor e
rror
s tha
t can
occ
ur d
urin
g th
e op
erat
ion
of th
e sy
stem
or
com
pone
nts a
re in
clud
ed.
CO
MM
ENT:
Ope
rato
r err
ors n
eed
not b
e in
clud
ed in
the
syst
em
logi
c if
they
are
alre
ady
incl
uded
in th
e ac
cide
nt se
quen
ce m
odel
s w
here
the
rele
vant
func
tion
of th
e sy
stem
is m
odel
led
(see
Tas
ks
HR
-E a
nd H
R-F
in S
ectio
n 8)
.
SY-B
11
Com
pone
nt fa
ilure
s tha
t wou
ld b
e be
nefic
ial t
o sy
stem
ope
ratio
n ar
e no
t inc
lude
d in
the
mod
el.
EXA
MPL
E of
a b
enef
icia
l fai
lure
: A fa
ilure
of a
n in
stru
men
t in
such
a
fash
ion
as to
gen
erat
e a
requ
ired
actu
atio
n si
gnal
.
SY-B
12
Cre
dit i
s not
take
n fo
r sys
tem
or c
ompo
nent
ope
rabi
lity
beyo
nd ra
ted
or d
esig
n ca
pabi
litie
s un
less
just
ified
.
CO
MM
ENT:
The
info
rmat
ion
whi
ch c
ould
be
used
for j
ustif
icat
ion
incl
udes
: -
test
or o
pera
tiona
l dat
a;
- ca
lcul
atio
ns;
- ve
ndor
inpu
t; -
expe
rt ju
dgm
ent.
SY-B
13
Con
tribu
tors
to sy
stem
una
vaila
bilit
y an
d un
relia
bilit
y (i.
e., c
ompo
nent
s and
spec
ific
failu
re
mod
es) m
ay b
e ex
clud
ed fr
om th
e m
odel
if o
ne o
f the
follo
win
g sc
reen
ing
crite
ria is
met
: a)
A
com
pone
nt m
ay b
e ex
clud
ed fr
om th
e sy
stem
mod
el if
the
tota
l fai
lure
pro
babi
lity
of
the
com
pone
nt fa
ilure
mod
es re
sulti
ng in
the
sam
e ef
fect
on
syst
em o
pera
tion
is a
t lea
st
two
orde
rs o
f mag
nitu
de lo
wer
than
the
high
est f
ailu
re p
roba
bilit
y of
the
othe
r co
mpo
nent
s in
the
sam
e sy
stem
trai
n th
at re
sults
in th
e sa
me
effe
ct o
n sy
stem
ope
ratio
n.
b)
One
or m
ore
failu
re m
odes
for a
com
pone
nt m
ay b
e ex
clud
ed fr
om th
e sy
stem
s mod
el if
th
e co
ntrib
utio
n of
them
to th
e to
tal f
ailu
re ra
te o
r pro
babi
lity
is le
ss th
an 1
% o
f the
tota
l fa
ilure
rate
or p
roba
bilit
y fo
r tha
t com
pone
nt, t
akin
g in
to a
ccou
nt th
e sa
me
effe
ct o
n sy
stem
ope
ratio
n, o
r
c)
The
scre
ened
con
tribu
tors
are
pos
ition
faul
ts fo
r com
pone
nts (
such
as t
hose
that
occ
ur
durin
g or
follo
win
g te
st a
nd m
aint
enan
ce a
ctiv
ities
) for
whi
ch th
e co
mpo
nent
rece
ives
an
auto
mat
ic si
gnal
to p
lace
it in
its r
equi
red
stat
e an
d no
oth
er p
ositi
on fa
ults
exi
sts (
e.g.
pu
lled
brea
kers
) tha
t wou
ld p
recl
ude
the
com
pone
nt fr
om re
ceiv
ing
the
sign
al, o
r
RA
TIO
NA
LE: O
ther
com
pone
nt fa
ilure
mod
es w
ill b
e do
min
atin
g co
ntrib
utor
s to
syst
em u
nava
ilabi
lity.
In a
dditi
on, C
CF
cont
ribut
ion
is li
kely
to b
e do
min
ated
by
com
pone
nts a
nd fa
ilure
mod
es th
at a
re
not e
xclu
ded.
57
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
d)
It
is sh
own
that
the
omis
sion
of t
he c
ontri
buto
r doe
s not
hav
e a
sign
ifica
nt im
pact
on
the
resu
lts.
Com
pone
nts o
r fai
lure
mod
es u
sing
crit
eria
(a),
(b),
or (c
) if t
hey
coul
d fa
il m
ultip
le sy
stem
s or
mul
tiple
trai
ns o
f a sy
stem
AR
E N
OT
SCR
EEN
ED.
Sp
ecia
l Attr
ibut
e SY
-B13
-S1:
Th
e ba
sic
even
t4 scre
enin
g pr
oces
s is r
evis
ited
for c
erta
in a
pplic
atio
ns.
RA
TIO
NAL
E: A
che
ckin
g w
ill b
e ne
eded
to m
ake
sure
that
or
igin
ally
scre
ened
out
eve
nts d
o no
t hav
e an
impa
ct o
n ap
plic
atio
n re
sults
. SY
-B14
N
o cr
edit
is g
iven
to re
pair
(rec
over
y) o
f har
dwar
e fa
ults
, unl
ess t
he fe
asib
ility
of r
epai
r is
just
ified
.
SY-B
15
Whe
n si
mpl
ified
mod
els,
such
as s
ingl
e ba
sic
even
t mod
ellin
g an
d gr
oupi
ng o
f bas
ic e
vent
s in
to su
per c
ompo
nent
s, ar
e us
ed, p
oten
tial s
ourc
es o
f dep
ende
ncie
s are
con
side
red
expl
icitl
y.
RA
TIO
NA
LE: S
impl
ified
mod
els m
ay m
ask
cont
ribut
ions
to th
e re
sults
of s
uppo
rt sy
stem
s or o
ther
dep
ende
nt-fa
ilure
mod
es.
EXA
MPL
ES:
Exam
ples
of d
epen
denc
ies t
hat a
re n
eede
d to
be
cons
ider
ed
expl
icitl
y in
clud
e op
erat
or a
ctio
ns, f
unct
iona
l dep
ende
ncie
s, sh
ared
co
mpo
nent
s, et
c.
Syst
ems t
hat s
omet
imes
hav
e no
t bee
n m
odel
led
in d
etai
l inc
lude
the
scra
m sy
stem
, the
pow
er-c
onve
rsio
n sy
stem
, ins
trum
ent a
ir, a
nd th
e ke
ep-f
ill s
yste
ms.
4 ‘Bas
ic e
vent
’ is a
n el
emen
t rep
rese
ntin
g an
eve
nt in
a sy
stem
faul
t mod
el th
at re
quire
s no
furth
er d
ecom
posi
tion
(e.g
. ‘pu
mp
fails
to st
art w
hen
dem
ande
d’, ‘
pum
p is
una
vaila
ble
due
to te
st o
r m
aint
enan
ce’,
etc.
).
58
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
Sp
ecia
l Attr
ibut
e SY
-B15
-S1:
Ea
ch sy
stem
is m
odel
led
with
sepa
rate
bas
ic e
vent
s dow
n to
the
leve
l of
deta
il re
quir
ed fo
r sup
port
ing
a sp
ecifi
c ap
plic
atio
n.
RATI
ON
ALE :
Cer
tain
app
licat
ions
may
requ
ire
a de
taile
d m
odel
ling
to ta
ke in
to a
ccou
nt d
iffer
ence
s bet
wee
n co
mpo
nent
s gr
oupe
d to
geth
er. E
xam
ples
of d
iffer
ence
s inc
lude
: -
hard
war
e fa
ilure
s tha
t are
not
reco
vera
ble
vers
us a
ctua
tion
sign
als w
hich
are
reco
vera
ble;
-
even
ts w
ith d
iffer
ent r
ecov
ery
pote
ntia
l; -
HE
even
ts th
at c
an h
ave
diffe
rent
pro
babi
litie
s dep
ende
nt o
n th
e co
ntex
t of d
iffer
ent a
ccid
ent s
eque
nces
; -
even
ts w
hich
are
mut
ually
exc
lusi
ve o
f oth
er e
vent
s not
in th
e m
odul
e;
- ev
ents
whi
ch o
ccur
in o
ther
faul
t tre
es (e
spec
ially
com
mon
-ca
use
even
ts);
-
com
pone
nts h
avin
g di
ffere
nt m
aint
enan
ce a
nd te
stin
g st
rate
gies
; -
SSC
s use
d by
oth
er sy
stem
s.
SY-B
16
An
appr
opria
te re
liabi
lity
mod
el, t
hat m
atch
es th
e de
finiti
ons a
nd d
ata
avai
labl
e, is
use
d fo
r ea
ch b
asic
eve
nt.
EXA
MPL
ES: R
elia
bilit
y m
odel
s in
use
in d
iffer
ent P
SAs i
nclu
de:
1. M
onito
red,
repa
irabl
e (s
tand
by fa
ilure
rate
, rep
air t
ime)
2.
Per
iodi
cally
test
ed (
stan
dby
failu
re ra
te, t
est i
nter
val)
3. C
onst
ant u
nava
ilabi
lity
(pro
babi
lity)
4.
Fix
ed m
issi
on ti
me
(ope
ratin
g fa
ilure
rate
, mis
sion
tim
e)
5. N
on re
paira
ble
(sta
ndby
failu
re ra
te)
Sp
ecia
l Attr
ibut
e SY
-B16
-S1:
Ti
me-
depe
nden
t fai
lure
mod
els a
re u
sed.
RA
TIO
NAL
E : C
erta
in a
pplic
atio
ns, e
g te
st in
terv
al o
ptim
isat
ion,
re
quir
e th
e us
e of
tim
e de
pend
ent m
odel
s.
SY-B
17
The
even
t nam
ing
sche
me
is d
evel
oped
in a
con
sist
ent m
anne
r (se
e al
so T
able
9.2
-A, G
ener
al
Attr
ibut
e D
A-A
02).
RA
TIO
NA
LE: M
odel
man
ipul
atio
n an
d in
terp
reta
tion
is fa
cilit
ated
by
for e
xam
ple
usin
g th
e sa
me
desi
gnat
or fo
r a c
ompo
nent
type
and
fa
ilure
mod
e.
59
T
able
7.2
-C
Att
ribu
tes f
or S
yste
ms A
naly
sis:
Tas
k SY
-C ‘I
dent
ifica
tion
and
Mod
ellin
g of
Dep
ende
ncie
s’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
SY-C
A
ll de
pend
enci
es a
re id
entif
ied.
Des
ign
rela
ted
and
oper
atio
nal d
epen
denc
ies,
both
di
rect
and
indi
rect
, are
exp
licitl
y m
odel
led
as fa
r as p
ossi
ble.
Res
idua
l dep
ende
ncie
s ar
e ac
coun
ted
for b
y C
CF
mod
ellin
g.
All
com
pone
nts o
r fai
lure
mod
es, w
hich
cou
ld fa
il m
ultip
le s
yste
ms (
so c
alle
d sh
ared
co
mpo
nent
s), a
re in
clud
ed in
the
mod
el, e
ven
if th
e in
depe
nden
t im
pact
of t
he
com
pone
nt/fa
ilure
mod
e is
con
side
red
non-
sign
ifica
nt.
RA
TIO
NA
LE: F
ailu
re o
f sha
red
com
pone
nts m
ay h
ave
a si
gnifi
cant
co
ntrib
utio
n to
risk
.
EXA
MPL
E: C
omm
on su
ctio
n pi
pe fe
edin
g tw
o sy
stem
s.
SY-C
01
Spec
ial A
ttrib
ute
SY
-C01
-S1
Whe
n pi
pe ru
ptur
e/le
aks a
re in
clud
ed in
the
mod
el, t
he e
ffect
of p
ipe
failu
re o
n th
e ef
fect
iven
ess o
f all
conn
ecte
d co
mpo
nent
s (e.
g.
pum
ps, h
eat e
xcha
nger
s) is
mod
elle
d.
RATI
ON
ALE:
PSA
app
licat
ions
dea
ling
with
opt
imiz
atio
n of
ISI (
i.e. r
isk-
info
rmed
ISI)
requ
ire
adeq
uate
mod
ellin
g of
the
impa
ct o
f pip
e ru
ptur
es if
th
e la
tter a
re in
clud
ed in
the
mod
el.
EXAM
PLE:
Whe
n tw
o pu
mps
are
con
nect
ed to
the
sam
e pi
pe, a
rupt
ure
of
this
pip
e w
ould
dis
able
bot
h pu
mps
. Thi
s sho
uld
be c
orre
ctly
acc
ount
ed fo
r in
the
mod
el o
f eac
h pu
mp.
SY-C
02
A su
bcom
pone
nt th
at is
shar
ed b
y m
ore
than
one
com
pone
nt o
r affe
cts a
noth
er
com
pone
nt is
mod
elle
d se
para
tely
.
SY-C
03
Supp
ort f
unct
ions
and
syst
ems n
eede
d to
per
form
the
syst
em m
issi
on(s
) are
mod
elle
d ex
plic
itly.
Just
ifica
tion
is p
rovi
ded
for c
ases
whe
re d
epen
denc
ies a
re e
xclu
ded
from
the
mod
el.
Cau
tion:
A c
aref
ul id
entif
icat
ion
(map
ping
) and
mod
ellin
g of
con
trol l
ogic
and
pow
er
depe
nden
cies
is n
eede
d to
acc
ount
for a
ll de
pend
enci
es in
this
are
a.
EXA
MPL
E of
supp
ort f
unct
ions
: -
Act
uatio
n lo
gic
incl
udin
g pr
esen
ce o
f con
ditio
ns n
eede
d fo
r aut
omat
ic
actu
atio
n an
d pe
rmis
sive
and
lock
out s
igna
ls
- Su
ppor
t sys
tem
s req
uire
d fo
r con
trol o
f com
pone
nts
- C
ompo
nent
mot
ive
pow
er
- C
oolin
g of
com
pone
nts
- Sc
reen
cle
anin
g sy
stem
-
Hea
ting/
vent
ilatio
n sy
stem
-
Wat
er m
ake-
up
- O
verp
ress
ure
prot
ectio
n -
Any
oth
er id
entif
ied
supp
ort f
unct
ion
nece
ssar
y to
mee
t the
succ
ess
crite
ria a
nd a
ssoc
iate
d sy
stem
s
SY-C
04
Mis
sion
tim
es fo
r sup
port
syst
ems a
re m
odel
led
cons
iste
nt w
ith th
e m
issi
on ti
me
for
the
fron
t lin
e sy
stem
s and
in a
ccor
danc
e w
ith th
e su
cces
s crit
eria
(see
Tas
k SC
-B in
Se
ctio
n 6)
.
60
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
SY-C
05
The
avai
labl
e in
vent
orie
s of f
uel,
wat
er in
tank
s etc
are
com
pare
d w
ith th
ose
requ
ired
to su
ppor
t eac
h su
cces
s crit
erio
n an
d th
e m
odel
refle
cts t
he re
sults
of t
his c
ompa
rison
. R
ATI
ON
ALE
: Diff
eren
t acc
iden
t sce
nario
s may
requ
ire d
iffer
ent
inve
ntor
ies.
In so
me
case
s inv
ento
ry is
insu
ffic
ient
to c
ompl
ete
the
mis
sion
an
d su
pple
men
tary
sour
ces m
ay b
e re
quire
d. S
uch
sour
ces w
ill n
eed
to b
e in
clud
ed in
the
syst
em m
odel
.
EXA
MPL
E of
inve
ntor
ies:
-
Acc
umul
ator
air
inve
ntor
y -
Bat
tery
life
-
Die
sel f
uel t
ank
capa
city
-
Wat
er st
orag
e ta
nks
SY-C
06
The
mod
ellin
g of
ele
ctric
pow
er su
pply
con
side
rs d
iffer
ent p
ower
supp
ort c
ases
to
acco
unt f
or b
atte
ry p
ower
ava
ilabi
lity
until
rest
orat
ion
of a
uxili
ary
and
exte
rnal
pow
er.
EXA
MPL
ES o
f diff
eren
t pow
er su
pply
cas
es a
re:
- A
ll po
wer
sour
ces c
an b
e ac
coun
ted
for i
nitia
lly
- B
atte
ry p
ower
ava
ilabl
e in
itial
ly (b
atte
ry) f
or c
onne
ctin
g to
aux
iliar
y po
wer
-
Long
term
cas
e w
ithou
t bat
tery
ava
ilabi
lity,
but
oth
er p
ower
sour
ce is
re
stor
ed.
CO
MM
ENT :
Bat
terie
s can
fail
to ta
ke lo
ad w
hen
dem
ande
d. T
his f
ailu
re
mod
e ne
eds t
o be
con
side
red.
The
pro
babi
lity
of su
ch e
vent
dep
ends
on
desi
gn a
nd o
pera
tiona
l fea
ture
s of t
he b
atte
ry a
nd b
atte
ry c
harg
ing
syst
em.
SY-C
07
Syst
em c
ondi
tions
that
cau
se a
loss
of d
esire
d sy
stem
func
tion
incl
udin
g co
nditi
ons
that
cau
se th
e sy
stem
to is
olat
e or
trip
, are
mod
elle
d ex
plic
itly
by u
sing
real
istic
fu
nctio
nal r
equi
rem
ents
that
are
supp
orte
d by
eng
inee
ring
anal
ysis
.
If e
ngin
eerin
g an
alys
es a
nd d
ata
are
not a
vaila
ble
to ju
stify
cer
tain
failu
re p
roba
bilit
y,
the
equi
pmen
t/sys
tem
failu
re p
roba
bilit
y is
ass
umed
to b
e 1.
0.
EXA
MPL
ES o
f con
ditio
ns th
at is
olat
e or
trip
a sy
stem
incl
ude:
-
Syst
em-r
elat
ed p
aram
eter
s suc
h as
a h
igh
tem
pera
ture
with
in th
e sy
stem
-
Exte
rnal
par
amet
ers u
sed
to p
rote
ct th
e sy
stem
from
oth
er fa
ilure
s (e.
g.
the
high
reac
tor p
ress
ure
vess
el (R
PV) w
ater
leve
l iso
latio
n si
gnal
use
d to
pre
vent
wat
er in
trusi
on in
to th
e tu
rbin
es o
f the
RC
IC a
nd H
PCI
pum
ps o
f a B
WR
) -
Adv
erse
env
ironm
enta
l con
ditio
ns.
CO
MM
ENT:
Equ
ipm
ent p
rote
ctio
n si
gnal
s may
cau
se a
dire
ct a
utom
atic
tri
p fo
r som
e co
mpo
nent
s, or
equ
ipm
ent p
roce
dure
s req
uire
a m
anua
l trip
. B
oth
way
s nee
d to
be
cons
ider
ed if
app
licab
le.
Sp
ecia
l Attr
ibut
e SY
-C07
-S1:
En
gine
erin
g an
alys
is is
use
d to
just
ify c
erta
in fa
ilure
pro
babi
lity
due
to sp
ecifi
c sy
stem
con
ditio
ns.
RATI
ON
ALE :
Con
serv
ativ
e ap
proa
ch m
ay n
ot b
e po
ssib
le in
an
adva
nced
ap
plic
atio
n, w
here
it c
an h
ide
impo
rtan
t res
ults
.
61
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
SY-C
08
The
syst
ems p
oten
tial f
or c
ausi
ng a
CC
I is c
onsi
dere
d (s
ee a
lso
Tabl
e 4.
2-E,
Gen
eral
A
ttrib
ute
IE-E
03).
SY-C
09
SSC
s tha
t may
be
requ
ired
to o
pera
te in
con
ditio
ns b
eyon
d th
eir e
nviro
nmen
tal
qual
ifica
tions
are
iden
tifie
d an
d de
pend
ent f
ailu
res o
f mul
tiple
SSC
s tha
t res
ult f
rom
op
erat
ion
in th
ese
adve
rse
cond
ition
s are
incl
uded
.
EXA
MPL
ES o
f deg
rade
d en
viro
nmen
ts in
clud
e:
- LO
CA
insi
de c
onta
inm
ent w
ith fa
ilure
of c
onta
inm
ent h
eat r
emov
al;
- sa
fety
relie
f val
ve (i
n dr
ywel
l) op
erab
ility
in c
ase
of sm
all L
OC
A, w
ith
dryw
ell s
pray
in a
BW
R;
- hi
gh e
nerg
y lin
e br
eaks
, e. g
., st
eam
line
bre
aks o
utsi
de c
onta
inm
ent;
- de
bris
that
cou
ld p
lug
scre
ens/
filte
rs (b
oth
inte
rnal
and
ext
erna
l to
the
plan
t);
- he
atin
g of
the
wat
er su
pply
(e.g
. BW
R su
ppre
ssio
n po
ol, P
WR
co
ntai
nmen
t sum
p) th
at c
ould
affe
ct p
ump
oper
abili
ty;
- st
eam
bin
ding
of p
umps
; -
cont
ainm
ent v
ent a
nd fa
ilure
eff
ects
.
SY-C
10
The
loca
tions
of c
ompo
nent
s vul
nera
ble
to e
nviro
nmen
tal h
azar
ds th
at m
ay im
pact
sy
stem
ope
ratio
n ar
e id
entif
ied.
SY-C
11
Spat
ial a
nd e
nviro
nmen
tal h
azar
ds re
sulti
ng fr
om th
e ac
cide
nt se
quen
ce sc
enar
ios
stud
ied
that
may
impa
ct s
yste
m o
pera
tion
are
iden
tifie
d an
d ac
coun
ted
for i
n th
e sy
stem
faul
t tre
e or
the
acci
dent
sequ
ence
eva
luat
ion.
EXA
MPL
E: U
se re
sults
of p
lant
wal
k do
wns
as a
sour
ce o
f inf
orm
atio
n an
d re
solu
tion
of is
sues
in th
e ev
alua
tion
of th
eir i
mpa
cts.
SY-C
12
Ope
rato
r int
erfa
ce d
epen
denc
ies a
cros
s sys
tem
s or t
rain
s are
con
side
red
whe
re
appl
icab
le. (
See
also
Tab
le 8
.2-A
, Gen
eral
Attr
ibut
e H
R-A
02, T
able
8.2
-B, G
ener
al
Attr
ibut
e H
R-B
01, T
able
8.2
-D, G
ener
al A
ttrib
ute
HR
-D04
, and
Tab
le 8
.2-G
, Gen
eral
A
ttrib
ute
HR
-G07
).
RA
TIO
NA
LE: S
ever
al o
pera
tor a
ctio
ns re
lyin
g on
the
sam
e in
terf
ace
have
to
be
treat
ed a
s non
-inde
pend
ent e
vent
s in
orde
r to
avoi
d to
o op
timis
tic
resu
lts.
SY-C
13
Intra
-sys
tem
com
mon
cau
se fa
ilure
s are
mod
elle
d us
ing
an a
ccep
tabl
e m
odel
ling
appr
oach
.
RA
TIO
NA
LE: C
omm
on c
ause
failu
res a
re d
omin
atin
g co
ntrib
utor
to ri
sk in
pl
ants
rely
ing
on re
dund
anci
es a
s a m
eans
of a
chie
ving
a h
igh
relia
bilit
y.
EXA
MPL
E: E
xam
ples
of m
etho
ds a
re a
vaila
ble
in R
ef. [
13] a
nd R
ef. [
5].
SY-C
14
Inte
r-sy
stem
com
mon
cau
se fa
ilure
s are
con
side
red
for c
ompo
nent
s in
syst
ems t
hat a
re
shar
ed b
etw
een
diff
eren
t pla
nts.
EX
AM
PLE:
Mul
tiple
uni
t cro
sstie
s bet
wee
n th
e D
Gs o
f tw
o un
its a
t the
sa
me
site
.
62
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
Sp
ecia
l Attr
ibut
e SY
-C14
-S1:
In
ter-
syst
em c
omm
on c
ause
failu
res a
re c
onsi
dere
d.
RATI
ON
ALE:
Con
side
ratio
n of
inte
r-sy
stem
com
mon
cau
se fa
ilure
s may
be
need
ed to
avo
id u
njus
tifie
d op
timis
tic re
sults
.
EXAM
PLE:
The
sam
e ty
pe o
f val
ve a
cros
s a n
umbe
r of s
yste
ms.
CO
MM
ENT:
For
the
plan
ts w
ith h
igh
redu
ndan
cy in
term
s of s
yste
ms
perf
orm
ing
the
sam
e sa
fety
func
tion
inte
r-sy
stem
CC
F m
ay b
e th
e m
ost
impo
rtan
t con
trib
utor
to th
e fu
nctio
n fa
ilure
.
SY-C
15
Com
mon
cau
se c
ompo
nent
gro
ups (
CC
CG
s) a
re d
efin
ed b
ased
on
a lo
gica
l, sy
stem
atic
ju
stifi
ed p
roce
ss th
at c
onsi
ders
sim
ilarit
y.
CO
MM
ENTS
:
- Ty
pica
lly th
is su
gges
ts th
at C
CC
Gs a
re d
efin
ed w
ithin
the
sam
e si
ngle
sy
stem
at t
he sa
me
plan
t, bu
t whe
n tw
o or
mor
e sy
stem
s are
ess
entia
lly
iden
tical
and
ope
rate
d in
the
sam
e m
anne
r the
y ca
n be
con
side
red
acro
ss sy
stem
bou
ndar
ies.
- C
onsi
dera
tion
of d
iffer
ent f
unct
iona
l fai
lure
mod
es m
ay n
eed
defin
ition
of
mor
e th
an o
ne C
CC
G fo
r the
sam
e se
t of c
ompo
nent
s. A
n ex
ampl
e is
th
e ca
se o
f saf
ety/
relie
f val
ves
whe
re th
e fa
ilure
to o
pen
and
failu
re to
re
-clo
se a
fter o
peni
ng a
re tr
eate
d by
two
CC
CG
s, on
e fo
r eac
h fa
ilure
m
ode.
EXA
MPL
E: T
ypic
al si
mila
ritie
s use
d fo
r the
def
initi
on o
f com
mon
cau
se
com
pone
nt g
roup
s are
: des
ign/
hard
war
e, fu
nctio
n, in
stal
latio
n,
mai
nten
ance
, tes
t int
erva
l, pr
oced
ures
, ser
vice
con
ditio
ns, l
ocat
ion
and
envi
ronm
ent,
man
ufac
ture
r. C
andi
date
s for
com
mon
-cau
se fa
ilure
gro
ups
incl
ude
both
act
ive
and
pass
ive
com
pone
nts s
uch
as: m
otor
-ope
rate
d va
lves
, pu
mps
, saf
ety-
relie
f val
ves,
air-
oper
ated
val
ves,
sole
noid
-ope
rate
d va
lves
, ch
eck
valv
es, d
iese
l gen
erat
ors,
batte
ries,
inve
rters
and
bat
tery
cha
rger
, ci
rcui
t bre
aker
s, sc
ram
val
ves,
RPS
logi
c ch
anne
ls, R
PS lo
gic
sens
ors,
rela
ys, s
train
ers,
elec
trica
l bus
es, c
hille
rs, c
ompr
esso
rs, c
ontro
l rod
s, ai
r dr
yers
, fus
es (w
ire a
nd e
lect
roni
c), e
lect
ric h
eate
rs, s
witc
hes,
trans
form
ers,
vent
ilatio
n fla
ps, v
entil
atio
n fa
ns, e
tc.
Sp
ecia
l Attr
ibut
e SY
-C15
-S1:
D
iver
sifie
d co
mpo
nent
s can
nor
mal
ly b
e co
nsid
ered
to b
e in
depe
nden
t. H
owev
er, i
f the
div
ersi
fied
com
pone
nts h
ave
iden
tical
pa
rts,
ther
e m
ay b
e a
need
to b
reak
dow
n th
e co
mpo
nent
s int
o sm
alle
r par
ts, a
nd m
odel
iden
tical
par
ts a
s CC
CG
s.
RATI
ON
ALE:
Cer
tain
app
licat
ion
requ
irin
g a
high
er le
vel o
f det
ail m
ay
also
requ
ire
a hi
gher
leve
l of d
etai
l in
CC
CG
def
initi
ons.
63
T
able
7.2
-D
Att
ribu
tes f
or S
yste
ms A
naly
sis:
Tas
k SY
-D ‘D
ocum
enta
tion’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
SY-D
D
ocum
enta
tion
and
info
rmat
ion
stor
age
is p
erfo
rmed
in a
man
ner t
hat f
acili
tate
s pee
r re
view
, as w
ell a
s fut
ure
upgr
ades
and
app
licat
ions
of t
he P
SA b
y de
scrib
ing
the
proc
esse
s th
at w
ere
used
and
pro
vidi
ng d
etai
ls o
f the
ass
umpt
ions
mad
e an
d th
eir b
ases
.
SY-D
01
The
proc
esse
s tha
t wer
e fo
llow
ed to
sele
ct, t
o m
odel
, and
to q
uant
ify th
e sy
stem
un
avai
labi
lity
are
docu
men
ted.
Ass
umpt
ions
and
bas
es a
re st
ated
SY-D
02
The
follo
win
g is
doc
umen
ted:
-
Rev
isio
n hi
stor
y -
Ope
n is
sues
(que
stio
ns) a
nd a
nsw
ers o
n pr
evio
us is
sues
-
The
codi
ng sy
stem
use
d fo
r the
PSA
and
PSA
mod
el
- Sy
stem
func
tion
and
oper
atio
n un
der n
orm
al a
nd a
ccid
ent c
ondi
tions
-
Syst
em a
ctiv
atio
n/bl
ocki
ng
- A
ltern
ativ
e sy
stem
alig
nmen
ts
- Sy
stem
bou
ndar
y -
Syst
em sc
hem
atic
illu
stra
ting
all e
quip
men
t and
com
pone
nts n
eces
sary
for s
yste
m
oper
atio
n an
d co
mpo
nent
s tha
t are
mod
elle
d -
Dep
ende
ncy
mat
rices
on
com
pone
nt le
vel (
it is
use
ful t
o pr
oduc
e an
inte
grat
ed
depe
nden
cy m
atrix
to p
rovi
de a
n ov
ervi
ew o
f the
func
tiona
l dep
ende
ncie
s ove
r all
syst
ems)
-
Info
rmat
ion
and
calc
ulat
ions
to su
ppor
t equ
ipm
ent o
pera
bilit
y co
nsid
erat
ions
and
as
sum
ptio
ns
- A
ctua
l ope
ratio
nal h
isto
ry in
dica
ting
any
past
pro
blem
s in
the
syst
em o
pera
tion
mod
ifica
tion
hist
ory
- Sy
stem
succ
ess c
riter
ia a
nd re
latio
nshi
p to
acc
iden
t seq
uenc
e m
odel
s -
Hum
an a
ctio
ns n
eces
sary
for o
pera
tion
of sy
stem
-
Ref
eren
ce to
syst
em-r
elat
ed te
st a
nd m
aint
enan
ce p
roce
dure
s -
Syst
em d
epen
denc
ies a
nd sh
ared
com
pone
nt in
terf
ace
- C
ompo
nent
bou
ndar
ies
- C
ompo
nent
spat
ial i
nfor
mat
ion
64
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
- A
ssum
ptio
ns o
r sim
plifi
catio
ns m
ade
in d
evel
opm
ent o
f the
syst
em m
odel
s -
The
syst
ems p
oten
tial f
or b
eing
a C
omm
on C
ause
Initi
ator
-
A li
st o
f all
com
pone
nts a
nd fa
ilure
mod
es in
clud
ed in
the
mod
el (t
he b
asic
eve
nts)
al
ong
with
just
ifica
tion
for a
ny e
xclu
sion
of c
ompo
nent
s and
failu
re m
odes
-
A li
st o
f all
hum
an a
ctio
n fa
ilure
mod
es in
clud
ed in
the
mod
el
- A
list
of a
ll C
CC
Gs i
nclu
ded
in th
e m
odel
-
A d
escr
iptio
n of
the
mod
ular
izat
ion
proc
ess (
if us
ed)
- R
ecor
ds o
f res
olut
ion
of lo
gic
loop
s dev
elop
ed d
urin
g fa
ult t
ree
linki
ng (i
f use
d)
- R
esul
ts o
f the
sys
tem
mod
el e
valu
atio
ns
- R
esul
ts o
f sen
sitiv
ity st
udie
s (if
used
) -
The
sour
ces o
f the
abo
ve in
form
atio
n, (e
.g. c
ompl
eted
che
cklis
t fro
m w
alk
dow
ns,
note
s fro
m d
iscu
ssio
ns w
ith p
lant
per
sonn
el)
- Fa
ult t
ree
desc
riptio
n in
clud
ing
cond
ition
s for
the
mod
el, t
op g
ate,
faul
t tre
e la
yout
, tra
nsfe
rs, h
ouse
eve
nts,
attri
bute
s, fa
ilure
mod
es, C
CF
mod
ellin
g, te
st a
nd
mai
nten
ance
mod
ellin
g, o
pera
tor a
ctio
ns a
nd si
gnal
mod
ellin
g.
SY-D
03
The
inpu
t and
resu
lts o
f any
scre
enin
g pr
oces
ses s
hall
be st
ored
for f
utur
e re
-ana
lysi
s, w
hich
may
be
nece
ssar
y fo
r app
licat
ions
or u
pdat
e of
the
PSA
.
SY-D
04
Stor
age
of th
e sy
stem
s ana
lysi
s inf
orm
atio
n.
The
info
rmat
ion
from
the
syst
ems a
naly
sis (
e g
FMEA
and
faul
t tre
es w
ith g
ates
and
bas
ic
even
ts) i
s par
t of t
he P
SA m
odel
. The
PSA
mod
el is
stor
ed a
nd d
etai
led
back
grou
nd
info
rmat
ion
is st
ored
in a
retri
evab
le a
nd a
cces
sibl
e el
ectro
nic
form
and
form
at.
65
8. PSA ELEMENT ‘HR’: HUMAN RELIABILITY ANALYSIS
8.1. Main objectives
The objective of the human reliability analysis is to incorporate in the PSA model the impact of plant personnel actions on risk. The personnel actions considered are of two types: the first type includes those associated with the performance of surveillance testing, maintenance, and calibration, often referred to as pre-initiating event actions; the second type includes those associated with responses to plant disturbances as outlined in emergency and off-normal operating procedures or their equivalent, often referred to as post-initiating event actions. When constructing the PSA model these translate into the assessment of what in Safety Series No. 50-P-10 (Ref. [6]) are referred to as Type A and Type C human action events. When constructing models to estimate frequencies for the support system initiating events (Type B human action events), both types of actions are considered.
The important HRA topics are:
- The identification of the specific human activities whose impact should be included in the analysis;
- The representation of the impact of success or failure to perform those activities correctly in the accident sequence models (e.g. event trees) and the supporting system reliability models (e.g. fault trees);
- The estimation of the probabilities of the logic model events (sometimes called human failure events [HFEs] or human errors [HE]) representing the contribution of the operators’ failure to perform the required actions correctly as specific modes of unavailability of the component, system, or function affected.
The analyses on the above topics should be performed using a systematic process and
in such a way that the plant-specific and, where necessary, accident scenario specific factors are taken into account. In addition, the dependency between the human failure events should be properly characterized and taken into account to ensure that the accident sequence frequency estimations are performed correctly. 8.2. Human reliability analysis tasks and their attributes
Table 8.2 lists the main tasks for the PSA element ‘Human Reliability Analysis’.
Tables 8.2-A through 8.2-I present the description of general and special attributes for these tasks.
66
Table 8.2 Main Tasks for Human Reliability Analysis
Task ID Task Content
Pre-initiating event HRA
HR-A Identification of Routine Activities
HR-B Screening of Activities
HR-C Definition of Pre-initiator Human Failure Events
HR-D Assessment of Probabilities of Pre-initiator Human Failure Events
Post-initiating event HRA
HR-E Identification of Post-Initiator Operator Responses
HR-F Definition of Post-initiator Human Failure Events
HR-G Assessment of Probabilities of Post-initiator Human Failure Events
HR-H Recovery Actions
Documentation
HR-I Documentation
67
T
able
8.2
-A
Att
ribu
tes f
or H
uman
Rel
iabi
lity
Ana
lysi
s: T
ask
HR
-A ‘I
dent
ifica
tion
of R
outin
e A
ctiv
ities
(Pre
-initi
atin
g E
vent
HR
A)’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
HR
-A
The
task
incl
udes
a th
roug
h id
entif
icat
ion
of sp
ecifi
c ro
utin
e ac
tiviti
es, w
hich
, if n
ot
perf
orm
ed c
orre
ctly
, im
pact
the
avai
labi
lity
of e
quip
men
t nec
essa
ry to
per
form
the
syst
em
func
tions
mod
elle
d in
the
PSA
.
HR
-A01
Th
roug
h a
revi
ew o
f pro
cedu
res a
nd o
pera
tiona
l pra
ctic
es, t
hose
test
and
mai
nten
ance
ac
tiviti
es th
at re
quire
real
ignm
ent o
f equ
ipm
ent f
rom
its n
orm
al o
pera
tiona
l or s
tand
by
stat
us a
re id
entif
ied
for t
hose
sys
tem
s and
com
pone
nts r
equi
red
to p
erfo
rm th
e fu
nctio
ns
requ
ired
to re
spon
d to
the
initi
atin
g ev
ents
mod
elle
d.
CO
MM
ENT:
The
inte
nt is
to id
entif
y th
ose
oppo
rtuni
ties f
or o
pera
tors
to
fail
to re
alig
n eq
uipm
ent t
o its
requ
ired
stat
us fo
llow
ing
com
plet
ion
of th
e ac
tivity
, suc
h th
at it
wou
ld b
e un
avai
labl
e sh
ould
it b
e ca
lled
upon
to
resp
ond
to a
n in
itiat
ing
even
t. P
artic
ular
atte
ntio
n sh
ould
be
paid
to
activ
ities
that
can
dis
able
mul
tiple
trai
ns o
f a sy
stem
sim
ulta
neou
sly
(e.g
. th
e au
tom
atic
initi
atio
n of
the
stan
dby
liqui
d co
ntro
l sys
tem
in a
BW
R is
ty
pica
lly d
isab
led
for t
est p
urpo
ses)
. It
is ty
pica
lly a
ssum
ed th
at th
e co
ntrib
utio
n to
com
pone
nt u
nava
ilabi
lity
from
failu
res r
esul
ting
from
in
corr
ectly
per
form
ed m
aint
enan
ce a
re c
aptu
red
in th
e eq
uipm
ent f
ailu
re
prob
abili
ty.
Thus
, the
focu
s her
e is
on
the
failu
re to
real
ign
equi
pmen
t up
on c
ompl
etio
n of
mai
nten
ance
.
HR
-A02
Th
roug
h a
revi
ew o
f pro
cedu
res a
nd p
ract
ices
, tho
se c
alib
ratio
n ac
tiviti
es a
re id
entif
ied
that
, if p
erfo
rmed
inco
rrec
tly, h
ave
the
capa
bilit
y of
def
eatin
g th
e au
tom
atic
initi
atio
n of
st
andb
y sa
fety
equ
ipm
ent o
r of r
ende
ring
requ
ired
func
tions
of s
yste
ms o
r com
pone
nts
unav
aila
ble.
In p
artic
ular
, tho
se a
ctiv
ities
that
hav
e th
e po
tent
ial t
o af
fect
equ
ipm
ent i
n m
ultip
le tr
ains
of
a re
dund
ant s
yste
m, o
r in
dive
rse
syst
ems,
e.g.
as a
resu
lt of
usi
ng in
appr
opria
te c
alib
ratio
n pr
oced
ures
or f
aulty
or i
mpr
oper
ly c
alib
rate
d ca
libra
tion
equi
pmen
t, ar
e id
entif
ied.
The
proc
edur
es w
hich
allo
w d
etec
ting
the
faul
ty a
lignm
ent o
r cal
ibra
tion
are
also
revi
ewed
.
EXA
MPL
ES: i
ncor
rect
cal
ibra
tion
of st
eam
gen
erat
or le
vel s
enso
rs;
inco
rrec
t set
ting
of to
rque
sw
itche
s.
68
T
able
8.2
-B
Att
ribu
tes f
or H
uman
Rel
iabi
lity
Ana
lysi
s: T
ask
HR
-B ‘S
cree
ning
of A
ctiv
ities
(Pre
-initi
atin
g E
vent
HR
A)’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
HR
-B
The
task
is a
imed
at s
cree
ning
of a
ctiv
ities
that
, on
the
basi
s of t
he p
lant
pra
ctic
es, c
an b
e ar
gued
to re
sult
in a
suffi
cien
tly lo
w li
kelih
ood
of fa
ilure
. C
OM
MEN
T: T
his s
ectio
n re
fers
to th
e sc
reen
ing
of a
ctiv
ities
so th
at th
e po
tent
ial h
uman
failu
res a
ssoc
iate
d w
ith th
em a
re n
ot in
clud
ed in
the
PRA
m
odel
.
HR
-B01
C
lass
es o
f act
iviti
es th
at a
re p
erfo
rmed
in a
sim
ilar m
anne
r (e.
g. te
sts o
f MO
Vs)
are
sc
reen
ed o
nly
if th
e pl
ant p
ract
ices
are
such
that
they
can
be
argu
ed to
resu
lt in
the
prob
abili
ty o
f equ
ipm
ent n
ot b
eing
rest
ored
to st
andb
y st
atus
is sm
all c
ompa
red
with
ot
her m
odes
of u
nava
ilabi
lity
of th
at e
quip
men
t, i.e
., fa
ilure
s or u
nava
ilabi
lity
due
to
bein
g ou
t of s
ervi
ce fo
r mai
nten
ance
.
Act
iviti
es th
at re
sult
in m
ultip
le tr
ains
of a
syst
em b
eing
mad
e un
avai
labl
e du
ring
the
cour
se o
f the
act
ivity
are
ana
lyse
d in
mor
e de
tail,
sinc
e th
e pr
obab
ilitie
s are
com
pare
d to
co
mm
on c
ause
failu
re p
roba
bilit
ies.
RA
TIO
NA
LE:
It is
pos
sibl
e to
redu
ce th
e nu
mbe
r of c
ontri
buto
rs to
eq
uipm
ent u
nava
ilabi
lity
due
to h
uman
err
or to
avo
id u
nnec
essa
rily
com
plic
atin
g th
e sy
stem
mod
els,
whe
n th
ose
cont
ribut
ors d
o no
t im
pact
the
resu
lts si
gnifi
cant
ly.
EXA
MPL
E: T
he h
uman
err
or to
leav
e a
valv
e in
wro
ng p
ositi
on a
fter t
est
may
be
excl
uded
if th
ere
is a
n in
dica
tion
of th
e va
lve
posi
tion
in th
e m
ain
cont
rol r
oom
and
an
auto
mat
ic si
gnal
to re
stor
e th
e op
erat
ing
stat
us o
f the
va
lve
is su
pplie
d in
cas
e of
dem
and
for t
he sy
stem
act
uatio
n.
CO
MM
ENT:
Pro
babi
litie
s use
d fo
r scr
eeni
ng m
ay b
e ge
nera
ted
by
appl
icat
ion
of si
mpl
e H
RA
mod
els,
such
as T
HER
P (s
ee R
ef. [
14])
. (Se
e al
so T
able
8.2
-D, G
ener
al A
ttrib
ute
HR
-D02
).
HR
-B02
Fo
r uni
que,
one
-of-a
-kin
d ac
tiviti
es, s
cree
ning
is p
erfo
rmed
onl
y w
hen
it ca
n be
show
n th
at, o
n th
e ba
sis o
f the
act
ivity
spec
ific
proc
edur
es, t
he d
efen
ces i
n pl
ace
to p
reve
nt th
e fa
ilure
to re
turn
equ
ipm
ent t
o its
requ
ired
conf
igur
atio
n ar
e su
ffic
ient
to re
duce
the
failu
re
prob
abili
ty b
elow
that
of o
ther
mod
es o
f una
vaila
bilit
y of
the
equi
pmen
t.
CO
MM
ENT:
Use
of t
hese
scre
enin
g ru
les i
s typ
ical
ly ju
stifi
ed th
roug
h ap
plic
atio
n of
sim
ple
HR
A m
odel
s, su
ch a
s TH
ERP
(see
Ref
. [14
]). (
See
also
Tab
le 8
.2-D
, Gen
eral
Attr
ibut
e H
R-D
02).
EXA
MPL
ES o
f def
ence
s inc
lude
: -
Equi
pmen
t is a
utom
atic
ally
re-a
ligne
d on
syst
em d
eman
d an
d th
e as
soci
ated
con
trol c
ircui
try is
not
dis
able
d as
par
t of t
he a
ctiv
ity.
- A
full
func
tiona
l tes
t is a
lway
s per
form
ed o
n co
mpl
etio
n of
m
aint
enan
ce.
- Eq
uipm
ent s
tatu
s is i
ndic
ated
in th
e co
ntro
l roo
m, i
ts st
atus
is
mon
itore
d ro
utin
ely,
and
real
ignm
ent c
an b
e ef
fect
ed fr
om th
e co
ntro
l ro
om.
- Eq
uipm
ent s
tatu
s is r
equi
red
to b
e ch
ecke
d lo
cally
on
a fr
eque
nt b
asis
(e
.g. o
nce
a sh
ift),
and
the
indi
catio
ns o
f mis
alig
nmen
t are
cle
ar.
HR
-B03
Sc
reen
ing
of sp
ecifi
c ca
libra
tion
activ
ities
is p
erfo
rmed
onl
y w
hen
it ca
n be
show
n th
at,
on th
e ba
sis o
f pra
ctic
es a
nd p
roce
dure
s for
cal
ibra
tion,
the
likel
ihoo
d of
mis
calib
ratio
n th
at is
sign
ifica
nt e
noug
h to
dis
able
an
impo
rtant
func
tion
is sm
all i
n co
mpa
rison
with
ot
her f
ailu
res o
r mod
es o
f una
vaila
bilit
y, in
clud
ing
CC
F.
RA
TIO
NA
LE:
it is
pos
sibl
e to
redu
ce th
e nu
mbe
r of c
ontri
buto
rs to
eq
uipm
ent u
nava
ilabi
lity
to a
void
unn
eces
saril
y co
mpl
icat
ing
the
syst
em
mod
els,
whe
n th
ose
cont
ribut
ors d
o no
t im
pact
the
resu
lts si
gnifi
cant
ly.
CO
MM
ENT:
Pro
babi
litie
s use
d fo
r scr
eeni
ng m
ay b
e ge
nera
ted
by
appl
icat
ion
of si
mpl
e H
RA
mod
els,
such
as T
HER
P (s
ee R
ef. [
14])
.
69
T
able
8.2
-C
Att
ribu
tes f
or H
uman
Rel
iabi
lity
Ana
lysi
s: T
ask
HR
-C ‘D
efin
ition
of P
re-in
itiat
or H
uman
Fai
lure
Eve
nts’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
HR
-C
Def
initi
on o
f a h
uman
failu
re e
vent
to m
odel
the
impa
ct o
f the
failu
re in
the
syst
em o
r fu
nctio
nal f
ailu
re m
odel
is p
erfo
rmed
with
in th
is ta
sk.
HR
-C01
Fo
r eac
h un
scre
ened
act
ivity
, a h
uman
failu
re e
vent
is d
efin
ed th
at re
pres
ents
the
impa
ct o
f th
e hu
man
failu
re a
t the
leve
l app
ropr
iate
to th
e m
odel
ling
of th
e fu
nctio
n, sy
stem
, or
com
pone
nt(s
) aff
ecte
d.
RA
TIO
NA
LE:
All
sign
ifica
nt c
ontri
buto
rs to
equ
ipm
ent u
nava
ilabi
lity
shou
ld b
e in
clud
ed in
the
syst
em m
odel
s.
EXA
MPL
E: if
the
cons
eque
nce
of th
e hu
man
failu
re is
to m
ake
a tra
in o
f a
syst
em u
nava
ilabl
e, th
en th
e H
FE w
ill b
e in
clud
ed in
the
syst
em m
odel
as
a b
asic
eve
nt re
pres
entin
g th
e fa
ilure
of t
hat t
rain
from
the
hum
an
caus
e. I
f a m
isca
libra
tion
of to
rque
switc
hes p
oten
tially
aff
ects
a n
umbe
r of
val
ves,
then
the
sam
e H
FE w
ould
be
incl
uded
as a
cau
se o
f fai
lure
of
each
of t
hose
val
ves w
here
ver t
hey
appe
ar in
the
syst
em m
odel
s.
70
T
able
8.2
-D
Att
ribu
tes f
or H
uman
Rel
iabi
lity
Ana
lysi
s: T
ask
HR
-D ‘A
sses
smen
t of P
roba
bilit
ies o
f Pre
-initi
ator
Hum
an F
ailu
re E
vent
s’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
HR
-D
Ass
essm
ent o
f the
pro
babi
litie
s of t
he p
re-in
itiat
or h
uman
failu
re e
vent
s is p
erfo
rmed
in a
co
nsis
tent
way
aim
ed to
ass
ure
the
reas
onab
lene
ss o
f fin
al h
uman
err
or p
roba
bilit
ies
(HEP
s).
HR
-D01
Th
e pr
obab
ilitie
s of t
he h
uman
failu
re e
vent
s are
est
imat
ed u
sing
a sy
stem
atic
pro
cess
, so
that
the
estim
atio
n is
per
form
ed o
n a
cons
iste
nt b
asis
. Th
is is
impo
rtant
to e
nabl
e th
e H
FEs t
o be
incl
uded
so th
at th
eir r
elat
ive
impo
rtanc
e is
pre
serv
ed.
CO
MM
ENT:
An
acce
ptab
le m
odel
for e
stim
atin
g H
EPs i
s TH
ERP
(see
R
ef. [
14])
.
HR
-D02
Sc
reen
ing
valu
es o
f the
pro
babi
litie
s of t
he H
FEs,
base
d on
a si
mpl
e m
odel
of t
he g
ener
al
proc
edur
es fo
r res
tora
tion,
are
use
d. W
hen
cons
truct
ing
mod
els f
or e
stim
atin
g th
e H
EPs,
the
char
acte
ristic
s of v
erifi
catio
n pr
oces
ses a
re c
onsi
dere
d, in
clud
ing:
−
Use
of a
writ
ten
chec
k-of
f lis
t; −
Inde
pend
ence
of v
erifi
catio
n of
stat
us;
− Pe
rfor
man
ce o
f a fu
ll fu
nctio
nal t
est b
efor
e th
e ac
tivity
is c
onsi
dere
d co
mpl
ete;
−
Freq
uenc
y of
ver
ifica
tion
of st
atus
com
pare
d to
freq
uenc
y of
per
form
ance
of t
he
activ
ity.
RA
TIO
NA
LE:
Typi
cally
, una
vaila
bilit
y du
e to
failu
re to
reco
nfig
ure
is
not a
maj
or c
ontri
buto
r whe
n co
mpa
red
with
oth
er m
odes
of
unav
aila
bilit
y. T
here
fore
, in
the
case
that
the
HFE
s are
incl
uded
in th
e m
odel
, e.g
. for
com
plet
enes
s, a
deta
iled
mod
el is
unn
eces
sary
for m
any
appl
icat
ions
, and
a si
mpl
e sc
reen
ing
estim
atio
n w
ill su
ffic
e.
HR
-D03
A
det
aile
d as
sess
men
t of t
he H
EP is
per
form
ed fo
r eac
h H
FE fo
r whi
ch th
e sc
reen
ing
HEP
is c
ompa
rabl
e to
the
prob
abili
ties o
f oth
er m
odes
of u
nava
ilabi
lity.
A d
etai
led
asse
ssm
ent r
equi
res a
mor
e th
orou
gh in
vest
igat
ion
of th
e pl
ant p
ract
ices
and
con
ditio
ns
(e.g
. det
ails
of w
ritte
n pr
oced
ures
and
pla
nt la
yout
) and
resu
lts in
a h
ighe
r con
fiden
ce in
th
e de
term
inat
ion
of th
e si
gnifi
canc
e to
risk
of t
he p
re-in
itiat
ing
even
t act
iviti
es. T
he
deta
iled
asse
ssm
ent c
onsi
ders
the
spec
ific
aspe
cts o
f the
pro
cedu
res a
nd th
e m
an-m
achi
ne
inte
rfac
e.
RA
TIO
NA
LE:
Whe
n th
e un
avai
labi
lity
to re
conf
igur
e ev
alua
ted
usin
g a
sim
ple
mod
el is
com
para
ble
with
the
prob
abili
ties o
f oth
er m
odes
of
unav
aila
bilit
y, a
det
aile
d as
sess
men
t sho
uld
be p
erfo
rmed
.
HR
-D04
Th
e de
gree
of d
epen
denc
e be
twee
n H
FEs i
s ass
esse
d ta
king
into
con
side
ratio
n w
heth
er
ther
e ar
e co
mm
on e
lem
ents
in th
eir c
ause
.
CO
MM
ENT:
Som
e an
alys
ts w
ill a
rgue
that
such
dep
ende
nt e
ffect
s are
in
clud
ed in
the
com
mon
cau
se fa
ilure
eve
nts c
onsi
dere
d fo
r the
aff
ecte
d co
mpo
nent
s. It
is im
porta
nt, w
hen
such
a c
laim
is m
ade,
to e
nsur
e th
at
this
is in
deed
the
case
. In
any
cas
e, th
e qu
alita
tive
part
of th
e as
sess
men
t su
gges
ted
here
pro
vide
s pot
entia
lly v
alua
ble
insi
ghts
.
EXA
MPL
ES o
f com
mon
ele
men
ts: t
he p
erfo
rman
ce o
f the
sam
e ac
tivity
on
diff
eren
t tra
ins o
f the
sam
e sy
stem
by
the
sam
e m
aint
enan
ce p
erso
nnel
in
the
sam
e tim
e fr
ame;
the
use
of a
com
mon
pro
cedu
re
71
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
HR
-D05
T
he u
ncer
tain
ties i
n th
e H
EP e
stim
ates
are
cha
ract
eriz
ed c
onsi
sten
t with
the
data
base
us
ed.
RA
TIO
NA
LE: B
ecau
se th
ere
is li
ttle
actu
aria
l dat
a on
HEP
s, th
ey w
ill b
e un
certa
in.
An
asse
ssm
ent o
f the
unc
erta
inty
is im
porta
nt w
hen
usin
g th
e re
sults
of a
PSA
so th
at th
e se
nsiti
vity
of a
ny c
oncl
usio
ns d
raw
n fr
om th
e PS
A c
an b
e ex
amin
ed.
HR
-D06
Th
e re
ason
able
ness
of t
he e
stim
ates
is c
heck
ed b
y co
nfirm
ing
that
ther
e ha
s not
bee
n a
sign
ifica
nt h
isto
ry o
f res
tora
tion
failu
res o
r mis
calib
ratio
n is
sues
. R
ATI
ON
ALE
: Ev
iden
ce o
f a h
isto
ry o
f pro
blem
s poi
nts t
o th
e ne
ed fo
r a
mor
e de
taile
d ex
amin
atio
n. L
ack
of su
ch a
his
tory
pro
vide
s sup
port
for
the
mod
ellin
g as
sum
ptio
ns.
Sp
ecia
l Attr
ibut
e H
R-D
06-S
1:
The
data
col
lect
ed fo
r the
par
amet
er e
stim
atio
n ta
sk is
revi
ewed
for
evid
ence
of o
ccur
renc
es o
f mis
alig
nmen
t or m
isca
libra
tion
prob
lem
s.
The
resu
lts o
f the
revi
ew a
re u
sed
to c
onfir
m th
e re
ason
able
ness
of t
he
estim
ates
.
RATI
ON
ALE:
A m
ore
com
plet
e in
vest
igat
ion
of th
e pl
ant h
isto
ry c
an b
e ob
tain
ed b
y lo
okin
g th
roug
h th
e pl
ant m
aint
enan
ce re
cord
s.
72
T
able
8.2
-E
Att
ribu
tes f
or H
uman
Rel
iabi
lity
Ana
lysi
s: T
ask
HR
-E ‘I
dent
ifica
tion
of P
ost-
initi
ator
Ope
rato
r R
espo
nses
’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
HR
-E
Iden
tific
atio
n of
the
set o
f ope
rato
r res
pons
es fo
llow
ing
the
initi
atin
g ev
ent r
equi
red
for
each
of t
he a
ccid
ent s
eque
nces
mod
elle
d is
per
form
ed in
a sy
stem
atic
way
usi
ng
appr
opria
te in
form
atio
n so
urce
s.
HR
-E01
Th
e se
t of o
pera
tor r
espo
nses
requ
ired
to c
ontro
l and
safe
ly sh
utdo
wn
the
plan
t fol
low
ing
an in
itiat
ing
even
t is g
ener
ated
by
revi
ewin
g al
l rel
evan
t ope
ratin
g pr
oced
ures
(e.g
. em
erge
ncy
oper
atin
g pr
oced
ures
, abn
orm
al o
pera
ting
proc
edur
es, a
nnun
ciat
or re
spon
se
proc
edur
es) t
o de
term
ine
wha
t act
ions
are
requ
ired
as a
func
tion
of th
e pl
ant s
tatu
s re
pres
ente
d in
the
deve
lopm
ent o
f the
acc
iden
t seq
uenc
es. (
See
also
Tab
le 5
.2-C
, Gen
eral
A
ttrib
ute
AS-
C05
).
The
follo
win
g op
erat
or re
spon
ses a
re id
entif
ied:
-
Act
ions
requ
ired
to in
itiat
e, c
ontro
l, is
olat
e, o
r ter
min
ate
syst
ems a
s req
uire
d to
pre
vent
or
miti
gate
cor
e da
mag
e).
- A
ctio
ns re
quire
d to
cha
nge
the
stat
us o
f com
pone
nts i
n or
der t
o fu
lfil a
func
tion
requ
ired
to p
reve
nt o
r miti
gate
cor
e da
mag
e.
CO
MM
ENT:
Thi
s tas
k is
an
inte
gral
par
t of t
he d
evel
opm
ent o
f the
ac
cide
nt se
quen
ce m
odel
.
EXA
MPL
ES:
- Is
olat
ion
of a
faul
ted
stea
m g
ener
ator
, ini
tiatio
n of
the
RH
R s
yste
m,
depr
essu
rizat
ion
of th
e re
acto
r coo
lant
syst
em (B
WR
).
- O
peni
ng a
PO
RV
blo
ck v
alve
.
Sp
ecia
l Attr
ibut
e H
R-E0
1-S1
:
Actio
ns ta
ken
in th
e co
ntro
l roo
m (o
r oth
er c
ontin
uous
ly m
anne
d st
atio
ns) e
ither
in re
spon
se to
pro
cedu
ral d
irec
tion,
or a
s ski
ll-of
-the-
craf
t, to
reco
ver f
rom
a fa
ilure
of e
quip
men
t to
auto
mat
ical
ly in
itiat
e or
ch
ange
stat
e as
requ
ired
are
iden
tifie
d.
RATI
ON
ALE:
Fai
lure
s of t
he in
itiat
ion
sign
als a
re ty
pica
lly a
smal
l fr
actio
n of
the
com
pone
nt fa
ilure
pro
babi
lity,
so th
at th
ese
reco
very
ac
tions
are
typi
cally
not
sign
ifica
nt c
ontr
ibut
ors t
o C
DF.
How
ever
, the
ir
incl
usio
n le
ads t
o a
mor
e co
mpl
ete
mod
el.
CO
MM
ENT:
Bec
ause
of c
utse
t spe
cific
dep
ende
nce
of a
vaila
ble
time,
th
ese
may
be
best
inco
rpor
ated
in th
e m
odel
solu
tion
as re
cove
ry a
ctio
ns
(see
Tab
le 8
.2-H
, Tas
k H
R-H
).
EXAM
PLE:
Man
ual s
tart
s of a
stan
dby
pum
p fo
llow
ing
failu
re o
f aut
o-st
art.
73
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
Sp
ecia
l Attr
ibut
e H
R-E0
1-S2
: Si
gnifi
cant
err
ors o
f com
mis
sion
, i.e
. act
ions
that
lead
to a
dditi
onal
fu
nctio
nal u
nava
ilabi
litie
s, or
inap
prop
riat
ely
initi
ate
syst
em a
re
iden
tifie
d.
RATI
ON
ALE:
Err
ors o
f com
mis
sion
can
lead
to th
e cr
eatio
n of
add
ition
al
acci
dent
sequ
ence
s.
CO
MM
ENT:
Whi
le it
is n
ot y
et g
ener
al p
ract
ice
to in
clud
e er
rors
of
com
mis
sion
in th
e ba
se P
SA, i
t is a
dvan
tage
ous t
o us
e in
form
atio
n on
the
gene
ral c
ause
s of e
rror
s of c
omm
issi
on (s
ee fo
r exa
mpl
e, N
URE
G-1
624,
Re
f. [1
5]) t
o re
duce
the
pote
ntia
l for
intr
oduc
ing
chan
ges t
hat c
ould
in
crea
se th
e lik
elih
ood
of, o
r cre
ate
cond
ition
s con
duci
ve to
, err
ors o
f co
mm
issi
on. T
he m
etho
dolo
gy fo
r the
iden
tific
atio
n of
err
ors o
f co
mm
issi
on is
not
as w
ell f
orm
ulat
ed a
s tha
t of e
rror
s of o
mis
sion
. An
exam
ple
of a
n ap
proa
ch is
ATH
EAN
A (R
ef. [
15])
.
EXAM
PLE:
An
erro
r of c
omm
issi
on m
ight
be
secu
ring
an
inje
ctio
n sy
stem
inap
prop
riat
ely.
HR
-E02
Th
e pr
oced
ures
are
revi
ewed
with
pla
nt o
pera
tions
and
trai
ning
per
sonn
el to
con
firm
that
th
e in
terp
reta
tion
of th
e pr
oced
ures
, and
the
expe
cted
resp
onse
s are
con
sist
ent w
ith tr
aini
ng
and
plan
t ope
ratio
nal p
ract
ices
. Fo
r the
mor
e ch
alle
ngin
g se
quen
ces,
a de
taile
d ta
lk-
thro
ugh
of th
e de
velo
pmen
t of t
he se
quen
ces i
s per
form
ed (s
ee a
lso
Tabl
e 5.
2-A
, Gen
eral
A
ttrib
ute
AS-
C04
).
RA
TIO
NA
LE:
The
writ
ten
proc
edur
es m
ay n
ot a
lway
s giv
e a
pref
eren
ce
of th
e or
der i
n w
hich
the
vario
us o
ptio
ns a
vaila
ble
to p
rovi
de fo
r a
requ
ired
safe
ty fu
nctio
n ar
e ex
erci
sed.
HR
-E03
Si
mul
ator
exe
rcis
es a
re o
bser
ved
to g
ain
a ge
nera
l und
erst
andi
ng o
f cre
w d
ynam
ics,
and
the
use
of th
e pr
oced
ures
.
For t
he m
ore
chal
leng
ing
acci
dent
sequ
ence
s, si
mul
ator
exe
rcis
es a
re o
bser
ved.
Suc
h ex
erci
ses g
ive
info
rmat
ion
on p
erfo
rman
ce sh
apin
g fa
ctor
s, su
ch a
s the
pre
senc
e of
di
stra
ctin
g an
nunc
iato
rs, t
he ti
min
g as
soci
ated
with
the
actio
ns, t
he c
ompl
exity
of t
he
actio
ns, e
tc.
RA
TIO
NA
LE:
An
unde
rsta
ndin
g of
the
perf
orm
ance
shap
ing
fact
ors i
s im
porta
nt fo
r the
eva
luat
ion
of th
e H
EPs (
see
Tabl
e 8.
2-F,
Tas
k H
R-F
, and
Ta
ble
8.2-
G, T
ask
HR
-G).
74
T
able
8.2
-F
Att
ribu
tes f
or H
uman
Rel
iabi
lity
Ana
lysi
s: T
ask
HR
-F ‘D
efin
ition
of P
ost-
initi
ator
Hum
an F
ailu
re E
vent
s’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
HR
-F
The
task
con
sist
s of t
he d
efin
ition
of h
uman
failu
re e
vent
s tha
t rep
rese
nt th
e fa
ilure
to
resp
ond
as re
quire
d th
at a
re c
onsi
sten
t with
the
stru
ctur
e an
d le
vel o
f det
ail i
n th
e ac
cide
nt
sequ
ence
mod
els.
HR
-F01
H
uman
failu
re e
vent
s rep
rese
ntin
g th
e im
pact
of f
ailu
re to
per
form
a re
quire
d fu
nctio
n ar
e id
entif
ied
and
incl
uded
in th
e pl
ant l
ogic
mod
el.
Failu
res t
o pe
rfor
m m
ore
than
one
re
spon
se a
re g
roup
ed in
to a
sing
le H
FE, i
f the
impa
ct o
n th
e ac
cide
nt se
quen
ce
deve
lopm
ent i
s the
sam
e or
can
be
boun
ded.
EXA
MPL
ES:
An
HFE
may
be
incl
uded
in th
e pl
ant l
ogic
mod
el in
a n
umbe
r of w
ays:
- as
an
even
t tre
e br
anch
poi
nt;
- as
a c
ontri
buto
r to
a fu
nctio
nal l
evel
faul
t tre
e us
ed to
eva
luat
e th
e fa
ilure
of a
func
tion
or sy
stem
;
- in
a sy
stem
faul
t tre
e as
a m
ode
of u
nava
ilabi
lity
of a
com
pone
nt,
segm
ent,
or tr
ain.
HR
-F02
Th
e de
finiti
on o
f eac
h H
FE in
pre
para
tion
for e
stim
atio
n of
its p
roba
bilit
y is
com
plet
ed b
y sp
ecify
ing
the
scen
ario
spec
ific
fact
ors i
nclu
ding
: -
avai
labi
lity
of c
ues a
nd/o
r oth
er in
dica
tions
for a
lerti
ng th
e op
erat
ors t
o th
e ne
ed fo
r ac
tion;
-
the
scen
ario
spec
ific
proc
edur
al g
uida
nce;
-
time
avai
labl
e fo
r suc
cess
ful c
ompl
etio
n of
resp
onse
; -
timin
g of
cue
s rel
ativ
e to
acc
iden
t pro
gres
sion
; -
avai
labi
lity
of sy
stem
s, or
com
pone
nts i
dent
ified
in th
e pr
oced
ures
; -
the
task
s com
pris
ing
the
requ
ired
resp
onse
.
CO
MM
ENTS
: M
any
exis
ting
HR
A m
odel
s (i.e
., m
etho
ds fo
r cal
cula
ting
hum
an e
rror
pro
babi
litie
s) d
o no
t add
ress
som
e of
thes
e fa
ctor
s exp
licitl
y.
How
ever
, it i
s nec
essa
ry to
und
erst
and
the
fact
ors,
at le
ast q
ualit
ativ
ely
so
that
Gen
eral
Attr
ibut
e H
R-G
06 (T
able
8.2
-G) c
an b
e sa
tisfie
d.
75
T
able
8.2
-G
Att
ribu
tes f
or H
uman
Rel
iabi
lity
Ana
lysi
s: T
ask
HR
-G ‘A
sses
smen
t of P
roba
bilit
ies o
f Pos
t-in
itiat
or H
uman
Fai
lure
Eve
nts’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
HR
-G
Ass
essm
ent o
f the
pro
babi
litie
s of t
he p
ost-i
nitia
tor h
uman
failu
re e
vent
s, an
d a
char
acte
rizat
ion
of th
e as
soci
ated
unc
erta
intie
s and
dep
ende
nce
betw
een
the
even
ts a
re
perf
orm
ed u
sing
app
ropr
iate
met
hodo
logi
es a
nd d
ata.
HR
-G01
D
etai
led
asse
ssm
ent o
f the
HEP
s is p
erfo
rmed
for t
he si
gnifi
cant
HFE
s (se
e N
ote)
. Sc
reen
ing
valu
es a
re u
sed
for t
he n
on-s
igni
fican
t HFE
s. C
OM
MEN
TS:
1) T
he id
entif
icat
ion
of th
e si
gnifi
cant
HFE
s is a
n ite
rativ
e pr
oces
s re
quiri
ng se
vera
l qua
ntifi
catio
ns o
f the
PSA
mod
el.
2) A
sign
ifica
nt H
FE is
one
that
con
tribu
tes m
easu
rabl
y to
the
curr
ent
leve
l of r
isk,
or i
s rel
ied
upon
to a
chie
ve th
e cu
rren
t lev
el o
f ris
k. A
n ex
ampl
e of
crit
eria
that
can
be
used
to d
eter
min
e si
gnifi
canc
e is
the
follo
win
g: a
sign
ifica
nt b
asic
eve
nt h
as a
Fus
sell-
Ves
ely
impo
rtanc
e m
easu
re (F
V) g
reat
er th
an a
pre
defin
ed n
umbe
r (i.e
. 0.0
05 o
r 0.0
1), o
r a
Ris
k A
chie
vem
ent W
orth
(RA
W) g
reat
er th
an a
pre
defin
ed n
umbe
r (i.
e. 2
). A
ltern
ativ
e im
porta
nce
mea
sure
s and
crit
eria
may
be
used
.
Sp
ecia
l Attr
ibut
e H
R-G
01-S
1:
A de
taile
d as
sess
men
t is p
erfo
rmed
for e
ach
HFE
. RA
TIO
NAL
E : P
erfo
rmin
g a
deta
iled
asse
ssm
ent o
f all
HFE
s avo
ids t
he
need
for i
tera
tion.
HR
-G02
Th
e m
etho
d us
ed to
ass
ess H
EPs a
ddre
sses
failu
re in
cog
nitio
n (d
etec
tion,
situ
atio
n as
sess
men
t, an
d re
spon
se p
lann
ing)
as w
ell a
s fai
lure
s in
exec
utio
n.
RA
TIO
NA
LE:
Failu
res i
n co
gniti
on c
an th
e m
ore
impo
rtant
con
tribu
tors
to
failu
re, a
nd fu
rther
mor
e, c
an b
e a
sign
ifica
nt so
urce
of d
epen
denc
e be
twee
n H
FEs (
see
HR
-G07
).
Sp
ecia
l Attr
ibut
e H
R-G
02-S
1:
The
met
hod
used
to a
sses
s HEP
s is c
apab
le o
f eva
luat
ing
the
impa
ct o
f pr
oced
ure
chan
ges.
RATI
ON
ALE :
Eva
luat
ion
of th
e im
pact
of p
roce
dura
l cha
nges
is e
ssen
tial
for a
pplic
atio
ns a
imed
to o
ptim
ise
EOPs
and
AM
Ps.
HR
-G03
Th
e m
odel
use
d to
ass
ess t
he H
EPs a
ddre
sses
the
follo
win
g pe
rfor
man
ce sh
apin
g fa
ctor
s on
a sc
enar
io a
nd p
lant
-spe
cific
bas
is:
- th
e ty
pe (c
lass
room
or s
imul
ator
) and
freq
uenc
y of
trai
ning
on
the
resp
onse
; -
the
qual
ity o
f the
writ
ten
proc
edur
es a
nd a
dmin
istra
tive
cont
rols
; -
avai
labi
lity
of n
eces
sary
inst
rum
enta
tion;
-
degr
ee o
f cla
rity
of th
e cu
es/in
dica
tions
; -
timin
g is
sues
- tim
e at
whi
ch c
ues a
re re
ceiv
ed, t
ime
requ
ired
to p
erfo
rm th
e re
spon
se,
and
the
time
avai
labl
e to
com
plet
e th
e re
spon
se;
- co
mpl
exity
of t
he ta
sks t
o be
per
form
ed;
- na
ture
of t
he h
uman
-mac
hine
inte
rfac
e.
CO
MM
ENT:
Man
y H
RA
mod
els d
o no
t dea
l with
eac
h of
thes
e fa
ctor
s ex
plic
itly.
How
ever
, the
y sh
ould
be
take
n in
to a
ccou
nt w
hen
com
parin
g th
e re
lativ
e va
lues
of H
EPs (
see
HR
-G6)
.
The
com
plex
ity m
ay b
e as
sess
ed in
par
t on
the
basi
s of a
task
ana
lysi
s.
Task
ana
lyse
s can
be
perf
orm
ed a
t a n
umbe
r of d
iffer
ent l
evel
s of d
etai
l as
requ
ired
by th
e m
odel
use
d to
qua
ntify
the
HEP
s.
76
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
For a
spec
ific
type
of o
pera
tor r
espo
nse,
thes
e fa
ctor
s can
var
y de
pend
ing
on th
e sc
enar
io
bein
g m
odel
led,
e.g
. a lo
ss o
f a d
c bu
s may
aff
ect t
he a
vaila
bilit
y of
inst
rum
enta
tion.
Whe
n th
e re
spon
se re
quire
s act
ions
out
side
the
cont
rol r
oom
, the
follo
win
g fa
ctor
s are
ta
ken
into
acc
ount
in a
dditi
on to
the
abov
e:
- en
viro
nmen
tal f
acto
rs (e
.g. h
eat,
radi
atio
n, h
umid
ity);
- ac
cess
ibili
ty o
f equ
ipm
ent t
o be
man
ipul
ated
; -
need
for s
peci
al to
ols;
-
time
to re
ach
phys
ical
ly th
e pl
ace
if no
t per
man
ently
occ
upie
d;
- co
mm
unic
atio
n is
sues
bet
wee
n M
CR
and
loca
l per
sonn
el.
HR
-G04
Th
e tim
elin
e fo
r occ
urre
nce
of c
ues a
nd th
e ev
alua
tion
of th
e tim
e av
aila
ble
to c
ompl
ete
the
actio
n is
bas
ed o
n ap
plic
able
gen
eric
stud
ies (
e.g.
ther
mal
-hyd
raul
ic a
naly
ses)
. R
ATI
ON
ALE
: D
epen
ding
on
the
met
hod
used
to e
stim
ate
the
HEP
s, a
prec
ise
eval
uatio
n of
the
times
may
not
be
nece
ssar
y. F
or th
ose
that
are
ba
sed
prim
arily
on
time,
the
Spec
ial A
ttrib
ute
appl
ies.
Sp
ecia
l Attr
ibut
e H
R-G
04-S
1:
The
time
line
is b
ased
on
plan
t-spe
cific
ther
mal
-hyd
raul
ic a
naly
ses.
HR
-G05
Fo
r tho
se H
FEs f
or w
hich
a d
etai
led
eval
uatio
n is
per
form
ed, t
he ti
me
to c
ompl
ete
the
actio
n is
bas
ed o
n ac
tual
tim
e m
easu
rem
ents
in w
alkt
hrou
ghs,
talk
-thro
ughs
of t
he
proc
edur
es, o
r sim
ulat
or o
bser
vatio
ns.
RA
TIO
NA
LE:
Dep
endi
ng o
n th
e m
etho
d us
ed to
est
imat
e th
e H
EPs,
a pr
ecis
e ev
alua
tion
of th
e tim
es m
ay n
ot b
e ne
cess
ary.
How
ever
, as a
m
inim
um, a
n es
timat
e of
the
time
is n
eede
d to
con
firm
the
feas
ibili
ty o
f th
e ac
tions
.
HR
-G06
A
fter e
stim
atio
n of
the
HEP
s, th
e re
lativ
e va
lues
are
ass
esse
d to
che
ck th
at th
ey a
re
refle
ctiv
e of
the
impa
ct o
f the
var
ious
per
form
ance
-sha
ping
fact
ors i
dent
ified
in H
R-G
03
abov
e.
RA
TIO
NA
LE:
This
is a
cru
cial
attr
ibut
e. B
ecau
se o
f the
lack
of a
ctua
rial
data
, HEP
s will
alw
ays b
e un
certa
in.
This
mus
t be
take
n in
to a
ccou
nt
whe
n in
terp
retin
g th
e re
sults
of t
he P
SA.
How
ever
, it i
s ess
entia
l tha
t the
re
lativ
e va
lues
of t
he H
EPs b
e re
cogn
ized
as t
hey
can
affe
ct th
e re
lativ
e ris
k si
gnifi
canc
e of
acc
iden
t seq
uenc
es, f
unct
ions
, sys
tem
s, an
d co
mpo
nent
s, w
hich
are
impo
rtant
for m
any
appl
icat
ions
.
77
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
HR
-G07
Th
e de
gree
of d
epen
denc
e be
twee
n H
FEs a
ppea
ring
in th
e sa
me
acci
dent
sequ
ence
or c
ut
set i
s ass
esse
d. F
acto
rs a
ffect
ing
the
degr
ee o
f dep
ende
nce
incl
ude:
-
use
of c
omm
on c
ues;
-
resp
onse
s cal
led
for i
n th
e sa
me
proc
edur
e;
- cl
osen
ess i
n tim
e of
cue
s or r
equi
red
actio
ns;
- in
crea
sed
stre
ss c
ause
d by
failu
re o
f the
firs
t res
pons
e.
A c
ondi
tiona
l pro
babi
lity
of th
e se
cond
, thi
rd, e
tc. e
vent
, giv
en fa
ilure
of t
he fi
rst,
seco
nd,
etc.
is e
valu
ated
. Th
e as
sum
ptio
n of
inde
pend
ence
bet
wee
n H
FEs i
s jus
tifie
d.
RA
TIO
NA
LE:
This
is a
cru
cial
attr
ibut
e. B
ecau
se a
ccid
ent s
eque
nce
mod
els a
re d
evel
oped
in te
rms o
f dis
cret
e fu
nctio
ns o
r in
term
s of s
epar
ate
syst
ems,
cons
ider
atio
n of
HFE
s for
eac
h fu
nctio
n or
syst
em in
isol
atio
n ca
n le
ad to
exc
essi
ve c
redi
t for
ope
rato
r act
ion
unle
ss th
e de
pend
ency
is
acco
unte
d fo
r.
CO
MM
ENT:
The
ass
umpt
ion
of in
depe
nden
ce is
supp
orte
d by
arg
umen
ts
such
as:
-
the
requ
ired
actio
ns a
re se
para
ted
suffi
cien
tly in
the
deve
lopm
ent o
f th
e ac
cide
nt se
quen
ce;
- th
e cu
es fo
r sub
sequ
ent a
ctio
ns a
re in
depe
nden
t of t
hose
for p
rior
actio
ns;
- th
e w
orkl
oad
is n
ot si
gnifi
cant
ly in
crea
sed
by v
irtue
of t
he fa
ilure
of
the
prio
r act
ions
; -
the
seco
nd a
ctio
n w
ould
be
requ
ired
whe
ther
or n
ot th
e fir
st w
ere
requ
ired.
HR
-G08
A
cha
ract
eriz
atio
n of
the
unce
rtain
ty in
the
HEP
s is p
rovi
ded,
con
sist
ent w
ith th
e qu
antif
icat
ion
met
hod.
R
ATI
ON
ALE
: Bec
ause
ther
e is
littl
e ac
tuar
ial d
ata
on H
EPs,
they
will
be
unce
rtain
. A
n as
sess
men
t of t
he u
ncer
tain
ty is
impo
rtant
whe
n us
ing
the
resu
lts o
f a P
SA so
that
the
robu
stne
ss o
f any
con
clus
ions
dra
wn
from
the
PSA
can
be
exam
ined
.
78
T
able
8.2
-H
Att
ribu
tes f
or H
uman
Rel
iabi
lity
Ana
lysi
s: T
ask
HR
-H ‘R
ecov
ery
Act
ions
’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
HR
-H
The
task
incl
udes
iden
tific
atio
n of
add
ition
al re
cove
ry a
ctio
ns a
fter t
he in
itial
solu
tion
of
the
PSA
mod
el.
HR
-H01
R
ecov
ery
actio
ns th
at c
an re
stor
e th
e fu
nctio
ns o
f sys
tem
s or c
ompo
nent
s are
incl
uded
on
an a
s-ne
eded
bas
is to
elim
inat
e un
nece
ssar
ily c
onse
rvat
ive
cont
ribut
ions
to a
ccid
ent
sequ
ence
s.
CO
MM
ENTS
:
1) U
se o
f div
erse
or a
ltern
ativ
e m
eans
is c
onsi
dere
d as
reco
very
act
ions
.
2) T
he re
cove
ry a
ctio
ns a
re in
clud
ed in
the
mod
el a
t a le
vel (
e.g.
scen
ario
, cu
tset
) suc
h th
at th
e co
ntex
t (e.
g. P
SFs)
ass
ocia
ted
with
that
leve
l, w
hich
det
erm
ines
the
prob
abili
ty o
f the
reco
very
act
ion,
can
be
rega
rded
as u
nifo
rm.
For e
xam
ple,
such
act
ions
are
ofte
n in
clud
ed a
t th
e cu
tset
leve
l, be
caus
e th
e co
ntex
t (e.
g. ti
me
avai
labl
e to
per
form
the
actio
n) c
an v
ary
from
cut
set t
o cu
tset
.
HR
-H02
R
ecov
ery
actio
ns a
re c
redi
ted
only
if:
− a
proc
edur
e is
ava
ilabl
e an
d op
erat
or tr
aini
ng h
as b
een
prov
ided
for t
he a
ctio
n O
R it
is
cons
ider
ed to
be
a sk
ill-o
f-the
-cra
ft ac
tion
, i.e
., on
e fo
r whi
ch a
pro
cedu
re is
not
nee
ded
as it
is o
ne th
at, b
ecau
se o
f the
ope
rato
r’s s
kill
and
expe
rienc
e, is
cle
arly
iden
tifia
ble,
A
ND
−
cues
(e.g
. an
annu
ncia
tor)
ale
rts th
e op
erat
ors t
o th
e ne
ed fo
r act
ion
OR
the
proc
edur
e di
rect
s the
ope
rato
r to
chec
k th
e st
atus
of t
he c
ompo
nent
,
AN
D
− fe
asib
ility
of t
he a
ctio
n is
con
firm
ed.
HR
-H03
Th
e po
tent
ial f
or d
epen
denc
y be
twee
n re
cove
ry a
ctio
ns a
nd a
ny o
ther
HFE
s in
the
acci
dent
se
quen
ce c
utse
t is a
sses
sed.
R
ATI
ON
ALE
: Th
e ne
ed fo
r rec
over
y ac
tions
is g
ener
ally
reco
gniz
ed b
y th
e co
ntro
l roo
m c
rew
resp
onsi
ble
for t
he p
erfo
rman
ce o
f the
pr
oced
ural
ized
act
ions
mod
elle
d in
the
even
t tre
es a
nd fa
ult t
rees
. Th
eref
ore,
ther
e m
ay b
e pe
rfor
man
ce sh
apin
g fa
ctor
s tha
t aff
ect b
oth
reco
very
and
pro
cedu
raliz
ed a
ctio
ns.
79
T
able
8.2
-I
Att
ribu
tes f
or H
uman
Rel
iabi
lity
Ana
lysi
s: T
ask
HR
-I ‘
Doc
umen
tatio
n’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
HR
-I
Doc
umen
tatio
n an
d in
form
atio
n st
orag
e is
ade
quat
ely
perf
orm
ed.
HR
-I01
Th
e H
RA
ana
lysi
s is d
ocum
ente
d in
eno
ugh
deta
il to
repr
oduc
e re
sults
and
per
mit
the
revi
ewer
s to
unde
rsta
nd li
mita
tions
impo
sed
by th
e m
odel
s, as
sum
ptio
ns, a
nd d
ata.
The
sp
ecifi
c as
pect
s of t
he H
RA
to b
e do
cum
ente
d in
clud
e th
e fo
llow
ing:
− H
RA
met
hodo
logy
: •
App
roac
h us
ed to
iden
tify
HFE
s •
Met
hods
use
d to
est
imat
e H
EPs
• A
ppro
ach
to th
e as
sess
men
t of d
epen
denc
y −
Bas
is fo
r eac
h H
EP:
• Sc
reen
ing
valu
es
• D
etai
led
HEP
eva
luat
ions
: -
Fact
ors u
sed
in th
e qu
antif
icat
ion
of th
e H
EPs
- H
ow th
ey w
ere
char
acte
rized
-
How
they
wer
e in
corp
orat
ed in
the
quan
tific
atio
n
80
9. PSA ELEMENT ‘DA’: DATA ANALYSIS 9.1. Main objectives
The objective of the data analysis is to provide estimates for the parameters, called reliability parameters, of the reliability models specified under systems analysis. The reliability models serve to determine the probabilities of the basic events representing specific equipment failures and unavailabilities. Reliability parameters typically include: - Failure rates
- Probabilities for failure on demand
- Unavailabilities due to maintenance or test, or
- Test and maintenance frequencies and repair, test, and maintenance durations
- Mission times as specified in systems analysis
- Common cause failure (CCF) model parameters.
Important aspects and characteristics of reliability parameters are the following: a) Parameters, whether estimated on the basis of plant-specific or generic data, or both,
appropriately reflect design and operational features of the plant.
b) Component or system unavailabilities due to repair, test and maintenance are properly accounted for.
c) Uncertainties in the data are understood and accounted for.
Note: The parameters of reliability models as discussed here should not be mixed up with the parameters of probability distributions used to describe the uncertainty of reliability parameters.
9.2. Data analysis tasks and their attributes
Table 9.2 lists the main tasks for the PSA element ‘Data Analysis’. Tables 9.2-A
through 9.2-H present the description of general attributes and special attributes for these tasks.
81
Table 9.2 Main Tasks for Data Analysis
Task ID Task Content
DA-A Reliability Model Parameter Identification
DA-B Component Grouping for Parameter Estimation
DA-C Collecting and Evaluating Generic Information
DA-D Plant-Specific Data Collection and Evaluation
DA-E Derivation of Plant-Specific Parameters, Integration of Generic and Plant Specific Information
DA-F Derivation of Plant-Specific Parameters for Common Cause Failure Events
DA-G Handling of Reliability Parameters Affected by Plant Changes, Handling of New Equipment
DA-H Documentation
82
T
able
9.2
-A
Att
ribu
tes f
or D
ata
Ana
lysi
s: T
ask
DA
-A ‘R
elia
bilit
y M
odel
Par
amet
er Id
entif
icat
ion’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
DA
-A
Each
relia
bilit
y pa
ram
eter
is id
entif
ied
for t
he re
liabi
lity
mod
els a
s def
ined
in sy
stem
s an
alys
is in
term
s of t
he lo
gic
failu
re m
odel
(fau
lt tre
es, e
vent
tree
s or s
peci
al fa
ilure
mod
el)
and
basi
c ev
ent c
hara
cter
istic
s and
bou
ndar
y. T
he re
liabi
lity
mod
els a
nd th
eir p
aram
eter
s ar
e id
entif
ied
unde
r Tas
k SY
-B in
Sec
tion
7, T
able
7.2
-B (F
ailu
re C
ause
Iden
tific
atio
n an
d M
odel
ling)
.
DA
-A01
Fr
om sy
stem
s ana
lysi
s, th
e re
liabi
lity
mod
els f
or w
hich
par
amet
ers a
re re
quire
d ar
e id
entif
ied.
Ass
ocia
ted
equi
pmen
t bou
ndar
ies,
failu
re m
odes
, and
mis
sion
succ
ess c
riter
ia a
re
iden
tifie
d co
nsis
tent
with
the
corr
espo
ndin
g ba
sic
even
t def
initi
ons i
n sy
stem
s ana
lysi
s for
fa
ilure
rate
s, fa
ilure
pro
babi
litie
s, un
avai
labi
litie
s, an
d co
mm
on c
ause
failu
re p
aram
eter
s. B
ound
arie
s of u
nava
ilabi
lity
even
ts a
re d
efin
ed c
onsi
sten
t with
cor
resp
ondi
ng d
efin
ition
s in
syst
ems a
naly
sis.
EXA
MPL
E fo
r a c
ompo
nent
mis
sion
succ
ess c
riter
ion:
Min
imal
flow
rate
fo
r 2 h
ours
.
Bas
ic e
vent
s and
ass
ocia
ted
relia
bilit
y m
odel
s for
whi
ch p
aram
eter
s are
re
quire
d ty
pica
lly in
clud
e:
(a) I
ndep
ende
nt o
r com
mon
cau
se fa
ilure
of a
com
pone
nt o
r sys
tem
to
star
t or c
hang
e st
ate
on d
eman
d,
(b) I
ndep
ende
nt o
r com
mon
cau
se fa
ilure
of a
com
pone
nt o
r sys
tem
to
cont
inue
ope
ratin
g or
pro
vide
a re
quire
d fu
nctio
n fo
r a d
efin
ed ti
me
perio
d,
(c) E
quip
men
t una
vaila
bilit
y to
per
form
its r
equi
red
func
tion
due
to b
eing
ou
t of s
ervi
ce fo
r rep
air o
r mai
nten
ance
,
(d) E
quip
men
t una
vaila
bilit
y to
per
form
its r
equi
red
func
tion
due
to b
eing
te
sted
,
(e) F
ailu
re to
reco
ver a
func
tion
or sy
stem
(e.g
. fai
lure
to re
cove
r off
site
-po
wer
),
(f) F
ailu
re to
repa
ir a
com
pone
nt, s
yste
m, o
r fun
ctio
n in
a d
efin
ed ti
me
perio
d.
DA
-A02
B
asic
eve
nt ID
s are
est
ablis
hed
base
d on
the
plan
ts sy
stem
and
equ
ipm
ent I
D sy
stem
as f
ar
as fe
asib
le. T
hus,
equi
pmen
t and
syst
em ID
s are
nor
mal
ly c
onta
ined
in a
ssoc
iate
d ba
sic
even
t ID
s. D
evia
tions
from
this
prin
cipl
e ar
e ju
stifi
ed a
nd th
e ex
act c
orre
latio
n be
twee
n ba
sic
even
ts a
nd p
lant
equ
ipm
ent i
s est
ablis
hed
and
docu
men
ted.
A d
atab
ase
of b
asic
eve
nts a
nd a
ssoc
iate
d re
liabi
lity
mod
els i
s est
ablis
hed
cont
aini
ng th
e ex
act c
orre
latio
n to
spec
ific
plan
t equ
ipm
ent.
83
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
DA
-A03
Th
e pa
ram
eter
s to
be e
stim
ated
and
the
data
requ
ired
are
iden
tifie
d.
The
para
met
ers i
dent
ified
and
thei
r cha
ract
eris
tics a
re in
clud
ed in
the
data
base
est
ablis
hed
unde
r DA
-A02
.
EXA
MPL
ES a
re a
s fol
low
s:
(a) F
or fa
ilure
s on
dem
and
the
para
met
er is
the
prob
abili
ty o
f fai
lure
or
unav
aila
bilit
y on
dem
and,
and
the
data
requ
ired
are
the
num
ber o
f fa
ilure
s giv
en a
num
ber o
f dem
ands
. Bas
ical
ly th
is re
pres
enta
tion
corr
espo
nds t
o a
bino
mia
l pro
babi
lity
mod
el.
(b) F
or st
andb
y fa
ilure
s (if
stan
dby
failu
res a
re d
escr
ibed
in th
is m
anne
r)
and
oper
atin
g fa
ilure
s, th
e pa
ram
eter
is th
e fa
ilure
rate
, and
the
data
re
quire
d ar
e th
e nu
mbe
r of f
ailu
res i
n th
e to
tal (
stan
dby
or o
pera
ting)
tim
e. B
asic
ally
, thi
s rep
rese
ntat
ion
corr
espo
nds t
o a
Pois
son
prob
abili
ty m
odel
.
84
T
able
9.2
-B
Att
ribu
tes f
or D
ata
Ana
lysi
s: T
ask
DA
-B ‘C
ompo
nent
Gro
upin
g fo
r Pa
ram
eter
Est
imat
ion’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
DA
-B
Com
pone
nts a
re g
roup
ed in
to a
ppro
pria
te p
opul
atio
n gr
oups
for p
aram
eter
est
imat
ion.
DA
-B01
Th
e ra
tiona
le fo
r gro
upin
g co
mpo
nent
s int
o a
hom
ogen
eous
pop
ulat
ion
for p
aram
eter
es
timat
ion
cons
ider
s the
des
ign,
env
ironm
enta
l, fu
nctio
nal a
nd o
pera
tiona
l con
ditio
ns o
f the
co
mpo
nent
s in
the
as-b
uilt
and
as-o
pera
ted
plan
t.
For p
aram
eter
est
imat
ion,
com
pone
nts a
re g
roup
ed a
ccor
ding
to ty
pe (e
.g. m
otor
ope
rate
d pu
mp,
air-
oper
ated
val
ve) a
nd a
ccor
ding
to th
e de
taile
d ch
arac
teris
tics o
f the
ir us
age:
a) D
esig
n/si
ze
b) S
yste
m c
hara
cter
istic
s:
- st
andb
y, o
pera
ting
- o
pera
tiona
l con
ditio
ns (e
.g. c
lean
vs.
untre
ated
wat
er, a
ir)
- m
aint
enan
ce p
ract
ices
-
freq
uenc
y of
dem
ands
c)
Env
ironm
enta
l con
ditio
ns
d) O
ther
app
ropr
iate
cha
ract
eris
tics i
nclu
ding
man
ufac
ture
r.
Not
incl
uded
in th
e de
finiti
on o
f a g
roup
are
obv
ious
out
liers
(e.g
. val
ves t
hat a
re n
ever
te
sted
and
unl
ikel
y to
be
oper
ated
are
not
gro
uped
toge
ther
with
thos
e th
at a
re te
sted
or
othe
rwis
e m
anip
ulat
ed fr
eque
ntly
). Th
e gr
oupi
ng a
nd th
e gr
oupi
ng ra
tiona
le a
re in
clud
ed in
th
e da
taba
se c
reat
ed u
nder
Tas
k D
A-A
(Tab
le 9
.2-A
).
EXA
MPL
E: F
unct
iona
l and
ope
ratio
nal c
ondi
tions
rega
rdin
g ce
ntrif
ugal
pu
mps
. Diff
eren
t par
amet
ers c
an b
e de
fined
for l
ow p
ress
ure
pum
ps w
ith
diffe
rent
func
tiona
l and
ope
ratio
nal c
ondi
tions
:
- on
-line
coo
ling
wat
er sy
stem
s whi
ch a
re re
quire
d al
so p
ost t
rip v
ersu
s co
olin
g sy
stem
s nor
mal
ly in
stan
dby;
- co
olin
g w
ater
syst
ems c
ircul
atin
g ra
w w
ater
ver
sus c
oolin
g w
ater
sy
stem
s circ
ulat
ing
clea
n w
ater
;
- w
ell w
ater
pum
ps.
CO
MM
ENT:
A to
o na
rrow
pop
ulat
ion
in a
gro
up m
ay le
ad to
a sa
mpl
e of
pl
ant-s
peci
fic d
ata
that
is n
ot st
atis
tical
ly si
gnifi
cant
.
Sp
ecia
l Attr
ibut
e D
A-B0
1-S1
:
For s
peci
fic a
pplic
atio
ns, s
uch
as th
e as
sess
men
t of t
est p
roce
dure
s for
ce
rtai
n ty
pes o
f pum
ps, a
refin
emen
t of t
he c
ompo
nent
gro
upin
g is
ad
visa
ble.
Thi
s ref
inem
ent p
rovi
des t
he re
solu
tion
requ
ired
for t
hese
sp
ecifi
c ap
plic
atio
ns.
RATI
ON
ALE:
A to
o br
oad
popu
latio
n w
ithin
a g
roup
may
mas
k or
av
erag
e-ou
t the
spec
ific
feat
ures
of p
artic
ular
com
pone
nts.
This
in tu
rn
coul
d si
gnifi
cant
ly h
inde
r cer
tain
app
licat
ions
.
85
T
able
9.2
-C
Att
ribu
tes f
or D
ata
Ana
lysi
s: T
ask
DA
-C ‘C
olle
ctin
g an
d E
valu
atin
g G
ener
ic In
form
atio
n’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
DA
-C
Gen
eric
info
rmat
ion
is c
olle
cted
in a
ccor
danc
e w
ith th
e pa
ram
eter
def
initi
ons o
f Tas
k D
A-
A (9
.2-A
) and
the
grou
ping
ratio
nale
of T
ask
DA
-B (T
able
9.2
-B) a
nd e
valu
ated
rega
rdin
g its
app
licab
ility
. App
ropr
iate
gen
eric
par
amet
ers a
re se
lect
ed o
r par
amet
ers a
re c
ompo
sed
for t
he p
lant
from
app
licab
le g
ener
ic so
urce
s.
DA
-C01
G
ener
ic in
form
atio
n on
failu
res a
nd u
nava
ilabi
litie
s is c
olle
cted
in o
rder
to a
ccou
nt fo
r a
broa
der r
ange
of c
ondi
tions
and
exp
osur
e (e
xpos
ure
time
or to
tal n
umbe
r of d
eman
ds) a
s av
aila
ble
from
the
limite
d pl
ant e
xper
ienc
e. T
he in
form
atio
n m
ay in
clud
e ra
w d
ata,
e.g
. fa
ilure
eve
nts a
nd a
ssoc
iate
d ex
posu
re, o
r may
onl
y be
in th
e fo
rm o
f rel
iabi
lity
mod
el
para
met
ers s
uch
as fa
ilure
rate
s. Th
e so
urce
and
the
deriv
atio
n pr
oces
s of t
he g
ener
ic
para
met
er e
stim
ates
are
iden
tifie
d an
d de
scrib
ed. T
he p
aram
eter
def
initi
ons a
nd b
ound
ary
cond
ition
s are
eva
luat
ed in
vie
w o
f con
sist
ency
with
thos
e de
term
ined
in re
spon
se to
Tas
ks
DA
-A a
nd D
A-B
(Tab
les 9
.2-A
and
9.2
-B re
spec
tivel
y). G
ener
ic d
ata
for u
nava
ilabi
lity
due
to te
st, m
aint
enan
ce, a
nd re
pair
have
to b
e us
ed w
ith c
autio
n si
nce
diffe
rent
pla
nts c
an h
ave
diffe
rent
test
and
mai
nten
ance
phi
loso
phie
s.
Gen
eric
info
rmat
ion
is tr
aced
to th
e pr
imar
y so
urce
to a
void
inad
verte
nt d
oubl
e co
untin
g of
in
form
atio
n an
d to
ass
ure
that
no
info
rmat
ion
from
the
plan
t its
elf i
s con
tain
ed in
the
gene
ric in
form
atio
n in
the
case
that
the
gene
ric a
nd th
e pl
ant s
peci
fic a
re c
ombi
ned
unde
r Ta
sk D
A-E
(Tab
le 9
.2-E
).
The
gene
ric in
form
atio
n is
eva
luat
ed re
gard
ing
its a
pplic
abili
ty fo
r the
pla
nt, c
onsi
derin
g th
e ch
arac
teris
tics,
desi
gn a
nd o
pera
tiona
l fea
ture
s of t
he e
quip
men
t for
whi
ch th
is
info
rmat
ion
is in
tend
ed to
be
appl
ied.
The
colle
ctio
n an
d ev
alua
tion
of g
ener
ic in
form
atio
n in
clud
es a
n un
ders
tand
ing
and
an
asse
ssm
ent o
f the
unc
erta
inty
in th
e or
igin
al d
ata.
EXA
MPL
E: S
ourc
es o
f unc
erta
intie
s reg
ardi
ng th
e us
e of
gen
eric
re
liabi
lity
para
met
er:
- D
iffer
ence
s in
com
pone
nt d
esig
n an
d op
erat
iona
l fea
ture
s
- D
iffer
ence
s in
test
, rep
air a
nd m
aint
enan
ce p
ract
ices
- Q
ualit
y of
the
gene
ric d
ata
(e.g
. com
plet
enes
s)
- St
atis
tical
unc
erta
intie
s
DA
-C02
G
ener
ic p
aram
eter
s for
the
plan
t are
com
pose
d or
sele
cted
. Inf
orm
atio
n fr
om d
iffer
ent
plan
ts is
inte
grat
ed to
obt
ain
suita
ble
gene
ric p
aram
eter
s usi
ng B
ayes
ian
met
hods
, cla
ssic
al
appr
oach
es a
nd e
xper
t jud
gmen
t.
The
sele
ctio
n of
gen
eric
par
amet
ers o
r the
com
posi
tion
of g
ener
ic in
form
atio
n in
to a
pa
ram
eter
app
licab
le fo
r the
pla
nt in
clud
es a
n ap
prec
iatio
n an
d an
ass
essm
ent o
f the
un
certa
intie
s inv
olve
d in
the
orig
inal
dat
a an
d in
usi
ng th
em fo
r the
pla
nt.
86
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
Sp
ecia
l Attr
ibut
e D
A-C
02-S
1:
For n
ew e
quip
men
t, th
e us
e of
gen
eric
dat
a an
d m
anuf
actu
rer d
ata
for
the
asse
ssm
ent o
f rel
iabi
lity
para
met
ers i
s jus
tifie
d.
CO
MM
ENT:
The
use
of o
nly
man
ufac
ture
r dat
a fo
r new
equ
ipm
ent m
ay
not r
efle
ct th
e eq
uipm
ent r
elia
bilit
y in
real
ope
ratio
nal c
ondi
tions
. The
use
of
just
ified
gen
eric
dat
a w
ith su
pple
men
tal c
onsi
dera
tion
of m
anuf
actu
rer
data
may
hel
p to
avo
id e
xces
sive
opt
imis
m in
est
imat
ion
of re
liabi
lity
para
met
ers.
87
T
able
9.2
-D
Att
ribu
tes f
or D
ata
Ana
lysi
s: T
ask
DA
-D ‘
Plan
t-Sp
ecifi
c D
ata
Col
lect
ion
and
Eva
luat
ion’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
DA
-D
Plan
t-spe
cific
dat
a co
llect
ion
and
eval
uatio
n is
per
form
ed in
a c
onsi
sten
t and
syst
emat
ic w
ay.
Plan
t-spe
cific
dat
a is
col
lect
ed in
acc
orda
nce
with
the
para
met
er d
efin
ition
s of T
ask
DA
-A
(Tab
le 9
.2-A
) and
the
grou
ping
ratio
nale
of T
ask
DA
-B (T
able
9.2
-B).
DA
-D01
Pl
ant-s
peci
fic d
ata
for t
he b
asic
eve
nt/p
aram
eter
pop
ulat
ion
corr
espo
ndin
g to
that
def
ined
in
Task
s DA
-A (T
able
9.2
-A) a
nd D
A-B
(Tab
le 9
.2-B
) is c
olle
cted
. The
follo
win
g da
taba
ses a
re
crea
ted:
(1) ‘
Failu
re d
atab
ase’
con
tain
ing
failu
res,
plan
ned
and
unpl
anne
d m
aint
enan
ce a
nd te
st
even
ts.
(2) ‘
Succ
ess d
atab
ase’
con
tain
ing
expo
sure
to d
eman
ds a
nd, d
epen
ding
on
the
type
of
equi
pmen
t, th
e ex
posu
re to
stan
dby
and
oper
atio
n.
Thes
e da
taba
ses a
re li
nked
to th
e eq
uipm
ent/b
asic
eve
nt d
atab
ase.
DA
-D02
Pl
ant-s
peci
fic d
ata
from
as b
road
a ti
me
perio
d as
pos
sibl
e is
col
lect
ed, c
onsi
sten
t with
un
iform
ity in
des
ign,
ope
ratio
nal p
ract
ices
, and
exp
erie
nce.
The
ratio
nale
for s
cree
ning
or
disr
egar
ding
pla
nt-s
peci
fic d
ata
is ju
stifi
ed (e
.g. p
lant
des
ign
mod
ifica
tions
, cha
nges
in
oper
atin
g pr
actic
es).
DA
-D03
W
hen
eval
uatin
g m
aint
enan
ce o
r oth
er re
leva
nt re
cord
s to
extra
ct p
lant
-spe
cific
com
pone
nt
failu
re e
vent
dat
a, a
cle
ar b
asis
for t
he id
entif
icat
ion
of e
vent
s as f
ailu
res i
s req
uire
d:
(a) T
he d
istin
ctio
n is
mad
e be
twee
n th
ose
degr
aded
stat
es fo
r whi
ch fa
ilure
, as m
odel
led
in
the
PSA
, wou
ld h
ave
occu
rred
on
dem
and
(e.g
. an
oper
ator
dis
cove
rs th
at a
pum
p ha
s no
oil i
n its
lubr
icat
ion
rese
rvoi
r), a
nd th
ose
that
wou
ld n
ot (e
.g. s
low
pic
k-up
to ra
ted
spee
d).
(b) A
ll ev
ents
that
wou
ld h
ave
resu
lted
in a
failu
re to
per
form
the
mis
sion
as d
efin
ed in
the
PSA
are
incl
uded
as f
ailu
res.
CO
MM
ENT:
Fai
lure
s in
post
-mai
nten
ance
test
ing
need
to b
e sc
reen
ed
on w
heth
er th
e fa
ilure
is c
ause
d by
the
mai
nten
ance
or d
ue a
pre
-exi
stin
g ca
use.
DA
-D04
Th
e ‘s
ucce
ss d
atab
ase’
for s
tand
by c
ompo
nent
s in
term
s of t
he n
umbe
r of p
lant
-spe
cific
de
man
ds is
det
erm
ined
on
the
basi
s of t
he n
umbe
r of s
urve
illan
ce te
sts,
mai
nten
ance
act
s, su
rvei
llanc
e te
sts o
r mai
nten
ance
on
othe
r com
pone
nts,
and
oper
atio
nal d
eman
ds. A
dditi
onal
de
man
ds fr
om p
ost-m
aint
enan
ce te
stin
g ar
e no
t cou
nted
; tha
t is p
art o
f the
succ
essf
ul
rene
wal
.
Onl
y th
ose
test
s and
test
ing
step
s are
cou
nted
whi
ch re
alis
tical
ly te
st th
e fu
nctio
n of
pa
rticu
lar e
quip
men
t and
whi
ch a
re a
ble
to d
etec
t the
ass
ocia
ted
failu
res m
odes
as a
ppea
ring
in th
e PS
A.
CO
MM
ENT:
Dem
ands
resu
lting
from
pos
t mai
nten
ance
test
ing
do n
ot
need
to b
e in
clud
ed, u
nles
s the
y re
veal
new
failu
res u
nrel
ated
to th
e or
igin
al c
ause
of m
aint
enan
ce.
88
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
DA
-D05
Th
e nu
mbe
r of s
urve
illan
ce te
sts a
nd p
lann
ed m
aint
enan
ce a
ctiv
ities
is b
ased
on
plan
t re
quire
men
ts.
RA
TIO
NA
LE:
Mos
t of t
he d
eman
ds fo
r sta
ndby
com
pone
nts r
esul
t fr
om ro
utin
e ac
tiviti
es, w
hich
are
pre
dict
able
. A
ctua
l dem
ands
are
ge
nera
lly a
min
or a
djus
tmen
t, w
hich
do
not h
ave
a si
gnifi
cant
impa
ct o
n th
e pa
ram
eter
est
imat
es.
Sp
ecia
l Attr
ibut
e D
A-D
05-S
1:
The
num
ber o
f sur
veill
ance
test
s and
pla
nned
mai
nten
ance
act
iviti
es is
ba
sed
on a
ctua
l act
iviti
es a
nd o
pera
tion.
RA
TIO
NAL
E : F
or c
erta
in a
pplic
atio
ns a
real
istic
repr
esen
tatio
n of
th
ese
feat
ures
is re
quir
ed, f
or e
xam
ple
for c
onsi
deri
ng p
reve
ntiv
e m
aint
enan
ce fo
r ope
ratio
nal e
quip
men
t suc
h as
mai
n fe
edw
ater
pum
ps.
DA
-D06
Th
e ‘s
ucce
ss d
atab
ase’
is e
stim
ated
in te
rms o
f ope
ratio
nal t
ime
from
surv
eilla
nce
test
pr
actic
es fo
r sta
ndby
com
pone
nts,
and
from
act
ual o
pera
tiona
l dat
a fo
r nor
mal
ly o
pera
ting
com
pone
nts.
Com
pone
nt o
pera
ting
times
are
est
imat
ed in
term
s of a
ctua
l ope
ratin
g tim
es a
nd p
ract
ices
and
op
erat
ing
times
in su
rvei
llanc
e te
sts.
For n
orm
ally
ope
ratin
g co
mpo
nent
s, re
gula
r sw
itcho
vers
ar
e ta
ken
into
acc
ount
bet
wee
n re
dund
ant c
ompo
nent
s and
trai
ns, a
nd a
ssoc
iate
d te
sts,
whi
ch
are
usua
lly c
arrie
d ou
t at t
he ti
me
of s
witc
hove
rs. E
quip
men
t run
hou
r met
er a
nd st
art c
ount
er
data
are
use
d if
avai
labl
e, e
.g. f
or su
mp
pum
ps.
CO
MM
ENT:
the
run
times
for s
tand
by c
ompo
nent
s in
perio
dica
l su
rvei
llanc
e te
sts m
ay b
e sm
all c
ompa
red
to th
e m
issi
on ti
me
spec
ified
in
the
PSA
. In
this
cas
e, th
e su
rvei
llanc
e te
sts d
o no
t pro
vide
info
rmat
ion
for t
he ti
me
span
bet
wee
n th
e en
d of
the
test
runs
and
the
end
of th
e m
issi
on ti
me.
In p
rinci
ple,
the
beha
viou
r of t
he p
artic
ular
com
pone
nt is
th
en u
ntes
ted
for t
his t
ime
span
whe
n de
man
ded
afte
r an
initi
atin
g ev
ent.
This
situ
atio
n ne
eds s
peci
al c
onsi
dera
tion,
e.g
. the
use
of a
dditi
onal
in
form
atio
n (g
ener
ic, e
quip
men
t man
ufac
ture
r) to
cov
er th
e ex
tend
ed
time
perio
d.
DA
-D07
W
hen
usin
g da
ta o
n m
aint
enan
ce a
nd te
stin
g du
ratio
ns to
est
imat
e un
avai
labi
litie
s at t
he
com
pone
nt, t
rain
, or s
yste
m le
vel,
as re
quire
d by
the
syst
em m
odel
, onl
y th
e un
avai
labi
litie
s fr
om th
ose
mai
nten
ance
or t
est a
ctiv
ities
that
wou
ld le
ave
the
com
pone
nt, t
rain
, or s
yste
m
unab
le to
per
form
its f
unct
ion
whe
n de
man
ded
are
incl
uded
in th
e da
ta se
t.
DA
-D08
W
hen
an u
nava
ilabi
lity
of a
fron
t lin
e sy
stem
com
pone
nt is
cau
sed
by a
n un
avai
labi
lity
of a
su
ppor
t sys
tem
, the
una
vaila
bilit
y is
cou
nted
tow
ards
that
of t
he su
ppor
t sys
tem
and
not
the
fron
t lin
e sy
stem
.
CO
MM
ENT:
Cou
ntin
g th
e un
avai
labi
lity
for t
he fr
ont l
ine
syst
em w
ould
le
ad to
an
over
estim
atio
n of
its u
nava
ilabi
lity.
DA
-D09
Fo
r equ
ipm
ent o
utag
e, th
e du
ratio
n of
the
actu
al ti
me
that
the
equi
pmen
t was
una
vaila
ble
is
iden
tifie
d an
d ev
alua
ted
for e
ach
cont
ribut
ing
activ
ity. S
ince
mai
nten
ance
out
ages
are
a
func
tion
of th
e pl
ant s
tatu
s, on
ly th
ose
outa
ges a
re c
ount
ed w
hich
occ
urre
d du
ring
the
parti
cula
r pla
nt st
atus
for w
hich
mai
nten
ance
una
vaila
bilit
y da
ta is
col
lect
ed.
Spec
ial a
ttent
ion
is p
aid
to th
e ca
se o
f a m
ulti-
plan
t site
with
shar
ed sy
stem
s, w
hen
the
tech
nica
l spe
cific
atio
ns c
an b
e di
ffere
nt d
epen
ding
on
the
stat
us o
f bot
h pl
ants
, whi
ch in
turn
re
quire
s a c
orre
spon
ding
allo
catio
n of
out
age
data
am
ong
basi
c ev
ents
.
DA
-D10
C
oinc
iden
t out
age
times
for r
edun
dant
equ
ipm
ent (
both
intra
- and
inte
r-sy
stem
) are
iden
tifie
d an
d ev
alua
ted
base
d on
act
ual p
lant
exp
erie
nce.
89
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
DA
-D11
Pl
ant-s
peci
fic re
pair
even
ts o
r rel
ated
and
app
licab
le in
dust
ry e
xper
ienc
e ar
e id
entif
ied
and
eval
uate
d fo
r eac
h re
pair
incl
udin
g th
e as
soci
ated
repa
ir tim
e. T
he re
pair
time
is th
e tim
e sp
an
from
the
iden
tific
atio
n of
the
com
pone
nt fa
ilure
unt
il th
e co
mpo
nent
is re
turn
ed to
serv
ice.
DA
-D12
D
ata
on re
cove
ry fr
om lo
ss o
f off
site
pow
er, l
oss o
f ser
vice
of s
ervi
ce w
ater
, etc
. are
rare
on
a pl
ant s
peci
fic b
asis
. If a
vaila
ble,
for e
ach
reco
very
, the
ass
ocia
ted
reco
very
tim
e is
iden
tifie
d an
d ev
alua
ted.
The
reco
very
tim
e is
the
time
span
from
the
iden
tific
atio
n of
the
syst
em o
r fu
nctio
n fa
ilure
unt
il th
e sy
stem
or f
unct
ion
is re
turn
ed to
serv
ice.
EXA
MPL
E: F
or th
e lo
ss o
f off
site
pow
er sp
ecia
l app
roac
hes t
o m
ake
use
of th
e st
atis
tical
dat
a fr
om th
e en
tire
elec
trica
l net
wor
k to
whi
ch th
e pl
ant i
s con
nect
ed h
ave
been
dev
elop
ed (s
ee fo
r exa
mpl
e R
ef. [
16])
.
90
T
able
9.2
-E A
ttri
bute
s for
Dat
a A
naly
sis:
Tas
k D
A-E
‘Der
ivat
ion
of P
lant
-Spe
cific
Par
amet
ers,
Inte
grat
ion
of G
ener
ic a
nd P
lant
-Spe
cific
In
form
atio
n’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
DA
-E
The
para
met
er e
stim
ates
are
bas
ed o
n re
leva
nt g
ener
ic in
dust
ry a
nd p
lant
-spe
cific
evi
denc
e.
Whe
re a
pplic
able
, gen
eric
and
pla
nt-s
peci
fic e
vide
nce
is in
tegr
ated
usi
ng a
ccep
tabl
e m
etho
ds
to o
btai
n pl
ant-s
peci
fic p
aram
eter
est
imat
es. E
ach
para
met
er e
stim
ate
is a
ccom
pani
ed b
y a
char
acte
rizat
ion
of th
e un
certa
inty
.
CO
MM
ENT:
For
man
y ap
plic
atio
ns, g
ener
ic p
aram
eter
est
imat
es m
ay
be a
dequ
ate.
In
gene
ral,
if th
e ge
neric
est
imat
es a
re c
hose
n ca
refu
lly,
and
are
appr
opria
te fo
r the
pla
nt sp
ecifi
c co
mpo
nent
des
ign,
com
pone
nt
boun
dary
and
failu
re m
ode
defin
ition
s, an
d op
erat
iona
l con
ditio
ns, t
he
plan
t spe
cific
est
imat
es w
ould
not
be
expe
cted
to b
e si
gnifi
cant
ly
diffe
rent
. H
owev
er, t
he u
se o
f pla
nt sp
ecifi
c da
ta w
ill re
sult
in a
hig
her
leve
l of c
onfid
ence
in th
e re
sults
of t
he P
SA.
DA
-E01
Pl
ant-s
peci
fic p
aram
eter
est
imat
es a
re c
alcu
late
d us
ing
Bay
esia
n up
date
s whe
re fe
asib
le.
Prio
r dis
tribu
tions
are
sele
cted
as e
ither
non
-info
rmat
ive,
or r
epre
sent
ativ
e of
var
iabi
lity
in
indu
stry
dat
a.
CO
MM
ENT:
Con
stan
t fai
lure
rate
is u
sual
ly p
ostu
late
d as
sum
ing
abse
nce
of a
ging
and
‘chi
ld d
isea
se’ e
ffec
ts.
Sp
ecia
l Attr
ibut
e D
A-E0
1-S1
: A
time
tren
d an
alys
is is
per
form
ed to
exp
lore
the
exis
ting
tren
ds in
the
relia
bilit
y pa
ram
eter
s, in
par
ticul
ar fo
r pas
sive
and
non
-rep
lace
able
co
mpo
nent
s tak
ing
into
acc
ount
the
agin
g ef
fect
s. .
CO
MM
ENT:
The
tim
e tr
end
anal
ysis
is u
sefu
l for
the
appl
icat
ions
de
alin
g w
ith e
xplo
ratio
n of
agi
ng p
heno
men
a.
DA
-E02
If
nei
ther
pla
nt-s
peci
fic d
ata
nor g
ener
ic p
aram
eter
est
imat
es a
re a
vaila
ble
for t
he p
aram
eter
as
soci
ated
with
a sp
ecifi
c ba
sic
even
t, es
timat
es fo
r the
mos
t sim
ilar e
quip
men
t ava
ilabl
e ar
e us
ed, a
djus
ting,
if n
eces
sary
, to
acco
unt f
or d
iffer
ence
s. A
ltern
ativ
ely,
use
can
be
mad
e of
ex
pert
judg
men
t or a
naly
tical
mod
els a
nd th
e ra
tiona
le b
ehin
d th
e ch
oice
of p
aram
eter
val
ues
is d
ocum
ente
d.
DA
-E03
A
mea
n va
lue
of, a
nd a
stat
istic
al re
pres
enta
tion
of th
e un
certa
inty
inte
rval
s for
the
para
met
er
estim
ates
is p
rovi
ded.
C
OM
MEN
T: A
ccep
tabl
e sy
stem
atic
met
hods
incl
ude
for i
nsta
nce:
B
ayes
ian
upda
ting
or e
xper
t jud
gmen
t.
DA
-E04
W
hen
the
Bay
esia
n ap
proa
ch is
use
d to
der
ive
a di
strib
utio
n an
d m
ean
valu
e of
a p
aram
eter
, a
chec
k is
mad
e to
asc
erta
in th
at th
e po
ster
ior d
istri
butio
n de
rived
is re
ason
able
giv
en th
e pr
ior
dist
ribut
ion
and
the
plan
t spe
cific
evi
denc
e.
CO
MM
ENT:
If th
e es
timat
or fo
r the
mea
n va
lue
of a
par
amet
er b
ased
on
pla
nt e
vide
nce
is o
utsi
de o
f a 9
5% c
onfid
ence
inte
rval
aro
und
the
med
ian
valu
e of
the
prio
r dis
tribu
tion
the
appl
icab
ility
of t
hat p
artic
ular
pr
ior d
ata
and
dist
ribut
ion
shou
ld b
e re
cons
ider
ed re
gard
ing
its
appl
icab
ility
to th
e co
mpo
nent
and
failu
re m
ode
unde
r con
side
ratio
n.
91
T
able
9.2
-F
Att
ribu
tes f
or D
ata
Ana
lysi
s: T
ask
DA
-F ‘D
eriv
atio
n of
Pla
nt-S
peci
fic P
aram
eter
s for
Com
mon
Cau
se F
ailu
re E
vent
s’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
DA
-F
Der
ivat
ion
of p
lant
-spe
cific
par
amet
ers f
or C
CF
even
ts. A
s for
the
para
met
er e
stim
ates
for
inde
pend
ent e
vent
s, th
ese
para
met
ers a
re b
ased
on
rele
vant
gen
eric
indu
stry
and
pla
nt-
spec
ific
evid
ence
if a
vaila
ble.
Eac
h pa
ram
eter
est
imat
e is
acc
ompa
nied
by
a ch
arac
teriz
atio
n of
the
unce
rtain
ty.
CO
MM
ENT:
Bec
ause
CC
F ev
ents
are
rare
eve
nts,
only
ver
y fe
w p
lant
sp
ecifi
c da
ta a
re u
sual
ly a
vaila
ble.
The
refo
re C
CF
para
met
er e
stim
atio
n re
lies m
uch
mor
e on
gen
eric
dat
a an
d on
exp
ert j
udgm
ent.
DA
-F01
Th
e B
eta-
fact
or a
ppro
ach
or a
n eq
uiva
lent
met
hod
is u
sed
for C
CF
mod
els a
nd re
gard
ing
the
estim
atio
n of
CC
F pa
ram
eter
s.
Sp
ecia
l Attr
ibut
e D
A-F0
1-S1
: Th
e Be
ta-fa
ctor
app
roac
h or
an
equi
vale
nt m
etho
d is
onl
y us
ed fo
r an
in
itial
scr
eeni
ng s
tep
with
scr
eeni
ng v
alue
s fo
r th
e pa
ram
eter
s. Fo
r th
e fin
aliz
ed m
odel
, a m
odel
is u
sed
whi
ch a
llow
s a
refin
ed r
epre
sent
atio
n of
failu
re c
ombi
natio
ns fo
r hig
her o
rder
redu
ndan
cies
.
RATI
ON
ALE:
Use
of t
he B
eta-
fact
or m
odel
may
mas
ks-o
ut in
term
edia
te
failu
re c
ombi
natio
ns fo
r equ
ipm
ent w
ith m
ore
than
two
redu
ndan
cies
. For
su
ch e
quip
men
t, th
e Be
ta-fa
ctor
mod
el d
oes n
ot p
rovi
de a
real
istic
de
scri
ptio
n of
CC
F ev
ents
.
EXAM
PLE
of m
ore
deta
iled
mod
ellin
g:
(a) A
lpha
Fac
tor M
odel
(b
) Bas
ic P
aram
eter
Mod
el
(c) M
ultip
le G
reek
Let
ter M
odel
(d
) Bin
omia
l Fai
lure
Rat
e M
odel
DA
-F02
G
ener
ic c
omm
on c
ause
failu
re p
roba
bilit
ies a
re u
sed.
R
ATI
ON
ALE
: Si
nce
CC
F ev
ents
are
rare
, unc
erta
intie
s in
estim
ates
of
CC
F pr
obab
ilitie
s are
rela
tivel
y la
rge.
For
man
y ap
plic
atio
ns, t
he u
se o
f ge
neric
par
amet
er v
alue
s is a
ccep
tabl
e, a
lthou
gh th
e co
nclu
sion
s fro
m th
e PS
A n
eed
to b
e as
sess
ed fo
r the
ir ro
bust
ness
with
resp
ect t
o th
e un
certa
inty
in th
e C
CF
prob
abili
ties.
Sp
ecia
l Attr
ibut
e D
A-F0
2-S1
:
Real
istic
com
mon
cau
se fa
ilure
pro
babi
litie
s con
sist
ent w
ith p
lant
-sp
ecifi
c de
sign
and
ope
ratio
nal p
ract
ices
, sup
port
ed b
y pl
ant-s
peci
fic
scre
enin
g an
d m
appi
ng o
f ind
ustr
y-w
ide
data
is u
sed
for d
omin
ant
com
mon
-cau
se e
vent
s.
RATI
ON
ALE:
CC
F ev
ents
usu
ally
hav
e a
maj
or im
pact
on
resu
lts. U
se o
f ge
neri
c C
CF
mod
el p
aram
eter
s may
mas
k-ou
t diff
eren
ces w
hich
ch
arac
teri
ze a
pplic
atio
ns.
CO
MM
ENT:
An
exam
ple
appr
oach
is p
rovi
ded
in N
URE
G/C
R-54
85 (s
ee
Ref.
[13]
). Al
tern
ativ
ely,
an
appr
oach
like
the
Part
ial B
eta-
fact
or is
use
d w
hich
is, h
owev
er, l
imite
d to
the
Beta
-fact
or C
CF
mod
el.
92
T
able
9.2
-G
Att
ribu
tes f
or D
ata
Ana
lysi
s: T
ask
DA
-G ‘H
andl
ing
of R
elia
bilit
y Pa
ram
eter
s Aff
ecte
d by
Pla
nt C
hang
es, H
andl
ing
of N
ew
Equ
ipm
ent’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
DA
-G
Plan
t cha
nges
may
aff
ect a
vaila
ble
relia
bilit
y pa
ram
eter
s by
chan
ging
ope
ratio
nal
cond
ition
s.
For n
ewly
add
ed e
quip
men
t, ne
w p
aram
eter
s are
requ
ired.
As f
or th
e ‘b
ase
case
PSA
’ dat
a an
alys
is, t
he p
aram
eter
est
imat
es a
re b
ased
on
rele
vant
gen
eric
indu
stry
and
pla
nt-s
peci
fic
evid
ence
[see
Tas
ks D
A-B
(Tab
le 9
.2-B
), D
A-C
(Tab
le 9
.2-A
C),
and
DA
-D (T
able
9.2
-A)]
. W
here
app
licab
le, g
ener
ic a
nd p
lant
-spe
cific
evi
denc
e ar
e in
tegr
ated
usi
ng a
ccep
tabl
e m
etho
ds to
obt
ain
plan
t-spe
cific
par
amet
er e
stim
ates
. Eac
h pa
ram
eter
est
imat
e is
ac
com
pani
ed b
y a
char
acte
rizat
ion
of th
e un
certa
inty
.
DA
-G01
If
mod
ifica
tions
to p
lant
des
ign
or o
pera
ting
prac
tice
lead
to a
con
ditio
n w
here
pas
t dat
a ar
e no
long
er re
pres
enta
tive
of c
urre
nt p
erfo
rman
ce li
mit
the
use
of o
ld d
ata:
a)
If th
e m
odifi
catio
n in
volv
es n
ew e
quip
men
t or a
pra
ctic
e w
here
sign
ifica
nt g
ener
ic
para
met
er e
stim
ates
are
ava
ilabl
e, p
aram
eter
est
imat
es u
pdat
ed w
ith p
lant
-spe
cific
dat
a as
it b
ecom
es a
vaila
ble
are
used
, or;
b)
If th
e m
odifi
catio
n is
uni
que
to th
e ex
tent
that
gen
eric
par
amet
er e
stim
ates
are
not
av
aila
ble
and
only
lim
ited
expe
rienc
e is
ava
ilabl
e fo
llow
ing
the
chan
ge, t
hen
the
impa
ct o
f the
cha
nge
is a
naly
sed
and
the
hypo
thet
ical
eff
ect o
n th
e hi
stor
ical
dat
a is
as
sess
ed to
det
erm
ine
to w
hat e
xten
t the
dat
a ca
n be
use
d (s
ee a
lso
Tabl
e 9.
2-E,
G
ener
al A
ttrib
ute
DA
-E02
).
93
T
able
9.2
-H
Att
ribu
tes f
or D
ata
Ana
lysi
s: T
ask
DA
-H ‘D
ocum
enta
tion’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
DA
-H
Doc
umen
tatio
n an
d in
form
atio
n st
orag
e is
per
form
ed in
a m
anne
r tha
t fac
ilita
tes p
eer r
evie
w,
as w
ell a
s fut
ure
upgr
ades
and
app
licat
ions
of t
he P
SA b
y de
scrib
ing
the
proc
esse
s tha
t wer
e us
ed a
nd p
rovi
ding
det
ails
of t
he a
ssum
ptio
ns m
ade
and
thei
r bas
es.
DA
-H01
Th
e fo
llow
ing
is d
ocum
ente
d:
a) S
yste
m a
nd c
ompo
nent
bou
ndar
ies u
sed
to e
stab
lish
com
pone
nt fa
ilure
pro
babi
litie
s;
b) G
roup
ing
crite
ria fo
r com
pone
nts
c) T
he m
odel
use
d to
eva
luat
e ea
ch b
asic
eve
nt p
roba
bilit
y;
d) S
ourc
es fo
r gen
eric
par
amet
er e
stim
ates
; e)
The
pla
nt-s
peci
fic so
urce
s of d
ata;
f)
The
tim
e pe
riods
for w
hich
pla
nt-s
peci
fic d
ata
wer
e ga
ther
ed;
g) K
ey a
ssum
ptio
ns m
ade
in th
e in
terp
reta
tion
of d
ata
and
the
reas
onin
g (b
ased
on
engi
neer
ing
judg
men
t, sy
stem
s mod
ellin
g, o
pera
tions
, and
stat
istic
al k
now
ledg
e)
supp
ortin
g its
use
in p
aram
eter
est
imat
ion;
h)
Jus
tific
atio
n fo
r exc
lusi
on o
f any
dat
a;
i) T
he b
asis
for t
he e
stim
ates
of c
omm
on c
ause
failu
re p
roba
bilit
ies,
incl
udin
g ju
stifi
catio
n fo
r scr
eeni
ng o
r map
ping
of g
ener
ic a
nd p
lant
-spe
cific
dat
a;
j) T
he ra
tiona
le fo
r any
dis
tribu
tions
use
d as
prio
rs fo
r Bay
esia
n up
date
s, w
here
app
licab
le;
k) P
aram
eter
est
imat
es in
clud
ing
the
char
acte
rizat
ion
of u
ncer
tain
ty a
s app
ropr
iate
.
DA
-H02
Th
e de
rivat
ion
of th
e pa
ram
eter
val
ues i
s doc
umen
ted.
The
info
rmat
ion/
data
base
is
docu
men
ted
and
stor
ed in
a w
ay, w
hich
allo
ws t
he re
prod
uctio
n of
the
data
ana
lysi
s tas
k fo
r ex
ampl
e fo
r rel
iabi
lity
para
met
er u
pdat
es.
Sp
ecia
l Attr
ibut
e D
A-H
02-S
1:
The
info
rmat
ion
from
the
data
ana
lysi
s inc
ludi
ng th
e da
taba
ses c
reat
ed is
pa
rt o
f the
PSA
mod
el a
nd d
ocum
enta
tion.
Thi
s dat
a in
clud
ing
the
data
base
s and
the
deta
iled
back
grou
nd in
form
atio
n is
stor
ed in
a
retr
ieva
ble
and
acce
ssib
le e
lect
roni
c fo
rm a
nd fo
rmat
. Due
to th
e am
ount
of
info
rmat
ion
aris
ing
from
the
data
ana
lysi
s tas
ks e
lect
roni
c st
orag
e of
th
is in
form
atio
n is
ess
entia
l for
man
y of
the
appl
icat
ions
.
RATI
ON
ALE:
Cer
tain
app
licat
ions
cou
ld b
e pr
actic
ally
pre
vent
ed
with
out t
he in
form
atio
n be
ing
avai
labl
e an
d ac
cess
ible
in th
is w
ay.
94
10. PSA ELEMENT ‘DF’: DEPENDENT FAILURES ANALYSIS
10.1. Main objectives The objective of the dependent failure analysis is to support other PSA elements with
dependent failure information and assure that all possible dependencies are correctly considered. Correctly modelling dependencies is essential to the development of the PSA model. The dependent failure analysis tasks provides the vehicle for confirming that all dependencies, including subtle dependencies, are included in the PSA, either by explicit modelling or by common cause failure modelling. Dependent failures to be considered and analysed are:
- Design related dependencies - Operational related dependencies - Physical dependencies - Initiator related dependencies - Residual dependencies (common cause failures)
It should be noted that the dependency analysis is exercised as part of almost all other
PSA elements. The categories of dependencies and PSA elements in which they are addressed are provided in Table 10.1. Dependencies that arise from area events (e.g. internal fires and floods) and external initiating events (e.g. earthquakes, high winds) are not included here since they are outside the scope of this publication.
Table 10.1 Dependence Categories and PSA Elements
Dependence Type
Dependence Category Analysis Procedure or Method PSA Elements
Functional dependencies
Development of accident sequences
Development of success criteria
Accident sequence analysis
Success criteria
Systems analysis
Support system dependencies
Development of system models Systems analysis
Accident sequence analysis (large event tree approach) D
esig
n R
elat
ed
Shared component dependencies
Development of system models Systems analysis
Ope
ratio
ns
Rel
ated
Human action dependencies
Development of accident sequences
Human reliability analysis
Modelling of support state initiating events
Initiating events analysis
Accident sequence analysis
Systems analysis
Human reliability analysis
95
Dependence Type
Dependence Category Analysis Procedure or Method PSA Elements
Common environmental effects
Development of accident sequences
Development of system models
Accident sequence analysis
Systems analysis
Phys
ical
Dynamic effects Physical analyses Initiating events analysis (pipe breaks)
Initi
ator
Common cause initiating events
Analysis of operating experience, insights from other PSA studies, link from functional dependencies
Use of fault tree models
Initiating event analysis
Systems analysis
Res
idua
l D
epen
denc
ies Common cause
failures Definition of CCCGs
Use of accepted CCF model
Systems analysis
Data analysis
10.2. Dependent failure analysis tasks and their attributes
Table 10.2 lists the main tasks for the PSA element ‘Dependent Failure Analysis’.
Tables 10.2-A through 10.2-G present the description of general and special attributes for these tasks.
Table 10.2 Main Tasks for Dependent Failure Analysis
Task ID Task Content
DF-A Design Related Dependency Analysis
DF-B Operations Related Dependency Analysis
DF-C Physical Dependency Analysis
DF-D Common Cause Initiating Event Analysis
DF-E Common Cause Failure Analysis
DF-F Subtle Interactions
DF-G Documentation
96
T
able
10.
2-A
Att
ribu
tes f
or D
epen
dent
Fai
lure
Ana
lysi
s: T
ask
DF-
A ‘
Des
ign
Rel
ated
Dep
ende
ncy
Ana
lysi
s’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
DF-
A
The
desi
gn re
late
d de
pend
enci
es a
re in
clud
ed in
the
acci
dent
sequ
ence
and
syst
em m
odel
s.
DF-
A01
Fu
nctio
nal d
epen
denc
ies a
re a
ddre
ssed
in th
e st
ruct
ure
of th
e ac
cide
nt se
quen
ces m
odel
s.
EXA
MPL
ES:
Func
tiona
l dep
ende
nce
- (B
WR
): if
depr
essu
rizat
ion
of
the
reac
tor f
ails
, the
low
pre
ssur
e in
ject
ion
func
tion
is g
uara
ntee
d to
fail.
(PW
R):
if lo
w p
ress
ure
inje
ctio
n fa
ils, t
he re
circ
ulat
ion
func
tion
fails
.
DF-
A02
Su
ppor
t sys
tem
dep
ende
ncie
s are
mod
elle
d by
link
ing
syst
em m
odel
s (e.
g. fa
ult t
rees
) th
roug
h ap
prop
riate
tran
sfer
gat
es (f
ault
tree
linki
ng a
ppro
ach)
, or b
y de
velo
ping
mod
els f
or
each
supp
ort s
yste
m st
ate
(larg
e ev
ent t
ree/
supp
ort s
tate
/eve
nt tr
ee li
nkin
g ap
proa
ch).
CO
MM
ENT:
The
cor
rect
iden
tific
atio
n of
impl
icit
syst
em d
epen
denc
ies
(not
evi
dent
from
sche
mat
ics)
is c
ruci
al. T
hus,
depe
nden
ce o
n am
bien
t en
viro
nmen
tal c
ondi
tions
is a
lso
a de
sign
dep
ende
nce.
EXA
MPL
E: T
he d
epen
denc
e on
room
tem
pera
ture
and
thus
on
the
vent
ilatio
n sy
stem
and
on
the
room
hea
ting
syst
em
DF-
A03
C
omm
on c
ompo
nent
dep
ende
ncie
s are
mod
elle
d in
the
faul
t tre
es (f
ault
tree
linki
ng
appr
oach
) or b
y ex
plic
itly
incl
udin
g th
e co
mpo
nent
as a
n ev
ent t
ree
bran
ch p
oint
(lar
ge
even
t tre
e/su
ppor
t sta
te/e
vent
tree
link
ing
appr
oach
).
97
T
able
10.
2-B
Att
ribu
tes f
or D
epen
dent
Fai
lure
Ana
lysi
s: T
ask
DF-
B ‘O
pera
tions
Rel
ated
Dep
ende
ncy
Ana
lysi
s’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
DF-
B
Ope
ratio
nal r
elat
ed d
epen
denc
ies a
re a
ddre
ssed
in th
e st
ruct
ure
of th
e ac
cide
nt se
quen
ce
and
syst
em m
odel
s by
the
incl
usio
n of
hum
an fa
ilure
eve
nts.
RA
TIO
NA
LE:
This
cla
ss o
f dep
ende
ncy
addr
esse
s the
impa
ct o
f hum
an
actio
ns o
n th
e su
cces
s or f
ailu
re o
f fun
ctio
ns o
r sys
tem
s, an
d in
clud
es
both
pre
-initi
atin
g ev
ent a
ctio
ns, a
nd a
ctio
ns in
resp
onse
to c
hang
es in
pl
ant c
ondi
tions
(pre
curs
ors t
o in
itiat
ing
even
ts re
sulti
ng fr
om lo
ss o
f su
ppor
t sys
tem
s, an
d in
itiat
ing
even
ts).
CO
MM
ENT:
The
ana
lysi
s of o
pera
tiona
l rel
ated
dep
ende
ncie
s is
prim
arily
add
ress
ed in
the
Initi
atin
g Ev
ent A
naly
sis,
Acc
iden
t Seq
uenc
e A
naly
sis,
Syst
ems A
naly
sis,
and
Hum
an R
elia
bilit
y A
naly
sis.
DF-
B01
Pr
e-in
itiat
or o
pera
tiona
l rel
ated
dep
ende
ncie
s, i.e
. tho
se re
sulti
ng fr
om
test
/mai
nten
ance
/cal
ibra
tion
erro
rs (p
re-in
itiat
or e
rror
s) a
re in
clud
ed in
the
appr
opria
te
syst
em m
odel
s. (S
ee a
lso
Task
s HR
-A th
roug
h H
R-C
[Tab
les 8
.2-A
thro
ugh
8.2-
C])
.
DF-
B02
Th
e de
pend
enci
es a
risin
g fr
om th
e ne
ed fo
r ope
rato
r int
erve
ntio
n in
the
case
of p
artia
l su
ppor
t sys
tem
failu
res (
e.g.
loss
of a
trai
n of
com
pone
nt c
oolin
g w
ater
syst
em) a
s cal
led
for b
y em
erge
ncy
oper
atin
g pr
oced
ures
are
add
ress
ed in
the
syst
em m
odel
s use
d to
eva
luat
e th
e in
itiat
ing
even
t fre
quen
cy.
DF-
B03
D
epen
denc
y of
func
tions
or s
yste
ms o
n op
erat
or in
terv
entio
n fo
llow
ing
an in
itiat
ing
even
t is
mod
elle
d in
the
stru
ctur
e of
the
acci
dent
sequ
ence
and
syst
em m
odel
s (se
e H
R-E
and
H
R-F
).
DF-
B04
Th
e va
lues
of t
he H
EPs u
sed
for t
he H
FEs a
re a
ppro
pria
te fo
r the
pla
nt-s
peci
fic a
nd
scen
ario
- spe
cific
con
ditio
ns. (
See
also
Tas
ks H
R-D
(Tab
le 8
.2-D
) and
HR
-G (T
able
8.2
-G
)).
RA
TIO
NA
LE:
The
perf
orm
ance
of t
he o
pera
tors
, in
parti
cula
r for
re
spon
se a
ctio
ns, i
s con
ditio
ned
by a
num
ber o
f fac
tors
that
are
dep
ende
nt
on th
e sc
enar
io c
hara
cter
istic
s.
DF-
B05
Th
e de
pend
ence
bet
wee
n H
EPs a
ppea
ring
in th
e sa
me
cuts
et is
ass
esse
d an
d th
e va
lues
ch
ange
d as
app
ropr
iate
. (Se
e al
so T
able
8.2
-D, G
ener
al A
ttrib
ute
HR
-D04
, and
Tab
le 8
.2-
G, G
ener
al A
ttrib
ute
HR
-G07
).
98
T
able
10.
2-C
Att
ribu
tes f
or D
epen
dent
Fai
lure
Ana
lysi
s: T
ask
DF-
C: ‘
Phys
ical
Dep
ende
ncy
Ana
lysi
s’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
DF-
C
Dep
ende
ncie
s tha
t aris
e be
caus
e of
deg
rada
tion
of th
e en
viro
nmen
t of t
he p
lant
equ
ipm
ent
are
addr
esse
d. T
hese
incl
ude
dyna
mic
effe
cts o
f a p
ipe
brea
k an
d se
cond
ary
effe
cts o
f ot
her i
nitia
ting
even
ts a
nd e
vent
s occ
urrin
g du
ring
an a
ccid
ent s
cena
rio th
at c
an c
ause
fa
ilure
s of s
afet
y re
late
d eq
uipm
ent,
whi
ch is
nee
ded
for t
he m
itiga
tion
of th
e in
itiat
ing
even
t or f
ailu
res o
f whi
ch c
an m
ake
the
initi
atin
g ev
ent w
orse
.
DF-
C01
Th
e an
alys
is sc
ope
for t
he p
hysi
cal d
epen
denc
ies i
nclu
des t
he fo
llow
ing
cate
gorie
s of
phen
omen
a (s
ee a
lso
Tabl
e 5.
2-C
, Gen
eral
Attr
ibut
e A
S-C
09, a
nd T
able
7.2
-C, G
ener
al
Attr
ibut
es S
Y-C
09, S
Y-C
10, S
Y-C
11):
Cat
egor
y 1
Impa
cts o
f pip
e w
hip,
pro
ject
iles,
and
wat
er/s
team
jets
in c
ase
of p
ipe
brea
ks,
vess
el ru
ptur
es, e
tc.;
the
influ
ence
s can
be
dire
cted
to a
djac
ent e
quip
men
t or
build
ing
stru
ctur
es.
Cat
egor
y 2
Con
sequ
ence
s of i
ncre
ased
hum
idity
and
tem
pera
ture
.
Cat
egor
y 3
D
istri
butio
n of
isol
atio
n w
ool m
ater
ial a
nd b
lock
ing
of th
e re
circ
ulat
ion
flow
(p
ost –
LOC
A).
RA
TIO
NA
LE:
Phys
ical
effe
cts c
an su
bsta
ntia
lly re
duce
the
miti
gatio
n po
ssib
ilitie
s.
99
T
able
10.
2-D
Att
ribu
tes f
or D
epen
dent
Fai
lure
Ana
lysi
s: T
ask
DF-
D ‘
Com
mon
Cau
se In
itiat
ing
Eve
nt A
naly
sis’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
DF-
D
An
anal
ysis
of c
omm
on c
ause
initi
atin
g ev
ents
is p
erfo
rmed
.
DF-
D01
C
omm
on c
ause
initi
atin
g ev
ents
are
iden
tifie
d an
d in
clud
ed in
the
PSA
mod
el a
s nec
essa
ry.
(See
als
o Ta
ble
4.2-
A, G
ener
al A
ttrib
utes
IE-A
04, I
E-A
06, a
nd T
able
4.2
-E, G
ener
al
Attr
ibut
e IE
-E03
).
CO
MM
ENTS
: A
com
mon
cau
se in
itiat
or (C
CI)
is a
n ev
ent c
ausi
ng a
tra
nsie
nt (o
r req
uirin
g m
anua
l shu
tdow
n) a
nd a
t the
sam
e tim
e de
grad
ing
one
or m
ore
safe
ty fu
nctio
ns th
at m
ay b
e ne
eded
afte
r the
tran
sien
t/shu
t-do
wn.
CC
Is a
re re
stric
ted
to fa
ilure
s occ
urrin
g in
side
the
plan
t sys
tem
s, su
ch a
s fa
ilure
s in
the
cont
rol a
nd p
rote
ctio
ns sy
stem
s, el
ectri
c po
wer
supp
ly
syst
em, s
ervi
ce w
ater
syst
em o
r oth
er su
ppor
t sys
tem
s.
The
CC
I ana
lysi
s is u
sual
ly a
par
t of t
he In
itiat
ing
Even
ts D
efin
ition
and
G
roup
ing
Task
and
the
Syst
ems A
naly
sis T
ask,
exc
ept f
or th
e m
odel
ling
of th
e pl
ant r
espo
nse
to a
n id
entif
ied
and
impo
rtant
CC
I, w
hich
bel
ongs
to
the
Acc
iden
t Seq
uenc
e A
naly
sis.
100
T
able
10.
2-E
Att
ribu
tes f
or D
epen
dent
Fai
lure
Ana
lysi
s: T
ask
DF-
E ‘
Com
mon
Cau
se F
ailu
re A
naly
sis’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
DF-
E
A c
ompo
nent
com
mon
cau
se fa
ilure
ana
lysi
s (C
CF)
is p
erfo
rmed
.
DF-
E01
Com
mon
cau
se fa
ilure
s are
incl
uded
in th
e sy
stem
mod
els a
s app
ropr
iate
(see
Tas
ks S
Y-C
in
Tab
le 7
.2-C
and
DA
-F in
Tab
le 9
.2-F
). R
ATI
ON
ALE
: W
hile
man
y so
urce
s of d
epen
denc
y ca
n be
mod
elle
d ex
plic
itly
in th
e PS
A m
odel
, the
re a
re fa
ilure
mec
hani
sms a
t the
co
mpo
nent
leve
l tha
t can
resu
lt in
mul
tiple
star
t fai
lure
s whe
n co
mpo
nent
s are
dem
ande
d or
mul
tiple
com
pone
nt fa
ilure
s with
in th
e m
issi
on ti
me
requ
ired
of th
ose
com
pone
nts.
Thes
e ar
e th
e so
-cal
led
‘com
mon
cau
se fa
ilure
s’.
101
T
able
10.
2-F
Att
ribu
tes f
or D
epen
dent
Fai
lure
Ana
lysi
s: T
ask
DF-
F ‘S
ubtle
Inte
ract
ions
’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
DF-
F A
n an
alys
is o
f sub
tle in
tera
ctio
n de
pend
enci
es is
per
form
ed.
DF-
F01
Ope
ratio
nal e
xper
ienc
e of
the
plan
t bei
ng a
naly
sed
and
sim
ilar p
lant
s is r
evie
wed
to
iden
tify
even
ts th
at in
volv
e un
usua
l dep
ende
nt e
ffec
ts. P
SA m
odel
add
ress
es th
ese
effe
cts.
Spec
ial A
ttrib
ute
DF-
F01-
S1:
His
tori
cal e
vent
s tha
t inv
olve
unu
sual
dep
ende
nt e
ffect
s are
revi
ewed
to
dete
rmin
e w
heth
er su
ch o
ccur
renc
es c
an o
ccur
at t
he p
lant
bei
ng
anal
ysed
.
RATI
ON
ALE:
A st
ruct
ured
iden
tific
atio
n an
d co
nsid
erat
ion
of su
btle
in
tera
ctio
ns m
ay b
e ne
eded
for c
ompl
eten
ess p
urpo
ses.
CO
MM
ENT:
So
calle
d su
btle
dep
ende
ncie
s5 are
not
ord
inar
y fu
nctio
nal
depe
nden
cies
but
are
spec
ific
to a
ctua
l dem
and
cond
ition
s, w
hen
the
plan
t sys
tem
s are
act
uate
d an
d op
erat
ed u
nder
tran
sien
t or e
mer
genc
y co
nditi
ons.
Typi
cally
, sub
tle d
epen
denc
ies a
re n
ot d
etec
ted
in n
orm
al o
pera
tion
or b
y su
rvei
llanc
e te
sts.
The
inte
ract
ion
betw
een
syst
ems o
r sub
syst
ems c
an b
e tr
ansm
itted
by
the
proc
ess m
ediu
m, v
ia su
ppor
t sys
tem
rout
es o
r in
dire
ctly
via
ope
ratin
g en
viro
nmen
t, e.
g. te
mpe
ratu
re, h
umid
ity, p
ress
ure
wav
es o
r vib
ratio
n.
Subt
le d
epen
denc
ies a
re e
ither
func
tiona
l or p
hysi
cal,
but t
hey
are
diffi
cult
to fo
rese
e. Id
entif
ied
subt
le d
epen
denc
ies c
an b
e tr
eate
d by
ex
plic
it m
odel
ling,
or c
onsi
dere
d in
the
CC
F m
odel
s.
EXAM
PLES
: A
list o
f sub
tle in
tera
ctio
ns c
an b
e fo
und
in N
URE
G-1
150
(see
Ref
. [17
]).
5 Sub
tle d
epen
denc
ies a
re a
lso
calle
d ‘s
yste
m in
tera
ctio
ns’ o
r ‘su
btle
inte
ract
ions
’.
102
T
able
10.
2-G
Att
ribu
tes f
or D
epen
dent
Fai
lure
Ana
lysi
s: T
ask
DF-
G ‘
Doc
umen
tatio
n’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
DF-
G
Doc
umen
tatio
n an
d in
form
atio
n st
orag
e is
per
form
ed i
n a
man
ner
that
fac
ilita
tes
peer
re
view
, as
wel
l as
futu
re u
pgra
des
and
appl
icat
ions
of t
he P
SA b
y de
scrib
ing
the
proc
esse
s th
at w
ere
used
and
pro
vidi
ng d
etai
ls o
f the
ass
umpt
ions
mad
e an
d th
eir b
ases
.
DF-
G01
Fu
nctio
nal d
epen
denc
ies a
re d
ocum
ente
d in
the
form
of c
ompo
nent
info
rmat
ion
tabl
es a
nd
syst
em d
epen
denc
y m
atric
es in
a c
lear
and
trac
eabl
e m
anne
r. C
OM
MEN
T: It
is u
sefu
l to
prod
uce
an in
tegr
ated
dep
ende
ncy
mat
rix to
pr
ovid
e an
ove
rvie
w o
f the
func
tiona
l dep
ende
ncie
s ove
r all
syst
ems.
Sp
ecia
l Attr
ibut
e D
F-G
01-S
1:
The
info
rmat
ion
cont
aine
d in
the
com
pone
nt in
form
atio
n ta
bles
, pr
otec
tion
sign
al ta
bles
, dep
ende
ncy
mat
rice
s etc
. is s
tore
d in
a
rela
tiona
l dat
abas
e.
CO
MM
ENT:
Doc
umen
tatio
n of
com
plex
and
inte
rrel
ated
dat
a in
the
form
of
a re
latio
n da
taba
se is
impo
rtan
t for
app
licat
ions
bas
ed o
n Li
ving
PSA
(R
isk
Mon
itor)
.
DF-
G02
Th
e sp
ecifi
c as
sum
ptio
ns a
nd li
mita
tions
con
cern
ing
func
tiona
l dep
ende
ncie
s are
do
cum
ente
d.
EXA
MPL
ES: T
he fo
llow
ing
item
s are
exa
mpl
es o
f gen
eric
ass
umpt
ions
an
d lim
itatio
ns:
- In
som
e pl
ant r
oom
s, th
e fa
ilure
of r
oom
coo
ling/
heat
ing
can
cons
titut
e a
CC
I. Si
mila
rly, s
peci
fic fa
ilure
situ
atio
ns in
oth
er su
ppor
t sy
stem
s can
lead
to C
CIs
, whi
ch a
re a
naly
sed
sepa
rate
ly.
- Fa
ilure
of c
ompo
nent
pro
tect
ion
is n
ot c
onsi
dere
d as
failu
re if
it is
lik
ely
that
the
com
pone
nt w
ill su
rviv
e th
e de
man
d an
d ne
eded
m
issi
on ti
me
(will
fulfi
l the
safe
ty fu
nctio
n ev
en th
ough
deg
rade
d).
DF-
G03
Fo
r the
CC
I ana
lysi
s, th
e fo
llow
ing
is d
ocum
ente
d:
- D
escr
iptio
n of
the
CC
I ide
ntifi
catio
n pr
oces
s as d
efin
ed in
the
Initi
atin
g Ev
ents
D
efin
ition
and
Gro
upin
g Ta
sk
- Li
st o
f the
CC
Is c
onsi
dere
d as
initi
atin
g ev
ents
with
a re
fere
nce
whe
re th
e as
soci
ated
ac
cide
nt se
quen
ce a
naly
sis a
nd e
vent
tree
mod
ellin
g ar
e de
scrib
ed
- C
CIs
that
wer
e sc
reen
ed o
ut.
Com
plex
cas
es a
re d
iscu
ssed
in th
e in
itiat
ing
even
t ana
lysi
s or i
n th
e co
rres
pond
ing
syst
ems
anal
ysis
repo
rt, in
ord
er to
exp
lain
the
deta
ils o
f the
cau
sal m
odel
ling,
spec
ial i
nitia
tor
char
acte
ristic
s and
der
ivat
ion
of th
e in
itiat
or fr
eque
ncy.
DF-
G04
Fo
r the
phy
sica
l dep
ende
ncy
anal
ysis
, the
follo
win
g is
doc
umen
ted:
- Ex
tens
ions
to L
OC
A a
nd tr
ansi
ent c
ateg
orie
s -
Ref
inem
ents
to a
ccid
ent s
eque
nce
mod
els o
f LO
CA
s and
tran
sien
ts
- Ev
alua
tion
of c
onta
inm
ent s
ump
oper
abili
ty.
103
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
DF-
G05
Fo
r the
CC
F an
alys
is, t
he fo
llow
ing
is d
ocum
ente
d:
- Id
entif
icat
ion
and
defin
ition
of C
CC
Gs
- A
ll C
CC
Gs a
nd c
ompo
nent
s inc
lude
d
- Tr
eatm
ent o
f int
ra-s
yste
m a
nd in
ters
yste
m C
CFs
-
Mod
els u
sed
- Sp
ecia
l CC
F ev
ents
-
CC
F da
ta
- A
des
crip
tion
of h
ow C
CF
is im
plem
ente
d in
the
over
all P
SA m
odel
.
104
11. PSA ELEMENT ‘MQ’: MODEL INTEGRATION AND CDF QUANTIFICATION
11.1. Main objectives
The main objective of the model integration and quantification process is to develop an integrated plant-specific PSA model that will be used to estimate the core damage frequency and to develop an understanding of the contributors to core damage model (see also Section 12). The following principles should be met:
• The PSA model reflects the current design, operational practices (procedures,
configuration strategy), and the operational experience.
• The parameter uncertainties are considered in the model.
• The quantification is performed correctly, taking into account the dependencies discussed in Section 10.
• The results are reviewed to ensure that the solution reflects the plant characteristics.
• Illogical or incorrect minimal cutsets are removed.
• Recovery actions are applied to minimal cutsets that are assessed to be too conservative, as needed.
11.2. Model integration and CDF quantification tasks and their attributes
Table 11.2 lists the main tasks for the PSA element ‘Model Integration and CDF
Quantification’. Tables 11.2-A through 11.2-D provide the description of general and special attributes for these tasks.
Table 11.2 Main Tasks for Model Integration and CDF Quantification
Task ID Task Content
MQ-A Integrated Model
MQ-B Requirements on the Quantification
MQ-C Review and Modification of the Results
MQ-D Documentation
105
T
able
11.
2-A
Att
ribu
tes f
or M
odel
Inte
grat
ion
and
CD
F Q
uant
ifica
tion:
Tas
k M
Q-A
‘In
tegr
ated
Mod
el’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
MQ
-A
Con
stru
ctio
n of
an
inte
grat
ed p
lant
-spe
cific
PSA
mod
el fr
om th
e el
emen
ts a
ddre
ssed
in
Sect
ions
4 th
roug
h 10
is p
erfo
rmed
.
MQ
-A01
A
ll sy
stem
mod
els a
nd a
ccid
ent s
eque
nces
mod
els a
re in
tegr
ated
to p
rovi
de th
e lo
gic
stru
ctur
e of
the
PSA
mod
el.
For t
he fa
ult t
ree
linki
ng a
ppro
ach,
at e
ach
bran
ch p
oint
, the
cor
resp
ondi
ng fa
ult t
ree
is
solv
ed fo
r the
func
tion
or sy
stem
succ
ess c
riter
ia a
nd b
ound
ary
cond
ition
s tha
t ref
lect
the
scen
ario
spec
ific
plan
t con
ditio
ns.
Sup
port
syst
em d
epen
denc
ies a
re a
ddre
ssed
by
the
cons
iste
nt e
vent
-nam
ing
sche
me
used
for f
ault
tree
cons
truct
ion
and
esta
blis
hing
logi
c lin
ks
betw
een
the
syst
em m
odel
s (fr
ontli
ne-to
-sup
port
syst
ems,
supp
ort-t
o-su
ppor
t sys
tem
s).
For t
he e
vent
tree
link
ing
appr
oach
, the
pro
babi
litie
s of t
he b
ranc
h po
ints
(som
etim
es c
alle
d sp
lit fr
actio
ns) a
re c
ondi
tiona
l on
the
path
thro
ugh
the
even
t tre
e.
In b
oth
case
s, th
e co
nditi
ons i
nclu
de th
e im
pact
of t
he su
cces
s or f
ailu
re o
f fun
ctio
ns o
r sy
stem
s req
uire
d pr
ior t
o th
e fu
nctio
n or
syst
em o
f con
cern
, whi
ch h
as a
n im
pact
on
the
succ
ess c
riter
ia, b
oth
in te
rms o
f the
num
ber o
f tra
ins r
equi
red
and
the
timin
g fo
r req
uire
d fu
nctio
ns o
r sys
tem
s, w
hich
in tu
rn a
ffect
s the
hum
an re
liabi
lity
anal
ysis
app
ropr
iate
to th
e ev
ent.
RA
TIO
NA
LE:
Ther
e ar
e tw
o co
mm
only
use
d ap
proa
ches
to P
SA lo
gic
mod
el c
onst
ruct
ion:
the
so-c
alle
d fa
ult t
ree
linki
ng a
ppro
ach;
and
the
linke
d ev
ent t
ree
appr
oach
. Th
e fo
rmer
relie
s on
com
pute
r cod
es th
at u
se
Boo
lean
logi
c to
add
ress
dep
ende
ncie
s aris
ing
from
com
mon
com
pone
nts
or c
omm
on su
ppor
t sys
tem
s. F
or th
ese
mod
els,
the
use
of a
con
sist
ent
nam
ing
sche
me
for t
he e
vent
s and
gat
es in
the
faul
t tre
es is
ess
entia
l.
The
latte
r dep
ends
on
the
cons
iste
nt a
pplic
atio
n of
logi
c ru
les t
hat i
dent
ify
the
appr
opria
te c
ondi
tions
for t
he so
lutio
n of
sys
tem
mod
els s
o th
at th
e ev
ents
on
the
even
t tre
e ca
n be
trea
ted
as in
depe
nden
t.
CO
MM
ENT:
Ini
tiatin
g ev
ents
for w
hich
acc
iden
t seq
uenc
e ar
e no
t de
velo
ped,
but
that
are
ass
umed
to le
ad d
irect
ly to
cor
e da
mag
e sh
ould
al
so b
e in
clud
ed in
the
inte
grat
ed m
odel
. Ex
ampl
es th
at a
re so
met
imes
un
deve
lope
d in
clud
e IS
LOC
A, a
nd re
acto
r ves
sel r
uptu
re.
MQ
-A02
Fo
r the
faul
t tre
e lin
king
app
roac
h, lo
gic
loop
s are
cut
in a
man
ner t
hat m
inim
izes
loss
of
info
rmat
ion
and
does
not
pro
duce
ung
roun
ded
optim
istic
resu
lts b
y, fo
r exa
mpl
e, re
mov
ing
som
e of
the
depe
nden
cies
(by
negl
ectin
g pa
rts o
f the
supp
ort s
yste
m lo
gic
failu
re m
odel
).
RA
TIO
NA
LE: W
hen
faul
t tre
es a
re li
nked
to c
reat
e an
inte
grat
ed lo
gic
mod
el, l
ogic
loop
s can
app
ear d
ue to
mut
ual d
epen
denc
ies b
etw
een
supp
ort s
yste
ms,
e.g.
see
belo
w.
EXA
MPL
E: T
he c
lass
ical
exa
mpl
e is
des
crib
ed in
NU
REG
/CR
-272
8 (R
ef. [
18])
dea
ling
with
an
emer
genc
y di
esel
gen
erat
or d
epen
ding
on
serv
ice
wat
er fo
r coo
ling
whi
ch in
turn
requ
ires e
lect
ric p
ower
from
the
dies
el. M
any
cont
empo
rary
PSA
s hav
e re
fined
and
ext
ende
d m
odel
s for
el
ectri
cal p
ower
supp
lies a
nd c
ontro
l I&
C w
hich
may
cre
ate
mor
e co
mpl
ex lo
gic
loop
s. Th
ese
logi
c lo
ops h
ave
to b
e re
solv
ed, b
asic
ally
by
cutti
ng th
e lo
op a
t an
appr
opria
te p
lace
or l
evel
bec
ause
, oth
erw
ise,
the
mod
el c
anno
t be
reso
lved
and
qua
ntifi
ed. T
he c
uttin
g of
logi
c lo
ops i
s ca
rrie
d ou
t in
a m
anne
r, w
hich
min
imiz
es th
e lo
ss o
f inf
orm
atio
n an
d do
es
not p
rodu
ce n
on-c
onse
rvat
ive
resu
lts. I
t is c
arrie
d ou
t acc
ordi
ng to
a
defin
ed c
once
pt a
nd p
roce
dure
and
the
deta
ils o
f res
olvi
ng lo
gic
loop
s are
fu
lly d
ocum
ente
d.
106
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
MQ
-A03
Th
e in
itiat
ing
even
t fre
quen
cies
and
the
prob
abili
ties a
ssoc
iate
d w
ith b
asic
eve
nts o
f the
m
odel
are
con
sist
ent w
ith th
e de
finiti
ons o
f the
eve
nts i
n th
e co
ntex
t of t
he lo
gic
mod
el.
C
OM
MEN
T: T
he p
aram
eter
s are
def
ined
in su
ch a
way
that
they
re
pres
ent t
he p
lant
spec
ific
desi
gn a
nd o
pera
tiona
l exp
erie
nce
as w
ell a
s sc
enar
io sp
ecifi
c bo
unda
ry c
ondi
tions
(esp
ecia
lly im
porta
nt fo
r hum
an
erro
r pro
babi
litie
s) a
s dis
cuss
ed in
Sec
tions
4 -
10.
107
T
able
11.
2-B
Att
ribu
tes f
or M
odel
Inte
grat
ion
and
CD
F Q
uant
ifica
tion:
Tas
k M
Q-B
‘R
equi
rem
ents
on
the
Qua
ntifi
catio
n’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
MQ
-B
Solu
tion
of th
e m
odel
to d
eriv
e th
e lo
gica
l com
bina
tions
of e
vent
s lea
ding
to c
ore
dam
age
(e.g
. min
imal
cut
sets
) and
the
quan
tific
atio
n of
the
core
dam
age
freq
uenc
y is
per
form
ed
with
an
appr
opria
te c
ode.
CO
MM
ENT:
Thi
s pub
licat
ion
refe
rs to
min
imal
cut
sets
as a
n im
porta
nt
resu
lt of
PSA
. Thi
s ter
m a
pplie
s to
the
faul
t tre
e te
chni
que
for P
SA m
odel
s as
sum
ing
cohe
rent
logi
c m
odel
s. Fo
r non
-coh
eren
t log
ic m
odel
s, th
e co
rres
pond
ing
mat
hem
atic
al te
rm is
‘prim
e im
plic
ants
’.
EXA
MPL
E: T
he p
rior g
ener
atio
n of
cut
sets
is n
ot re
quire
d fo
r the
qu
antif
icat
ion.
Prim
e im
plic
ants
can
be
deriv
ed o
n th
e ba
sis o
f the
ge
nera
tion
of B
inar
y D
ecis
ion
Dia
gram
s (B
DD
s). B
DD
s are
a sp
ecifi
c re
pres
enta
tion
of S
truct
ural
Boo
lean
Log
ic F
unct
ions
of c
ompl
ex s
yste
ms
allo
win
g th
e ex
act q
uant
ifica
tion
of fa
ult t
rees
incl
udin
g no
n-co
here
nt
logi
c m
odel
s (m
odel
s usi
ng n
egat
ive
logi
c, i.
e. N
OT-
Gat
es).
MQ
-B01
Th
e co
mpu
ter c
ode
used
for s
olut
ion
and
quan
tific
atio
n of
the
PSA
mod
el is
ver
ified
and
va
lidat
ed, a
nd is
use
d on
ly w
ithin
its s
peci
fied
rang
e of
app
licab
ility
. Spe
cific
lim
itatio
ns o
f th
e co
de a
re re
cogn
ized
.
EXA
MPL
E fo
r spe
cific
lim
itatio
ns th
at m
ay o
ccur
in a
link
ed fa
ult t
ree
mod
el: I
f the
eve
nt tr
ee q
uant
ifica
tion
uses
a su
cces
s pro
babi
lity
of 1
, si
gnifi
cant
qua
ntifi
catio
n er
rors
can
occ
ur, i
f the
failu
re p
roba
bilit
y of
a
linke
d fa
ult t
ree
is h
igh.
MQ
-B02
Th
e PS
A m
odel
is so
lved
and
qua
ntifi
ed to
allo
w id
entif
icat
ion
of th
e si
gnifi
cant
sequ
ence
s co
ntrib
utin
g to
cor
e da
mag
e fr
eque
ncy.
MQ
-B03
Fo
r the
faul
t tre
e lin
king
app
roac
h, th
e fin
al tr
unca
tion
valu
e is
just
ified
by
a se
nsiti
vity
an
alys
is d
emon
stra
ting
that
the
core
dam
age
freq
uenc
y do
es n
ot si
gnifi
cant
ly c
hang
e, if
the
trunc
atio
n va
lue
is re
duce
d.
CO
MM
ENT:
A ru
le o
f thu
mb
says
that
the
trunc
atio
n va
lue
shou
ld b
e 3
orde
rs o
f mag
nitu
de lo
wer
than
the
dom
inan
t val
ue (e
.g. t
he C
DF)
that
is
cons
ider
ed. H
owev
er, o
nly
a se
nsiti
vity
stud
y ca
n as
sure
that
an
appr
opria
te tr
unca
tion
valu
e w
as a
pplie
d.
Sp
ecia
l Attr
ibut
e M
Q-B
03-S
1:
For t
he d
eriv
atio
n of
som
e im
port
ance
list
s (es
peci
ally
RAW
) the
tr
unca
tion
valu
e is
re-e
valu
ated
and
just
ified
. (Se
e al
so T
able
12.
2-A,
G
ener
al A
ttrib
ute
RI-A
03).
RATI
ON
ALE:
If th
is is
not
don
e, se
vera
l low
-pro
babi
lity
even
ts m
ight
be
excl
uded
from
the
impo
rtan
ce li
st w
hene
ver R
AW is
sign
ifica
nt fo
r the
ap
plic
atio
n.
Sp
ecia
l Attr
ibut
e M
Q-B
03-S
2:
If th
e ap
plic
atio
n is
rela
ted
to a
spec
ific
initi
atin
g ev
ent,
of a
spec
ific
grou
p of
sequ
ence
s, th
e at
trib
ute
is a
pplie
d fo
r tho
se c
ontr
ibut
ions
to
CD
F ra
ther
than
the
tota
l CD
F.
CO
MM
ENT:
Sen
sitiv
ity te
sts s
houl
d be
con
duct
ed fo
r the
set o
f res
ults
of
inte
rest
.
108
Ta
sk /
GA
D
escr
iptio
n of
Tas
k/G
ener
al A
ttrib
utes
Id
entif
ier a
nd D
escr
iptio
n of
Spe
cial
Attr
ibut
es (i
n Ita
lics)
R
atio
nale
/Com
men
ts/E
xam
ples
for:
Gen
eral
Attr
ibut
es a
nd
S
peci
al A
ttrib
utes
(in
Italic
s)
MQ
-B04
C
ore
dam
age
freq
uenc
y is
eva
luat
ed a
s a m
ean
valu
e an
d th
e un
certa
inty
dis
tribu
tion
char
acte
ristic
s are
pro
vide
d, fo
r the
tota
l CD
F an
d fo
r the
sign
ifica
nt in
divi
dual
acc
iden
t se
quen
ces.
Para
met
er u
ncer
tain
ties a
ssoc
iate
d w
ith H
EPs,
com
pone
nt re
liabi
lity
para
met
ers,
initi
atin
g ev
ent f
requ
enci
es, e
tc. a
re p
ropa
gate
d (v
ia fa
ult a
nd e
vent
tree
s) th
roug
h th
e m
odel
. C
orre
latio
ns b
etw
een
unce
rtain
ty d
istri
butio
ns a
re a
ddre
ssed
and
con
side
red
for t
he
unce
rtain
ty q
uant
ifica
tion.
Whe
n us
ing
a M
onte
Car
lo, o
r oth
er si
mul
atio
n ap
proa
ch, t
he n
umbe
r of s
imul
atio
ns u
sed
has b
een
dem
onst
rate
d to
pro
duce
stab
le re
sults
.
CO
MM
ENT:
A p
oint
est
imat
e ob
tain
ed b
y su
bstit
utin
g a
mea
n va
lue
for
each
par
amet
er in
the
min
imal
cut
set e
quat
ion,
with
out a
pro
paga
tion
of
unce
rtain
ty g
ives
an
appr
oxim
atio
n to
the
mea
n va
lue.
The
clo
sene
ss o
f th
e ap
prox
imat
ion
to th
e tru
e m
ean
valu
e de
pend
s on
the
failu
re e
vent
s in
clud
ed in
the
cuts
ets,
the
exte
nt o
f cor
rela
tion
betw
een
unce
rtain
ty
dist
ribut
ions
and
the
shap
e of
unc
erta
inty
dis
tribu
tions
invo
lved
.
MQ
-B05
W
hen
usin
g lo
gic
flags
(als
o de
sign
ated
as h
ouse
eve
nts)
, the
logi
c fla
g ev
ents
shou
ld e
ither
se
t to
be lo
gica
l tru
e or
fals
e (in
stea
d of
setti
ng th
e ba
sic
even
t pro
babi
lity
to 1
.0 o
r 0.0
), pr
ior t
o th
e qu
antif
icat
ion
of th
e se
quen
ces.
EXA
MPL
E: L
ogic
flag
s may
be
used
to m
odel
gua
rant
eed
succ
ess o
r fa
ilure
, or t
o sw
itch
on o
r off
the
mod
els c
orre
spon
ding
to d
iffer
ent
conf
igur
atio
ns.
109
T
able
11.
2-C
Att
ribu
tes f
or M
odel
Inte
grat
ion
and
CD
F Q
uant
ifica
tion:
Tas
k M
Q-C
‘R
evie
w a
nd M
odifi
catio
n of
the
Res
ults
’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
MQ
-C
The
task
incl
udes
a re
view
of r
esul
ts a
nd c
orre
ctio
ns to
the
inte
grat
ed m
odel
mad
e as
ne
cess
ary.
R
ATI
ON
ALE
: D
epen
ding
on
the
way
the
inte
grat
ed m
odel
has
bee
n de
velo
ped,
som
e po
st-p
roce
ssin
g of
the
resu
lts m
ay b
e ne
eded
as
disc
usse
d be
low
. A
revi
ew o
f the
resu
lts a
cts a
s a c
onfir
mat
ion
that
the
mod
el h
as b
een
inte
grat
ed c
orre
ctly
.
MQ
-C01
A
sam
ple
of si
gnifi
cant
min
imal
cut
sets
or s
eque
nces
of e
ach
even
t tre
e ty
pe is
revi
ewed
in
orde
r to
dete
rmin
e, if
the
logi
c of
the
min
imal
cut
sets
or s
eque
nces
is c
orre
ct. A
s a sp
ot
chec
k, a
sam
ple
of le
ss si
gnifi
cant
cut
sets
or s
eque
nces
is re
view
ed.
Min
imal
cut
sets
(or s
eque
nces
) con
tain
ing
even
ts th
at a
re m
utua
lly e
xclu
sive
but
app
ear
beca
use
of th
e ap
proa
ch to
mod
ellin
g (e
.g. i
f NO
T ga
tes a
re n
ot u
sed
to e
limin
ate
disa
llow
ed m
aint
enan
ce, o
r mul
tiple
initi
ator
s) a
re id
entif
ied
and
corr
ecte
d.
M
Q-C
02
Spec
ial A
ttrib
ute
MQ
-C02
-S1:
The
syst
em m
odel
s are
inco
rpor
ated
such
that
eac
h co
nfig
urat
ion
of a
sy
stem
(e.g
. no
mai
nten
ance
, mai
nten
ance
on
Trai
n A,
mai
nten
ance
on
Trai
n B,
etc
.) is
mod
elle
d se
para
tely
with
an
appr
opri
ate
time
frac
tion.
(S
ee a
lso
Tabl
e 7.
2-B,
Gen
eral
Attr
ibut
es S
Y-B0
2 an
d SY
-B08
).
RATI
ON
ALE:
A m
ore
deta
iled
mod
ellin
g ap
proa
ch re
quir
es le
ss p
ost-
proc
essi
ng, e
.g. i
n a
Risk
Mon
itor a
pplic
atio
n.
MQ
-C03
M
inim
um c
ut se
ts (o
r seq
uenc
es) c
onta
inin
g m
ultip
le o
pera
tor a
ctio
ns a
re id
entif
ied
and
the
degr
ee o
f dep
ende
ncy
asse
ssed
(see
Tab
le 8
.2-D
, Gen
eral
Attr
ibut
e H
R-D
04, a
nd T
able
8.
2-G
, Gen
eral
Attr
ibut
e H
R-G
07).
RA
TIO
NA
LE:
Bec
ause
the
depe
nden
cy b
etw
een
HFE
s is a
ccid
ent
scen
ario
dep
ende
nt, i
t is o
ften
addr
esse
d by
pos
t-pro
cess
ing
to a
djus
t the
co
mbi
ned
prob
abili
ty o
f the
set o
f dep
ende
nt H
FEs.
MQ
-C04
R
ecov
ery
actio
ns a
re in
clud
ed in
the
quan
tific
atio
n pr
oces
s in
appl
icab
le se
quen
ces a
nd
min
imal
cut
sets
. Rec
over
y ac
tions
cre
dite
d in
the
eval
uatio
n ar
e ei
ther
pro
cedu
raliz
ed o
r ha
ve re
ason
able
like
lihoo
d of
succ
ess a
ssum
ing
that
trai
ned
and
qual
ified
per
sonn
el a
re
perf
orm
ing
the
reco
very
act
ion(
s). (
See
also
Tas
k H
R-H
in T
able
8.2
-H).
110
T
able
11.
2-D
Att
ribu
tes f
or M
odel
Inte
grat
ion
and
CD
F Q
uant
ifica
tion:
Tas
k M
Q-D
‘D
ocum
enta
tion’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
MQ
-D
Doc
umen
tatio
n is
per
form
ed in
a m
anne
r tha
t fac
ilita
tes p
eer r
evie
w a
nd fu
ture
upg
rade
s.
The
follo
win
g as
pect
s of t
he m
odel
inte
grat
ion
and
CD
F qu
antif
icat
ion
proc
ess a
re d
ocum
ente
d:
- th
e in
tegr
atio
n pr
oces
s of a
ll fa
ult a
nd e
vent
tree
s;
- PS
A m
odel
ver
sion
;
- a
gene
ral d
escr
iptio
n of
the
quan
tific
atio
n pr
oces
s;
- th
e pr
oces
s and
the
resu
lts fo
r est
ablis
hing
the
trunc
atio
n va
lues
;
- so
ftwar
e ve
rsio
n an
d qu
antif
icat
ion
setu
p (tr
unca
tion
valu
es, e
tc.);
- th
e pr
oces
s and
the
resu
lts o
f the
qua
ntifi
catio
n re
view
;
- th
e m
ean
valu
e an
d th
e un
certa
inty
dis
tribu
tion
of th
e to
tal C
DF,
eac
h cl
ass o
f ini
tiatin
g ev
ents
, and
of s
igni
fican
t cor
e da
mag
e se
quen
ces;
- th
e ac
cide
nt se
quen
ces a
nd th
eir c
ontri
butin
g cu
t set
s.
M
Q-D
01
Spec
ial A
ttrib
ute
MQ
-D01
-S1:
W
hen
only
a fr
actio
n of
the
CD
F is
requ
ired
to b
e an
alys
ed fo
r an
appl
icat
ion,
th
e do
cum
enta
tion
supp
orts
this
ana
lysi
s.
111
12. PSA ELEMENT ‘RI’: RESULTS ANALYSIS AND INTERPRETATION
12.1. Main objectives The objective of the results analysis and interpretation activity is to derive an
understanding of those aspects of plant design and operation that have an impact on the risk. In addition, an important part of this task is to identify the key sources of uncertainty in the model and assess their impact on the results.
Uncertainties can be thought of as being of three main types:
• Parameter uncertainty: these are uncertainties in the values of the initiating event frequencies, component failure probabilities, human error probabilities, etc. These uncertainties can be propagated through the analysis to generate an assessment of the uncertainty on the overall quantitative results using standard methods. Parameter uncertainties are addressed in Section 11.
• Model uncertainty: There are questions with how to model certain failures (e.g. RCP seal LOCAs), or how to represent the impact of plant conditions on system success criteria, for example, for which there is no universally accepted approach. Typically, in PSAs, these model uncertainties are dealt with by making assumptions and adopting a specific model. In relatively rare cases, alternate models may be incorporated into the PSA, weighting each model by a probability representing the degree of belief in that model as being the most appropriate.
• Completeness uncertainty: This is the most difficult to deal with as it represents those contributors to risk that are not included in the model. If the PSA model only includes internal initiating events at power, the contributors to risk not modelled include external events, and alternate modes of operation. At a more subtle level, typically PSAs do not include contributions from errors of commission.
The significance to risk of individual contributors (initiating events, accident
sequences, functional failures, system failures, component failures, human failures, etc.) are explored to derive an understanding of the risk profile of the plant, i.e., what is the impact of various aspects of plant design and operation on risk. The impact of uncertainties and assumptions on the PSA results are addressed in order to determine the robustness of the conclusions concerning the risk profile. The analytical tools used for the analysis of results are importance analyses and sensitivity analyses.
12.2. Results analysis and interpretation tasks and their attributes
Table 12.2 lists the main tasks for the PSA element ‘Results Analysis and
Interpretation’. Tables 12.2-A through 12.2-C present the description of general and special attributes for these tasks.
112
Table 12.2 Results Analysis and Interpretation Tasks
Task ID Task Content
RI-A Identification of Significant Contributors
RI-B Assessment of Assumptions
RI-C Documentation
113
T
able
12.
2-A
Att
ribu
tes f
or R
esul
ts A
naly
sis a
nd In
terp
reta
tion:
Tas
k R
I-A
‘Ide
ntifi
catio
n of
Sig
nific
ant C
ontr
ibut
ors’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
RI-
A
The
task
incl
udes
iden
tific
atio
n of
sign
ifica
nt c
ontri
buto
rs to
the
risk
prof
ile o
f the
pla
nt.
RI-
A01
Si
gnifi
cant
con
tribu
tors
to C
DF
are
iden
tifie
d. T
he c
ontri
buto
rs a
re, i
n in
crea
sing
leve
l of
reso
lutio
n:
- In
itiat
ing
even
ts
- A
ccid
ent s
eque
nces
-
Key
safe
ty fu
nctio
n fa
ilure
s -
Syst
em fa
ilure
s -
Bas
ic e
vent
s
The
basi
c ev
ents
incl
ude:
-
Equi
pmen
t fai
lure
s or u
nava
ilabi
litie
s -
Com
mon
cau
se fa
ilure
s -
Hum
an fa
ilure
eve
nts
RI-
A02
Si
gnifi
cant
con
tribu
tors
to a
ccid
ent s
eque
nces
, key
safe
ty fu
nctio
ns, a
nd sy
stem
s are
id
entif
ied.
R
ATI
ON
ALE
: Rev
iew
s of t
he so
lutio
ns to
syst
em m
odel
s, fu
nctio
nal
mod
els a
nd a
ccid
ent s
eque
nces
are
an
esse
ntia
l par
t of t
he v
alid
atio
n of
th
e st
ruct
ure
of th
e pl
ant l
ogic
mod
el, a
nd fu
rther
mor
e, p
rovi
de a
dditi
onal
in
sigh
ts o
n th
e ris
k pr
ofile
of t
he p
lant
.
RI-
A03
W
hen
asse
ssin
g th
e si
gnifi
canc
e of
bas
ic e
vent
s usi
ng im
porta
nce
mea
sure
s tha
t inv
olve
se
tting
failu
re p
roba
bilit
ies t
o un
ity, s
uch
as th
e ris
k ac
hiev
emen
t wor
th (R
AW
), th
e as
sess
men
t is p
erfo
rmed
by
reso
lvin
g th
e PS
A m
odel
rath
er th
an re
-qua
ntify
ing
a pr
e-so
lved
cut
set l
ist.
RA
TIO
NA
LE:
A c
utse
t lis
t gen
erat
ed w
ith to
o hi
gh tr
unca
tion
valu
e w
ill
excl
ude
som
e co
mpo
nent
s and
ther
efor
e th
eir R
AW
val
ues a
re id
entic
ally
un
ity.
An
alte
rnat
ive
to re
solv
ing
the
mod
el is
to u
se a
cut
set e
quat
ion
solv
ed a
t a lo
wer
trun
catio
n va
lue.
114
T
able
12.
2-B
Att
ribu
tes f
or R
esul
ts A
naly
sis a
nd In
terp
reta
tion:
Tas
k R
I-B
‘Ass
essm
ent o
f Ass
umpt
ions
’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
RI-
B
Ass
essm
ent o
f the
sign
ifica
nce
of k
ey a
ssum
ptio
ns a
nd m
odel
unc
erta
intie
s is p
erfo
rmed
.
RI-
B01
Si
gnifi
cant
sour
ces o
f mod
el u
ncer
tain
ty a
re id
entif
ied
(see
the
com
men
t).
CO
MM
ENT:
A m
odel
unc
erta
inty
is o
ne a
ssoc
iate
d w
ith th
e m
odel
ling
of a
n is
sue
or p
heno
men
on, f
or w
hich
ther
e is
no
cons
ensu
s app
roac
h.
Such
mod
el u
ncer
tain
ties a
re ty
pica
lly a
ddre
ssed
by
adop
ting
one
of a
nu
mbe
r of m
odel
s, or
mak
ing
an a
ssum
ptio
n ab
out t
he im
pact
of a
ph
enom
enon
on
the
oper
abili
ty o
f a sy
stem
or f
unct
ion.
A si
gnifi
cant
so
urce
of u
ncer
tain
ty is
one
whe
re th
e ad
optio
n of
a d
iffer
ent m
odel
or a
di
ffere
nt a
ssum
ptio
n ca
n al
ter t
he si
gnifi
canc
e of
a c
ontri
buto
r. Si
nce
diffe
rent
app
licat
ions
mak
e us
e of
diff
eren
t res
ults
, the
sign
ifica
nt so
urce
s of
unc
erta
inty
will
diff
er b
etw
een
appl
icat
ions
.
RA
TIO
NA
LE:
Whe
n th
e re
sults
of t
he P
SA a
re to
be
used
for d
ecis
ion
mak
ing,
the
deci
sion
-mak
er n
eeds
to b
e aw
are
of th
e im
pact
of t
he
unce
rtain
ties o
n th
e PS
A re
sults
use
d in
the
deci
sion
(see
RI-
B02
).
EXA
MPL
ES o
f pot
entia
l sou
rces
of m
odel
unc
erta
inty
incl
ude:
-
Succ
ess c
riter
ia
- R
CP
seal
LO
CA
mod
el
- A
ssum
ptio
ns a
bout
the
nece
ssity
for r
oom
coo
ling
- C
hoic
e of
qua
ntifi
catio
n m
odel
for h
uman
err
or p
roba
bilit
ies.
RI-
B02
Th
e ef
fect
of a
sign
ifica
nt a
ssum
ptio
n on
the
resu
lts is
ass
esse
d by
per
form
ing
sens
itivi
ty
stud
ies,
usin
g di
ffer
ent p
laus
ible
ass
umpt
ions
.
RA
TIO
NA
LE:
Und
erst
andi
ng o
f the
impa
ct o
f mod
ellin
g un
certa
inty
on
the
resu
lts o
f the
PSA
is c
ruci
al to
a d
ecis
ion-
mak
er.
An
exce
ptio
n ca
n be
w
hen
a pa
rticu
lar m
odel
has
bee
n ap
prov
ed a
s the
stan
dard
mod
el.
CO
MM
ENT:
Som
e se
nsiti
vity
stud
ies c
an b
e pe
rfor
med
by
chan
ges t
o pa
ram
eter
val
ues,
or tu
rnin
g of
f par
ts o
f the
mod
el to
repr
esen
t gro
ups o
f fa
ilure
. O
ther
s may
invo
lve
addi
ng n
ew p
ortio
ns to
the
mod
el.
Thes
e ar
e do
ne in
a m
anne
r con
sist
ent w
ith th
e re
leva
nt a
ttrib
utes
.
RI-
B03
Fo
r mod
el u
ncer
tain
ties o
r ass
umpt
ions
aff
ectin
g th
e sa
me
parts
of t
he P
SA m
odel
, se
nsiti
vity
stud
ies a
re p
erfo
rmed
sim
ulta
neou
sly
to d
eter
min
e w
heth
er th
ere
are
syne
rgis
tic
effe
cts.
RI-
B04
Th
e ch
oice
of t
he sp
ecifi
c as
sum
ptio
ns o
r mod
els a
dopt
ed fo
r the
bas
e ca
se m
odel
is
just
ified
. R
ATI
ON
ALE
: U
nder
stan
ding
the
reas
ons f
or c
hoos
ing
a sp
ecifi
c as
sum
ptio
n or
mod
el is
impo
rtant
for t
he d
ecis
ion-
mak
er.
115
T
able
12.
2-C
Att
ribu
tes f
or R
esul
ts A
naly
sis a
nd In
terp
reta
tion:
Tas
k R
I-C
‘D
ocum
enta
tion’
Task
/ G
A
Des
crip
tion
of T
ask/
Gen
eral
Attr
ibut
es
Iden
tifie
r and
Des
crip
tion
of S
peci
al A
ttrib
utes
(in
Italic
s)
Rat
iona
le/C
omm
ents
/Exa
mpl
es fo
r: G
ener
al A
ttrib
utes
and
Spe
cial
Attr
ibut
es (i
n Ita
lics)
RI-
C
Doc
umen
tatio
n of
resu
lts is
per
form
ed in
a w
ay th
at fa
cilit
ates
und
erst
andi
ng o
f the
te
chni
cal b
asis
for t
he si
gnifi
canc
e of
con
tribu
tors
.
RI-
C01
Th
e re
sults
of t
he a
naly
sis o
f the
sign
ifica
nce
of c
ontri
buto
rs a
re p
rese
nted
in a
var
iety
of
way
s to
char
acte
rize
the
risk
prof
ile o
f the
pla
nt, i
.e.,
wha
t are
the
aspe
cts o
f des
ign
and
oper
atio
nal p
ract
ices
that
hav
e an
impa
ct o
n ris
k, h
ow th
ey im
pact
risk
, and
why
.
RI-
C02
Th
e re
sults
of t
he se
nsiti
vity
ana
lyse
s are
doc
umen
ted
so th
at th
e im
pact
of e
ach
sign
ifica
nt
assu
mpt
ion
is c
hara
cter
ized
app
ropr
iate
ly, a
nd th
e ch
oice
of t
he a
ssum
ptio
n or
mod
el fo
r th
e ba
se c
ase
just
ified
.
116
13. DETERMINATION OF SPECIAL ATTRIBUTES FOR PSA APPLICATIONS As mentioned earlier in the publication, it is assumed that general attributes described
in the publication characterize a contemporary state of the art PSA performed with the aim of assessing the overall NPP safety. The special attributes provide elevated capabilities within particular PSA elements to meet special needs of PSA applications.
In order to indicate what specific features of PSA are needed for particular PSA
applications, Tables 13.1 through 13.6 were developed that provide information in a structured form on which special attributes are appropriate for the applications included in the PSA application categories defined in Section 2 and briefly described in Appendix II. The special attributes in these tables are distinguished as ‘essential’ and ‘supplemental’.
An essential special attribute emphasises a feature of a PSA element that is
considered to be important to generate the results needed to reliably support the PSA application. Failure to meet an essential special attribute may preclude meaningful use of the study for an intended application.
Supplemental special attributes are those that are not necessarily important for a
specific application but could further enhance the usefulness of the PSA by providing a greater level of detail, or improving confidence in the results. In general, it is expected that failure to meet a supplemental attribute does not have a significant impact on the overall results of the PSA application, but may limit the fidelity of the study for certain applications.
In the frame of this publication, it is difficult to foresee all possible PSA application
cases and their specific features. Therefore, the division into essential and supplemental special attributes is to some extent subjective but it is included here to provide a general orientation on the importance of the special attributes in relation to PSA applications. It should be also noted that there are cases when the same special attribute could be considered as essential for some of the applications and supplemental for the others.
Table 13.7 provides a mapping of the special attributes of the PSA elements to the list
of PSA applications presented in Section 2 thus providing an overview of what sets of the special attributes are appropriate for each application.
The following steps provide a practical approach to using the information presented in
this publication to determine the special attributes appropriate for the application of interest:
STEP (1) Identify the PSA application category(s) and specific application(s) from the list presented in Section 2. If needed, consult Appendix II to get supporting information characterizing PSA applications.
STEP (2) Consult Table 13.7 for the set of identifiers of essential and supplemental special
attributes relevant for the application.6 If several applications are planned, the corresponding attributes have to be selected and considered jointly.
6 In Table 13.7, the identifiers of essential special attributes are provided in bold underlined font. The identifiers of supplemental special attributes are provided in regular font.
117
STEP (3) Consult relevant information presented in Tables 13.1-13.6 in order to get understanding of what features of the PSA could be achieved if the special attributes are met.
STEP (4) Consult Section 3.1 to get information on which sections of the publication address
the selected special attributes.7 STEP (5) Consult corresponding Sections 4-12 of the publication to get information on the
content of the special attributes and the features of PSA elements needed to meet them.
7 The first two letters of the identifier of a special attribute indicate the corresponding PSA element.
118
Table 13.1 Safety Assessment
SA Identifier Relevance to Specific Applications in the Category
Essential Attributes
IE-F04-S1 The time trend analysis in relation to IEs provides important information for insights regarding the plant behaviour if changes in the number of specific events are observed at the plant (Application 1.2).
DA-E01-S1 A time trend analysis is important for the assessment of aging effects of the equipment and allows for gaining a realistic risk estimate for operating plant (Application 1.2).
Supplemental Attributes
IE-H02-S1 The availability of information on IEs in the form of an electronic database is useful for periodic PSA updating, which is often part of the periodic safety review (Application 1.2).
IE-A06-S1 Explicit consideration of IEs caused by operator errors, especially those with severe consequences, helps to gain additional insights regarding the plant protection against malevolent acts (Application 1.3).
IE-B01-S1 Reconsideration of the events (especially those with severe consequences), which were screened out based on low frequency in the ‘base case PSA’, helps to gain additional insights regarding the protection of the plant against malevolent acts (Application 1.3).
AS-C02-S1 Plant-specific realistic thermal hydraulic analyses are useful to assure a realistic representation of the specific plant features influencing the accident progression (Application 1.2).
AS-C04-S1 Analysis of the defence against malevolent acts may be enhanced by a thorough consideration of possible mitigation strategies taking into account the impact of malevolent acts for Application 1.3.
AS-C12-S1 Detailed modelling of ATWS sequences provides a better understanding of the impact of reactor protection system failures in the plant risk profile (Application 1.2).
AS-C15-S1 An expanded graphical representation of the accident progression is helpful for documenting the accident sequence models, as well as for understanding, updating, and use of the PSA for Applications 1.2 and 1.3.
SC-B01-S1 The use of proven computer codes and realistic models help to avoid conservative and simplifying success criteria which may mask out the differences or effects of changes (Application 1.2).
HR-G04-S1 The time windows for operator actions that are based on plant-specific thermal-hydraulic analyses provide a more realistic input in the HRA and thus promote getting plant-specific insights dealing with operator performance (Application 1.2).
DA-H02-S1 A periodic safety review requires an update of the reliability parameters, which in turn is facilitated by plant equipment failure data that are electronically retrievable and an evaluation that is retrievable and reproducible (Application 1.2).
DF-F01-S1 A structured identification and consideration of subtle interactions based on historical information from other plants is helpful for the completeness of the PSA model used for realistic estimation of changes in plant risk (Application 1.2).
DF-G01-S1 A relational database containing information on different dependencies and their interconnections is helpful for providing the completeness of the PSA model used for realistic estimation of changes in plant risk (Application 1.2).
119
Table 13.2 Design Evaluation
SA Identifier Relevance to Specific Applications in the Category
Essential Attributes
SY-C07-S1 Realistic estimation of the failure probabilities in specific system conditions provides important information for insights regarding the plant behaviour for newly designed NPPs (Application 2.1) or provides a better understanding of the deviations between an existing plant design and revised design-related rules (Application 2.2).
SY-C14-S1 SY-C15-S1
Consideration of inter-system common cause failures and more detailed modelling of CCF are important for realistic estimation of the plant risk for newly designed NPPs (Application 2.1); it provides also a better understanding of the deviations between an existing plant design and revised design-related rules (Application 2.2).
DA-F01-S1 Decisions on the number of redundancies and diversities to be included in the design require a detailed modelling of CCFs (Applications 2.1 and 2.2).
DA-C02-S1 For newly designed plants, when plant-specific data are not available, the choice of generic data becomes important for justifiable risk results (Application 2.1).
Supplemental Attributes
IE-A06-S1 Explicit consideration of IEs caused by operator errors helps to get additional insights regarding deficiencies in the control room design, plant procedures, and operator training. This additional consideration may be used for improvement of the design (Application 2.1).
IE-C02-S1 IE-C02-S2
More detailed grouping of the events at the design phase helps to identify and eliminate deficiencies in the systems design (Application 2.1).
AS-B03-S1 AS-C02-S1 AS-C03-S1 AS-C14-S1
Use of best estimate codes, plant specific t/h analyses, and best estimates of important modelling parameters may help to gain additional insights for evaluation of design features and possible alternatives (Application 2.1).
AS-C12-S1 Detailed modelling of ATWS sequences provides support for the evaluation of the effectiveness of reactor protection system design from the risk perspective (Application 2.1).
AS-C15-S1 An expanded graphical representation of accident progression is helpful for documentation of accident sequence models, as well as for understanding, updating, and use of the PSA (Application 2.1).
SC-B01-S1 The use of proven computer codes and realistic models help to avoid conservative and simplifying success criteria which may mask out differences or effects of changes (Application 2.2).
SY-B13-S1 Revisiting the components screening process promotes a more realistic estimation of the risk for newly designed NPPs at different stages of the design (Application 2.1) and a better understanding of the deviations between an existing plant design and revised design-related rules (Application 2.2).
SY-B15-S1 A detailed modelling of the components promotes a better appreciation of the risk impact of constituting parts of components for newly designed NPPs (Application 2.1) and provides a better understanding of the deviations between an existing plant design and revised design-related rules (Application 2.2).
HR-E01-S2 A search for plant states that could lead to conditions conducive to errors of commission can lead to the identification of defences to prevent such occurrences (Application 2.1).
DF-F01-S1 A structured identification and consideration of subtle interactions is helpful for modelling dependencies for newly designed NPPs (Application 2.1) and assessing the safety importance of deviations between an existing plant design and updated/revised design-related rules (Application 2.2).
120
SA Identifier Relevance to Specific Applications in the Category
DF-G01-S1 A relational database containing information on different dependencies is helpful for providing the completeness of the PSA model used for the assessment of safety importance of deviations between an existing plant design and updated/revised design-related rules (Application 2.2).
MQ-B03-S1 MQ-B03-S2 MQ-D01-S1
Use of reduced truncation values for quantification of the whole PSA model or in relation to the particular IEs of major interest may be useful for the assessment of safety importance of deviations between an existing plant design and updated/revised design-related rules (Application 2.2).
121
Table 13.3 NPP Operation
SA Identifier Relevance to Specific Applications in the Category
Essential Attributes
IE-B01-S1 It is important to reconsider the events screened out based on low frequency that are impacted by the equipment subjected to the TS exemption (Application 3.4.3).
IE-F04-S1 Time trend analysis is essential to assess the impact of components aging, which may be the cause for the changes in the number of IEs (Application 3.1.3).
AS-B03-S1 AS-C02-S1 AS-C03-S1 AS-C14-S1
Use of best estimate codes, plant specific t/h analyses, and best estimates of important modelling parameters is essential for adequate modelling of accident scenarios being addressed in the emergency operating procedures for Applications 3.2.1, 3.3.1, and 3.4.2.
AS-C04-S1 AS-C05-S1 AS-C06-S1
Incomplete modelling of accident progression dealing with requirements of plant emergency procedures may cause incomplete or inadequate coverage of accident scenarios for Applications 3.2.1, 3.3.1, and 3.4.2.
SY-B08-S1 The possibility to effectively handle maintenance basic events allows assessment of the impact of maintenance program optimization (Application 3.1.1), impact of improvements in maintenance personnel training program (Application 3.3.2), and is essential for the real time configuration assessment and control, configuration planning, exemptions to TS, justification for continued operation, and dynamic risk-informed TS (Application Group 3.4).
SY-B08-S2 Modelling of test and maintenance unavailabilities at train level is needed for the real time configuration assessment and control, configuration planning, exemptions to TS, justification for continued operation, dynamic risk-informed TS, and maintenance program optimization (Application 3.1.1 and Application Group 3.4).
SY-B08-S3 Symmetric models are needed for Risk Monitor type applications in order to avoid overestimation or underestimation of specific plant configurations (Application Group 3.4).
SY-B13-S1 SY-B15-S1
Maintenance program and ageing management may include more components than those already modelled in the system models and the models would need to be extended to the level of detail needed for the assessment of the impact of maintenance program optimization (Applications 3.1.1 and 3.1.3).
SY-B16-S1 Time-dependent modelling is needed for application dealing with changes to test activities (Application 3.4.1).
HR-G02-S1 The capability of the HRA method used to evaluate the impact of procedure changes is essential for Applications 3.2.1 and 3.2.2.
HR-G04-S1 The time line for the human interactions for dominant ASs defined based on realistic plant-specific thermal-hydraulic analyses is essential for the development and improvement of emergency operating procedures and improvement of operator training programs (Applications 3.2.1 and 3.3.1).
DA-B01-S1 Too broad grouping of components will prevent the identification of specific features of members of the group, which is of importance to maintenance planning and configuration control activities (Applications 3.1.1 and all of Application Group 3.4).
DA-D05-S1 Realistic representation in the model of surveillance tests and planned maintenance activities is essential for maintenance program optimization and configuration planning (Applications 3.1.1 and 3.4.1).
DA-E01-S1 The time trend analysis is essential for activities dealing with optimization of plant aging management program (Application 3.1.3).
MQ-C02-S1 A more detailed modelling of specific system configurations (e.g. maintenance on specific trains) is important for maintenance program optimization (Application 3.1.1) and all Risk Monitor type applications (Application Group 3.4).
122
SA Identifier Relevance to Specific Applications in the Category
Supplemental Attributes
IE-A06-S1 1) Changes in the maintenance program may impact the probability of operator errors leading to IEs. It is worthwhile to assess the influence of this particular aspect (Application 3.1.1). 2) It is useful to consider the IEs caused by operator errors to avoid adverse impact of changes in maintenance, tests, and training activities (Applications 3.3.1, 3.3.2, and 3.4.1), as well as to identify and assess the events caused by operator errors that may initiate an accident sequence with severe consequences (Applications 3.2.2 and 3.2.3). 3) It is useful to consider IEs caused by human errors while developing management training program (Application 3.3.3).
IE-B01-S1 1) Previously screened IEs caused by equipment failures may appear in the list with a higher frequency due to changes in the maintenance program (Application 3.1.1). 2) It is useful to re-consider low frequent events that have a potential to cause un-mitigated releases (Applications 3.2.2 and 3.2.3).
IE-F04-S1 The time trend analysis is useful in assessing the impact of changes in the maintenance, test, and training activities on the occurrence of IEs (Applications 3.3.1, 3.3.2, 3.3.3, and 3.4.1).
IE-H02-S1 An electronic IE database is helpful in assessing the impact of components aging, which may be the cause for the changes in the number of IEs (Application 3.1.3).
AS-B03-S1 AS-C02-S1 AS-C03-S1 AS-C14-S1
Use of best estimate codes, plant specific t/h analyses, and best estimate of important modelling parameters is useful for realistic modelling of accident scenarios being used for the improvement of management training programs based on plant-specific PSA insights (Application 3.3.3).
AS-C04-S1 AS-C05-S1 AS-C06-S1
A more complete modelling of accident progression dealing with requirements of plant emergency procedures is useful for the improvement of management training programs (Application 3.3.3).
AS-C15-S1 An expanded graphical representation of accident progression is helpful for documentation of accident sequence models, as well as for understanding, updating, and use of the PSA for Applications 3.3.1, 3.3.2, 3.3.3, and 3.4.2.
SY-B08-S1 SY-B08-S2
The possibility to effectively handle test and maintenance basic events may be useful for the improvement of operator training programs (Application 3.3.1).
SY-B13-S1 SY-B15-S1
Improvement of operator training programs may ask for inclusion of more components than those already modelled in the system models (Application 3.3.1).
HR-D06-S1 An identification of past problems can help to identify improvements in maintenance practices (Applications 3.1.1 and 3.3.2).
HR-E01-S1
Modelling of the actions to recover from the equipment failure to automatically initiate or change state may be useful for assessing specific impacts of changes in emergency operating procedures (Application 3.2.1).
HR-E01-S2 Identification of the conditions and plant status conducive to errors of commission could reduce the potential for such errors (Application 3.3.1).
HR-G04-S1 Improvement of the management training program would benefit from a more realistic HRA that use the time windows for operator actions which are based on plant-specific thermal-hydraulic analyses (Application 3.3.3).
DA-D05-S1 Realistic representation in the model of surveillance tests and planned maintenance activities is useful for getting insights for improvement of operator and management training programs (Applications 3.3.1 and 3.3.3).
DA-F01-S1 Detailed modelling of CCFs reflecting the combinations of redundancies/diversities would lead to a more accurate analysis to support plant configuration control (Application Group 3.4).
123
SA Identifier Relevance to Specific Applications in the Category
DA-F02-S1 Since CCFs often have a major impact on system unavailability, particularly in highly-redundant systems, a more realistic and specific modelling of CCF events would improve the plant configuration control applications (Application Group 3.4).
DF-F01-S1 DF-G01-S1
A structured identification and consideration of subtle interactions and availability of a relational database containing information on different dependencies is helpful for maintenance program optimization (Application 3.1.1), support for plant ageing management program (Application 3.1.3), development and improvement of the emergency operating procedures and NPP accident management (Applications 3.2.1 and 3.2.2). Availability of a database containing information on different dependencies provides possibility to efficiently maintain a living PSA model for Risk Monitor type applications (Application Group 3.4).
MQ-C02-S1 A more detailed modelling of specific system configurations (e.g. maintenance on specific trains) is helpful for the improvement of operator and management training programs (Applications 3.3.1 and 3.3.3).
124
Table 13.4 Permanent Changes to the Operating Plant
SA Identifier Relevance to Specific Applications in the Category
Essential Attributes
IE-A06-S1 It is important to verify that the changes to TS (e.g. transfer of equipment maintenance from shutdown to power operation) do not impose additional unacceptable risk caused by introducing a potential for new IEs due to operator errors (Applications 4.2.1 and 4.2.2). In addition, an understanding of how human errors during testing contribute to initiating event frequencies and component failures is needed to balance the positive and negative aspects of surveillance testing (Application 4.2.3).
IE-F04-S1 IE-H02-S1
The time trend analysis in relation to IEs and the incidence database are essential for the decisions on NPP upgrades, back-fitting activities, plant modifications, and life-time extension (Application Group 4.1).
AS-B03-S1 AS-C02-S1 AS-C03-S1 AS-C14-S1
Use of best estimate codes, plant specific t/h analyses, and best estimates of important modelling parameters is essential for adequate modelling of the accident scenarios being addressed in the emergency operating procedures (Application 4.1.1).
SC-B01-S1 The use of proven computer codes and realistic models helps to avoid conservative and simplifying success criteria; this is essential for the assessment of the effects of changes (Application 4.1.1).
SY-B08-S1 The possibility to effectively handle maintenance basic events allows assessing the impact of changes to the allowed outage time and required TS actions (Application 4.2.1).
SY-B08-S2 A detailed maintenance model allows an assessment of the impact of changes to the allowed outage time and required TS actions (Application 4.2.1).
SY-B08-S3 Symmetric models are essential for realistic evaluation of changes to AOT, required TS actions, surveillance test intervals, as well as for the equipment risk significance evaluation and evaluation of changes to QA requirements (Applications 4.2.1, 4.2.2, 4.2.3, 4.3.1, 4.3.2).
SY-B16-S1 Time-dependent failure models allow for the assessment of impact of NPP upgrades (Application 4.1.1), changes to the allowed outage time and required TS actions, changes to surveillance test intervals (Applications 4.2.1, 4.2.2, 4.2.3), and risk-informed in-service testing (Application 4.2.4).
SY-C01-S1 PSA applications dealing with optimization of ISI require adequate modelling of the impact of pipe ruptures if the latter are included in the model (Application 4.2.5).
DA-C02-S1 Use of generic sources of data for reliability parameters for new equipment should be justified (Application 4.1.1).
DA-E01-S1 A time trend analysis to explore the existing trends in the reliability parameters is important for Application 4.1.2.
MQ-C02-S1 A more detailed modelling of specific system configurations is important for applications dealing with changes in TS (Application Group 4.2).
Supplemental Attributes
IE-A06-S1 Analysis of the IEs caused by operator errors is useful to estimate the impact of changes in the in-service testing or plant modifications (Application 4.1.1 and 4.2.4).
IE-B01-S1 NPP upgrades and changes in in-service testing may increase the frequency of previously screened low frequent events (Applications 4.1.1 and 4.1.2).
IE-C02-S1 IE-C02-S2
Merging of the IE in a single group may mask the impact of plant modifications or changes in testing/inspections activities (Applications 4.1.1, 4.2.4, and 4.2.5).
IE-F04-S1 The time trend analysis in relation to IEs provides helpful information for decision making about equipment risk significance (Applications 4.1.2, 4.3.1, and 4.3.2).
IE-H02-S1 An electronic IE database is useful for Applications 4.1.1, 4.1.2, 4.3.1, and 4.3.2.
AS-C04-S1 Incomplete modelling of accident progression dealing with requirements of plant emergency
125
SA Identifier Relevance to Specific Applications in the Category
AS-C05-S1 AS-C06-S1
procedures may cause incomplete or inadequate coverage of accident scenarios for Application 4.1.1.
AS-C15-S1 An expanded graphical representation of accident progression is helpful for documentation of accident sequence models, as well as for understanding, updating, and use of the PSA for Application 4.1.1.
SY-B06-S1
Modelling of pipe failures in the PSA provides the possibility to more precisely assess the importance to risk of particular pipelines/pipe segments that would give a more robust input to the applications dealing with optimization of ISI (Application 4.2.5).
SY-B08-S1 SY-B08-S2
A realistic representation of test and maintenance unavailabilities in system models is useful for risk-informed in-service testing (Application 4.2.4).
SY-B13-S1 Other components than those originally modelled may need to be included in the PSA (Applications 4.1.1, 4.2.1, 4.2.2, 4.2.3, 4.2.5, 4.3.1, 4.3.2).
SY-B15-S1 SY-C15-S1
A deeper level of model resolution down to the level of details needed to assess the impact of specific changes associated with the application may be needed (Applications 4.1.1, 4.2.1, 4.2.3, 4.2.4, 4.2.5, 4.3.1, and 4.3.2).
SY-B16-S1 Time-dependent failure models are useful for the equipment risk significance evaluation and evaluation of the risk impact of changes to QA requirements (Applications 4.3.1 and 4.3.2).
HR-E01-S2 While it is not yet general practice to include errors of commission in the base PSA, it is advantageous to use information on the general causes of errors of commission to reduce the potential for introducing changes that could increase the likelihood of, or create conditions conducive to, errors of commission (all Applications in Category 4).
HR-G01-S1 Performing a detailed assessment of all HEPs may be useful in prioritising the NPP upgrades, back-fitting activities and plant modifications (Application 4.1.1).
DA-B01-S1 A finer level of resolution in identifying groups of components is helpful because too broad grouping can mask the specific features of group members (Application Group 4.2).
DA-D05-S1 A realistic representation of surveillance and maintenance activities is useful for assessing the impact of specific changes (Applications 4.1.1 and Application Group 4.2).
DA-F01-S1 DA-F02-S1
Because technical specifications such as allowed outage times relate to individual trains of systems, a detailed modelling of CCFs reflecting the number of redundancies/diversities and a realistic and specific modelling of CCF events is helpful for assessing the impact of common cause failures (Application Group 4.2).
DF-F01-S1 DF-G01-S1
Analysis of the risk impact of NPP upgrades and justification for lifetime extension may benefit from detailed identification and modelling of possible dependencies and availability of database containing information on different dependencies (Applications 4.1.1 and 4.1.2).
MQ-B03-S2 MQ-D01-S1
Use of reduced truncation values in relation to the particular IEs of major interest may be useful for the assessment of benefits from specific NPP upgrades (Application 4.1.1).
126
Table 13.5 Oversight Activities
SA Identifier Relevance to Specific Applications in the Category
Essential Attributes
IE-A06-S1 IE-B01-S1 IE-C02-S1
The lists of IEs and IE groups should be detailed enough to allow the evaluation of inspection findings and operational events (Applications 5.2.1 and 5.2.2).
SC-B01-S1 The use of proven computer codes and realistic models helps to avoid conservative and simplifying success criteria; this is essential for the assessment of a particular inspection finding or event (Application Group 5.2).
Supplemental Attributes
IE-F04-S1 The time trend analysis in relation to IEs provides useful information for decision making (Application Group 5.1).
IE-H02-S1 An electronic IE database is useful for Application Group 5.1.
All AS-SAs Detailed realistic representation of plant behaviour addressing different mitigation strategies would be helpful for adequate reflection of a wider range of inspection findings and operational events in the PSA model (Applications 5.2.1 and 5.2.2).
SY-B13-S1 SY-B15-S1 SY-C15-S1
More components may need to be included into the model for Application Group 5.2.
DA-B01-S1 DA-F01-S1 DA-F02-S1 DA-H02-S1
These SAs would result in a more detailed PSA and better understanding of particular performance issues (Applications 5.1.2, 5.1.3, Application Group 5.2).
DA-E01-S1 The time trend analysis is useful for the assessment of long term performance indicators (Application 5.1.2).
DF-F01-S1 DF-G01-S1
Detailed identification and modelling of possible dependencies and availability of database containing information on different dependencies is helpful for all Applications in Category 5.
MQ-B03-S1 MQ-B03-S2 MQ-D01-S1
Application of reduced truncation values may be useful for planning the inspection activities (Application 5.1.1), for the analysis of performance indicators (Applications 5.1.2 and 5.1.3), and for possibility to assess inspection findings and operational events (Applications 5.2.1 and 5.2.2).
MQ-C02-S1 A more detailed modelling of specific system configurations may be useful for planning the inspection activities and assessment of risk-based performance indicators (Application Group 5.1).
127
Table 13.6 Evaluation of Safety Issues
SA Identifier Relevance to Specific Applications in the Category
Essential Attributes
All SAs For Application Category 6 any of the special attributes may be required on a case-by-case basis depending on the issue to be analyzed. For these applications, the PSA model should be upgraded in a manner that would allow evaluating the impact associated with the considered measure or issue by the PSA model.
Supplemental Attributes
None
128
T
able
13.
7 M
appi
ng th
e Sp
ecia
l Attr
ibut
es o
f PSA
Ele
men
ts to
PSA
App
licat
ions
8
PSA
Ele
men
ts
PSA
App
licat
ion
Cat
egor
y PS
A A
pplic
atio
n G
roup
/ PS
A A
pplic
atio
n IE
A
S SC
SY
H
R
DA
D
F M
Q
RI
1.1
Ass
essm
ent o
f the
ove
rall
plan
t saf
ety
- -
- -
- -
- -
-
1.2
Per
iodi
c sa
fety
revi
ew
IE-F
04-S
1 IE
-H02
-S1
AS-
C02
-S1
AS-
C12
-S1
AS-
C15
-S1
SC-B
01-S
1 -
HR
-G04
-S1
DA
-E01
-S1
DA
-H02
-S1
DF-
F01-
S1
DF-
G01
-S1
- -
1. S
AFE
TY
A
SSE
SSM
EN
T
1.3
Ana
lysi
s of t
he d
egre
e of
de
fenc
e ag
ains
t ass
umed
te
rror
ist a
ttack
scen
ario
s
IE-A
06-S
1 IE
-B01
-S1
AS-
C04
-S1
AS-
C15
-S1
- -
- -
- -
-
2.1
App
licat
ion
of P
SA to
su
ppor
t dec
isio
ns m
ade
durin
g th
e N
PP d
esig
n
(pla
nt u
nder
des
ign)
IE-A
06-S
1 IE
-C02
-S1
IE-C
02-S
2
AS-
B03
-S1
AS-
C02
-S1
AS-
C03
-S1
AS-
C12
-S1
AS-
C14
-S1
AS-
C15
-S1
- SY
-C07
-S1
SY-C
14-S
1 SY
-C15
-S1
SY-B
13-S
1 SY
-B15
-S1
HR
-E01
-S2
DA
-F01
-S1
DA
-C02
-S1
D
F-F0
1-S1
-
- 2.
DE
SIG
N
EV
AL
UA
TIO
N
2.2
Ass
essm
ent o
f the
safe
ty
impo
rtanc
e of
dev
iatio
ns
betw
een
an e
xist
ing
plan
t de
sign
and
upd
ated
/revi
sed
dete
rmin
istic
des
ign
rule
s
- -
SC-B
01-S
1 SY
-C07
-S1
SY-C
14-S
1 SY
-C15
-S1
SY-B
13-S
1 SY
-B15
-S1
- D
A-F
01-S
1 D
F-F0
1-S1
D
F-G
01-S
1 M
Q-B
03-S
1 M
Q-B
03-S
2 M
Q-D
01-S
1
-
3.1
NPP
mai
nten
ance
3.1.
1 M
aint
enan
ce p
rogr
am
optim
izat
ion
IE
-A06
-S1
IE-B
01-S
1 -
- SY
-B08
-S1
SY-B
08-S
2 SY
-B13
-S1
SY-B
15-S
1
HR
-D06
-S1
DA
-B01
-S1
DA
-D05
-S1
DF-
F01-
S1
DF-
G01
-S1
MQ
-C02
-S1
-
3.1.
2 R
isk-
info
rmed
hou
se
keep
ing
- -
- -
-
- -
-
3. N
PP O
PER
AT
ION
3.1.
3 R
isk-
info
rmed
supp
ort f
or
plan
t age
ing
man
agem
ent
prog
ram
IE-F
04-S
1 IE
-H02
-S1
- -
SY-B
13-S
1 SY
-B15
-S1
- D
A-E
01-S
1 D
F-F0
1-S1
D
F-G
01-S
1 -
-
8 The
gen
eral
attr
ibut
es d
escr
ibed
in S
ectio
ns 4
-12
of th
e pu
blic
atio
n ar
e co
nsid
ered
app
licab
le to
all
PSA
app
licat
ions
and
are
not
refe
rred
in th
e ta
ble.
Onl
y th
e sp
ecia
l attr
ibut
es to
be
met
in a
dditi
on to
th
e ge
nera
l at
tribu
tes
are
depi
cted
. Th
e id
entif
iers
of
the
attri
bute
s th
at a
re c
onsi
dere
d es
sent
ial
for
the
appl
icat
ions
(i.e
. es
sent
ial
spec
ial
attri
bute
s in
trodu
ced
in S
ectio
n 13
), ar
e pr
ovid
ed i
n bo
ld
unde
rlin
ed f
ont.
Thos
e at
tribu
tes,
whi
ch c
ould
be
help
ful f
or th
e ap
plic
atio
ns, b
ut a
re n
ot d
eem
ed v
ery
impo
rtant
in a
ccor
danc
e w
ith th
e cu
rren
t sta
te o
f th
e ar
t (i.
e. s
uppl
emen
tal s
peci
al a
ttrib
utes
in
trodu
ced
in S
ectio
n 13
), ar
e pr
ovid
ed in
regu
lar f
ont.
129
PSA
Ele
men
ts
PSA
App
licat
ion
Cat
egor
y PS
A A
pplic
atio
n G
roup
/ PS
A A
pplic
atio
n IE
A
S SC
SY
H
R
DA
D
F M
Q
RI
3.2
Acc
iden
t miti
gatio
n an
d em
erge
ncy
plan
ning
3.2.
1 D
evel
opm
ent a
nd
impr
ovem
ent o
f the
em
erge
ncy
oper
atin
g pr
oced
ures
- A
S-B
03-S
1 A
S-C
02-S
1 A
S-C
03-S
1 A
S-C
14-S
1 A
S-C
04-S
1 A
S-C
05-S
1 A
S-C
06-S
1
- -
HR
-G02
-S1
HR
-G04
-S1
HR
-E01
-S1
- D
F-F0
1-S1
D
F-G
01-S
1 -
-
3.2.
2 S
uppo
rt fo
r NPP
acc
iden
t m
anag
emen
t (se
vere
ac
cide
nt p
reve
ntio
n,
seve
re a
ccid
ent
miti
gatio
n)
IE-A
06-S
1 IE
-B01
-S1
- -
- H
R-G
02-S
1 -
DF-
F01-
S1
DF-
G01
-S1
- -
3.2.
3 S
uppo
rt fo
r NPP
em
erge
ncy
plan
ning
IE
-A06
-S1
IE-B
01-S
1 -
- -
- -
- -
-
3.
3 P
erso
nnel
trai
ning
3.
3.1
Impr
ovem
ent o
f ope
rato
r tra
inin
g pr
ogra
m
IE-A
06-S
1 IE
-F04
-S1
AS-
B03
-S1
AS-
C02
-S1
AS-
C03
-S1
AS-
C14
-S1
AS-
C04
-S1
AS-
C05
-S1
AS-
C06
-S1
AS-
C15
-S1
- SY
-B08
-S1
SY-B
08-S
2 SY
-B13
-S1
SY-B
15-S
1
HR
-G04
-S1
HR
-E01
-S2
DA
-D05
-S1
- M
Q-C
02-S
1 -
3.
3.2
Impr
ovem
ent o
f m
aint
enan
ce p
erso
nnel
tra
inin
g pr
ogra
m
IE-A
06-S
1 IE
-F04
-S1
AS-
C15
-S1
- SY
-B08
-S1
HR
-D06
-S1
- -
- -
3.
3.3
Impr
ovem
ent o
f pla
nt
man
agem
ent t
rain
ing
prog
ram
IE-A
06-S
1 IE
-F04
-S1
AS-
C02
-S1
AS-
C03
-S1
AS-
C14
-S1
AS-
C04
-S1
AS-
C05
-S1
AS-
C06
-S1
AS-
C15
-S1
- -
HR
-G04
-S1
DA
-D05
-S1
- M
Q-C
02-S
1 -
130
PSA
Ele
men
ts
PSA
App
licat
ion
Cat
egor
y PS
A A
pplic
atio
n G
roup
/ PS
A A
pplic
atio
n IE
A
S SC
SY
H
R
DA
D
F M
Q
RI
3.
4 R
isk-
base
d co
nfig
urat
ion
cont
rol/
Ris
k M
onito
rs
3.
4.1
Con
figur
atio
n pl
anni
ng
(e.g
. sup
port
for p
lant
m
aint
enan
ce a
nd te
st
activ
ities
)
IE-A
06-S
1 IE
-F04
-S1
- -
SY-B
08-S
1 SY
-B08
-S2
SY-B
08-S
3 SY
-B16
-S1
- D
A-B
01-S
1 D
A-D
05-S
1 D
A-F
01-S
1 D
A-F
02-S
1
DF-
F01-
S1
DF-
G01
-S1
MQ
-C02
-S1
-
3.
4.2
Rea
l tim
e co
nfig
urat
ion
asse
ssm
ent a
nd c
ontro
l (r
espo
nse
to e
mer
ging
co
nditi
ons)
- A
S-B
03-S
1 A
S-C
02-S
1 A
S-C
03-S
1 A
S-C
14-S
1 A
S-C
04-S
1 A
S-C
05-S
1 A
S-C
06-S
1 A
S-C
15-S
1
- SY
-B08
-S1
SY-B
08-S
2 SY
-B08
-S3
- D
A-B
01-S
1 D
A-D
05-S
1 D
A-F
01-S
1 D
A-F
02-S
1
DF-
F01-
S1
DF-
G01
-S1
MQ
-C02
-S1
-
3.
4.3
Exe
mpt
ions
to T
S an
d ju
stifi
catio
n fo
r con
tinue
d op
erat
ion
IE-B
01-S
1 -
- SY
-B08
-S1
SY-B
08-S
2 SY
-B08
-S3
- D
A-B
01-S
1 D
A-D
05-S
1 D
A-F
01-S
1 D
A-F
02-S
1
DF-
F01-
S1
DF-
G01
-S1
MQ
-C02
-S1
-
3.
4.4
Dyn
amic
risk
-info
rmed
TS
-
- -
SY-B
08-S
1 SY
-B08
-S2
SY-B
08-S
3
- D
A-B
01-S
1 D
A-D
05-S
1 D
A-F
01-S
1 D
A-F
02-S
1
DF-
F01-
S1
DF-
G01
-S1
MQ
-C02
-S1
-
4.1
Pla
nt c
hang
es
4.1.
1 N
PP u
pgra
des,
back
-fit
ting
activ
ities
and
pla
nt
mod
ifica
tions
IE-F
04-S
1 IE
-H02
-S1
IE-A
06-S
1 IE
-B01
-S1
IE-C
02-S
1 IE
-C02
-S2
IE-H
02-S
1
AS-
B03
-S1
AS-
C02
-S1
AS-
C03
-S1
AS-
C14
-S1
AS-
C04
-S1
AS-
C05
-S1
AS-
C06
-S1
AS-
C15
-S1
SC-B
01-S
1 SY
-B16
-S1
SY-B
13-S
1 SY
-B15
-S1
SY-C
15-S
1
HR
-E01
-S2
HR
-G01
-S1
DA
-C02
-S1
DA
-D05
-S1
DF-
F01-
S1
DF-
G01
-S1
MQ
-B03
-S2
M
Q-D
01-S
1 -
4. P
ER
MA
NE
NT
C
HA
NG
ES
TO
TH
E
OPE
RA
TIN
G
PLA
NT
4.1.
2 L
ifetim
e ex
tens
ion
IE-F
04-S
1 IE
-H02
-S1
IE-B
01-S
1 IE
-F04
-S1
IE-H
02-S
1
- -
- H
R-E
01-S
2 D
A-E
01-S
1 D
F-F0
1-S1
D
F-G
01-S
1 -
-
131
PSA
Ele
men
ts
PSA
App
licat
ion
Cat
egor
y PS
A A
pplic
atio
n G
roup
/ PS
A A
pplic
atio
n IE
A
S SC
SY
H
R
DA
D
F M
Q
RI
4.
2 T
echn
ical
spec
ifica
tion
chan
ges
4.
2.1
Det
erm
inat
ion
and
eval
uatio
n of
cha
nges
to
allo
wed
out
age
time
and
chan
ges t
o re
quire
d TS
ac
tions
IE-A
06-S
1 -
- SY
-B08
-S1
SY-B
08-S
2 SY
-B08
-S3
SY-B
16-S
1 SY
-B13
-S1
SY-B
15-S
1 SY
-C15
-S1
HR
-E01
-S2
DA
-B01
-S1
DA
-D05
-S1
DA
-F01
-S1
DA
-F02
-S1
- M
Q-C
02-S
1 -
4.
2.2
Ris
k-in
form
ed
optim
isat
ion
of T
S IE
-A06
-S1
- -
SY-B
08-S
3 SY
-B16
-S1
SY-B
13-S
1
HR
-E01
-S2
DA
-B01
-S1
DA
-D05
-S1
DA
-F01
-S1
DA
-F02
-S1
- M
Q-C
02-S
1 -
4.
2.3
Det
erm
inat
ion
and
eval
uatio
n of
cha
nges
to
surv
eilla
nce
test
inte
rval
s
IE-A
06-S
1 -
- SY
-B08
-S3
SY-B
16-S
1 SY
-B13
-S1
SY-B
15-S
1 SY
-C15
-S1
HR
-E01
-S2
DA
-B01
-S1
DA
-D05
-S1
DA
-F01
-S1
DA
-F02
-S1
- M
Q-C
02-S
1 -
4.
2.4
Ris
k-in
form
ed in
-ser
vice
te
stin
g (I
ST)
IE-A
06-S
1 IE
-C02
-S1
IE-C
02-S
2
- -
SY-B
16-S
1 SY
-B08
-S1
SY-B
08-S
2 SY
-B15
-S1
SY-C
15-S
1
HR
-E01
-S2
DA
-B01
-S1
DA
-D05
-S1
DA
-F01
-S1
DA
-F02
-S1
- M
Q-C
02-S
1 -
4.
2.5
Ris
k-in
form
ed in
-ser
vice
in
spec
tions
(ISI
) IE
-C02
-S1
IE-C
02-S
2 -
- SY
-C01
-S1
SY-B
13-S
1 SY
-B15
-S1
SY-C
15-S
1 SY
-B06
-S1
HR
-E01
-S2
DA
-B01
-S1
DA
-D05
-S1
DA
-F01
-S1
DA
-F02
-S1
- M
Q-C
02-S
1 -
132
PSA
Ele
men
ts
PSA
App
licat
ion
Cat
egor
y PS
A A
pplic
atio
n G
roup
/ PS
A A
pplic
atio
n IE
A
S SC
SY
H
R
DA
D
F M
Q
RI
4.
3 E
stab
lishm
ent o
f gra
ded
QA
pro
gram
for
SSC
4.
3.1
Equi
pmen
t ris
k si
gnifi
canc
e ev
alua
tion
IE
-F04
-S1
IE-H
02-S
1 -
- SY
-B08
-S3
SY-B
13-S
1 SY
-B15
-S1
SY-C
15-S
1 SY
-B16
-S1
HR
-E01
-S2
- -
- -
4.
3.2
Eva
luat
ion
of ri
sk im
pact
of
cha
nges
to Q
A
requ
irem
ents
IE-F
04-S
1 IE
-H02
-S1
- -
SY-B
08-S
3 SY
-B13
-S1
SY-B
15-S
1 SY
-C15
-S1
SY-B
16-S
1
HR
-E01
-S2
- -
- -
5.1
Per
form
ance
mon
itori
ng
5.1.
1 P
lann
ing
and
prio
ritiz
atio
n of
insp
ectio
n ac
tiviti
es
(reg
ulat
ory
and
indu
stry
)
IE-F
04-S
1 IE
-H02
-S1
- -
- -
- D
F-F0
1-S1
D
F-G
01-S
1 M
Q-B
03-S
1 M
Q-B
03-S
2 M
Q-C
02-S
1 M
Q-D
01-S
1
-
5.1.
2 L
ong
term
risk
-bas
ed
perfo
rman
ce in
dica
tors
IE
-F04
-S1
IE-H
02-S
1 -
- -
- D
A-B
01-S
1 D
A-F
01-S
1 D
A-F
02-S
1 D
A-H
02-S
1 D
A-E
01-S
1
DF-
F01-
S1
DF-
G01
-S1
MQ
-B03
-S1
M
Q-B
03-S
2
MQ
-C02
-S1
M
Q-D
01-S
1
-
5. O
VE
RSI
GH
T
AC
TIV
ITIE
S
5.1.
3 S
hort
term
risk
-bas
ed
perfo
rman
ce in
dica
tors
IE
-F04
-S1
IE-H
02-S
1 -
- -
- D
A-B
01-S
1 D
A-F
01-S
1 D
A-F
02-S
1 D
A-H
02-S
1
DF-
F01-
S1
DF-
G01
-S1
MQ
-B03
-S1
MQ
-B03
-S2
MQ
-C02
-S1
MQ
-D01
-S1
-
5.
2 P
erfo
rman
ce a
sses
smen
t
5.
2.1
Ass
essm
ent o
f ins
pect
ion
findi
ngs
IE-A
06-S
1 IE
-B01
-S1
IE-C
02-S
1
All
SAs f
or
AS
SC-B
01-S
1 SY
-B13
-S1
SY-B
15-S
1 SY
-C15
-S1
- D
A-B
01-S
1 D
A-F
01-S
1 D
A-F
02-S
1 D
A-H
02-S
1
DF-
F01-
S1
DF-
G01
-S1
MQ
-B03
-S1
M
Q-B
03-S
2
MQ
-D01
-S1
-
5.
2.2
Eva
luat
ion
and
ratin
g of
op
erat
iona
l eve
nts
IE-A
06-S
1 IE
-B01
-S1
IE-C
02-S
1
All
SAs f
or
AS
SC-B
01-S
1 SY
-B13
-S1
SY-B
15-S
1 SY
-C15
-S1
- D
A-B
01-S
1 D
A-F
01-S
1 D
A-F
02-S
1 D
A-H
02-S
1
DF-
F01-
S1
DF-
G01
-S1
MQ
-B03
-S1
M
Q-B
03-S
2
MQ
-D01
-S1
-
133
PSA
Ele
men
ts
PSA
App
licat
ion
Cat
egor
y PS
A A
pplic
atio
n G
roup
/ PS
A A
pplic
atio
n IE
A
S SC
SY
H
R
DA
D
F M
Q
RI
6.1
Ris
k ev
alua
tion
6.1.
1 R
isk
eval
uatio
n of
co
rrec
tive
mea
sure
s A
ny o
f the
spec
ial a
ttri
bute
s may
be
requ
ired
on
a ca
se-b
y-ca
se b
asis
. T
he P
SA m
odel
shou
ld b
e up
grad
ed in
the
man
ner
that
wou
ld a
llow
an
eval
uatio
n of
the
impa
ct a
ssoc
iate
d w
ith th
e co
nsid
ered
mea
sure
by
the
PSA
mod
el.
-
6. E
VA
LU
AT
ION
O
F SA
FET
Y IS
SUE
S
6.1.
2 R
isk
eval
uatio
n to
iden
tify
and
rank
safe
ty is
sues
A
ny o
f the
spec
ial a
ttri
bute
s may
be
requ
ired
on
a ca
se-b
y-ca
se b
asis
. T
he P
SA m
odel
shou
ld b
e up
grad
ed in
the
man
ner
that
wou
ld a
llow
an
eval
uatio
n of
the
impa
ct a
ssoc
iate
d w
ith th
e co
nsid
ered
issu
e by
the
PSA
mod
el.
-
6.
2 R
egul
ator
y de
cisi
ons
6.
2.1
Lon
g te
rm re
gula
tory
de
cisi
ons
Any
of t
he sp
ecia
l att
ribu
tes m
ay b
e re
quir
ed o
n a
case
-by-
case
bas
is.
The
PSA
mod
el sh
ould
be
upgr
aded
in th
e m
anne
r th
at w
ould
allo
w a
n ev
alua
tion
of th
e im
pact
ass
ocia
ted
with
the
cons
ider
ed m
easu
re b
y th
e PS
A m
odel
. -
6.
2.2
Inte
rim re
gula
tory
de
cisi
ons
Any
of t
he sp
ecia
l att
ribu
tes m
ay b
e re
quir
ed o
n a
case
-by-
case
bas
is.
The
PSA
mod
el sh
ould
be
upgr
aded
in th
e m
anne
r th
at w
ould
allo
w a
n ev
alua
tion
of th
e im
pact
ass
ocia
ted
with
the
cons
ider
ed is
sue
by th
e PS
A m
odel
. -
134
14. CONCLUSIONS
The matter of PSA quality is very important from the viewpoint of risk-informed decision making on various aspects of NPP operation and licensing. This publication provides an approach for achieving the technical consistency of PSA in order to support reliably various PSA applications. The approach involves the consideration of a set of technical features, called attributes, of the major PSA elements relevant for various applications.
A comprehensive list of PSA applications has been compiled. The applications were
grouped into the six categories. Some of the categories include several groups. For each PSA application, a brief description of the purpose of the application and the way the PSA can be used to support it were provided along with the information on what PSA results and metrics can be used in the decision making process.
This publication covers a Level-1 internal events at-power PSA. Nine PSA elements
characterizing the major PSA tasks were defined. For each PSA element, a set of general attributes needed for all PSA applications and special attributes needed for specific PSA applications were elaborated. In relation to each PSA application, the special attributes were further distinguished as essential and supplemental. An essential special attribute emphasises a feature of the PSA element that is considered important to generate the results needed to reliably support the PSA application. A supplemental special attribute may not be strongly required for a specific application, but could further enhance the usefulness of the PSA by providing a greater level of detail, or improving confidence in the results. The publication provides a mapping of the special attributes to the considered PSA applications with a brief explanation on why a special attribute is needed in each particular case.
This publication can be used by PSA practitioners for appropriate planning of PSA
projects taking into account possible uses of the PSA in the future. The publication can be also used by reviewers as an aid in assessing the quality of PSAs and judging the adequacy of a PSA for specific applications. Particularly, the publication can be used by regulatory authorities to support regulatory reviews of licensees’ PSA and PSA application cases along with other IAEA publications, e.g. Refs [19], [20].
135
Appendix I
RISK METRIC DEFINITIONS
Importance measures - Risk achievement worth (RAW)
This is the ratio or interval of the figure of merit, evaluated with the SSC’s basic event probability set to one, to the base case figure of merit. This importance measure reflects the increase in a selected figure of merit when an SSC is assumed to be unable to perform its function due to testing, maintenance, or failure.
- Fussell-vesely (FV)
For a specific basic event, the FV importance is the fractional contribution to the total of a selected figure of merit for all accident sequences containing the basic event to be evaluated.
Core damage frequency, annual average (CDFAVE) This is the frequency of core damage that is averaged over the time-dependent variations that may be exhibited during the course of a year due to plant configuration changes, removing equipment from service to perform tests or maintenance, and the occurrence of plant initiating events which may in fact vary over the course of a reactor lifetime. Periodic updates of this risk metric over the course of the plant lifetime provide a slow version of a time dependent Risk Monitor that reflects broad trends in plant and SSC performance that are reflected in the plant data as well as any permanent changes that are made in the design, maintenance and operation. Change in core damage frequency, annual average (ΔCDFAVE) This is the change in the annual average CDF due some change that is being evaluated that may impact this risk metric. The change may be due to an observed degradation, design change, procedure change, change in test, maintenance or inspection practice, change in performance of an SSC, or changes to any input or assumption associated with the PSA model. Core damage frequency, time-dependent (CDF{t}) This is the frequency of core damage as a function of time. It is often referred to as the ‘instantaneous core damage frequency.’ Only some of the parameters that the CDF is dependent on can be monitored in a time-dependent fashion, such as the time periods when equipment is removed from service. Core damage probability (CDP) This is the total probability of a core damage event over a specified time interval.
137
Conditional core samage probability (CCDP) This is the conditional core damage probability given the occurrence of an initiating event. It is calculated by selecting the appropriate PSA initiating event, setting the initiating event frequency to 1, and solving the PSA model for core damage for the condition that the initiating event has occurred. Incremental conditional core damage probability (ICCDP) This is the increase in the CDP, over that expected from the Base CDF during a configuration change (denoted by the index j) within the time Tj with an increased CDFj relative to CDFBASE. It is referred to as a conditional probability because it is conditioned on being in a specific plant configuration. Large early release frequency, annual average (LERFAVE) This is the frequency of a large early release that is averaged over the time-dependent variations that may be exhibited during the course of a year, which may in fact vary over the course of a reactor lifetime. Change in large early release frequency, annual average (ΔLERFAVE) This is the change in the annual average LERF due some change that is being evaluated that may impact this risk metric. The change may be due to an observed degradation, design change, procedure change, change in test, maintenance or inspection practice, change in performance of an SSC, or changes to any input or assumption associated with the PSA model. Large early release frequency, time-dependent (LERF{t}) This is the frequency of a large early release as a function of time. It is often referred to as the ‘instantaneous large early release frequency.’ Only some of the parameters that the LERF is dependent on can be monitored in a time-dependent fashion, such as the time periods when equipment is removed from service. Large early release probability (LERP) This is the total probability of a large early release over a specified time interval. Conditional large early release probability (CLERP) This is the conditional large early release probability given the occurrence of an initiating event. It is calculated by selecting the appropriate PSA initiating event, setting the initiating event frequency to 1, and solving the PSA model for large early release under the condition that the initiating event has occurred. Incremental conditional large early release probability (ICLERP) This is the increase in the LERP, over that expected from the Base LERF during a configuration change (denoted by the index j) within the time Tj with an increased LERFj
138
relative to LERFBASE. It is referred to as a conditional probability because it is conditioned on being in a specific plant configuration. Quantitative health objectives (QHO) QHOs are derived from qualitative safety goals and provide a numerical measure of acceptable levels of risk of acute and latent health effects due to accidents. These are normally expressed in terms of a small fraction, e.g. .01% of the expected annual risks of death to individuals in designated areas around the plant due to other causes. Accidental risks of death due to radiation sickness are normally compared against non-nuclear accident risks to an average individual within short distances of the plant (e.g. 1 mile), whereas risks due to latent health effects from a reactor accident are normally measured against the risk of latent cancer fatalities due to non-nuclear causes to the population over larger distances from the plant (e.g. 10 miles). Individual risks from NPP accidents are computed by summing the products of the accident frequencies and total estimate of consequences in the appropriate population segment and then normalizing this population risk metric by the population in that segment.
139
Appendix II
PSA APPLICATIONS
143
T
able
A-I
I D
escr
iptio
n of
PSA
App
licat
ions
Brie
f des
crip
tion
of P
SA a
pplic
atio
n PS
A re
sults
and
m
etric
s for
use
in
deci
sion
mak
ing9
Com
men
ts o
n ho
w P
SA m
odel
s can
be
used
to su
ppor
t app
licat
ion
and
exam
ples
1. S
AFE
TY
ASS
ESS
ME
NT
1.1
Ass
essm
ent o
f the
ove
rall
plan
t saf
ety
The
asse
ssm
ent o
f the
ove
rall
plan
t saf
ety
repr
esen
ts th
e m
ain
purp
ose
of P
SA p
erfo
rman
ce a
nd in
clud
es
iden
tific
atio
n an
d ra
nkin
g of
impo
rtant
des
ign
and
oper
atio
nal f
eatu
res,
of d
omin
ant a
ccid
ent s
eque
nces
, sy
stem
s, co
mpo
nent
s, hu
man
inte
ract
ions
and
de
pend
enci
es im
porta
nt fo
r saf
ety.
A c
ompa
rison
of t
he
resu
lts a
gain
st sa
fety
goa
ls o
r qua
ntita
tive
heal
th o
bjec
tives
m
ay b
e in
volv
ed.
CD
F AV
E, LE
RF A
VE,
QH
Os,
risk
impo
rtanc
e m
easu
res o
f all
SSC
s and
HEs
, pr
imar
y co
ntrib
utor
s to
risk
A c
ompl
ete
safe
ty e
valu
atio
n w
ould
in p
rinci
ple
requ
ire a
full
scop
e PS
A (L
evel
-1 th
roug
h 3)
co
verin
g al
l ope
ratin
g an
d sh
utdo
wn
mod
es a
nd b
oth
inte
rnal
and
ext
erna
l pla
nt h
azar
ds.
A
parti
al b
ut m
eani
ngfu
l eva
luat
ion
can
be p
erfo
rmed
usi
ng a
lim
ited
scop
e PS
A w
ith q
ualit
ativ
e ev
alua
tion
of th
e m
issi
ng sc
ope
supp
orte
d by
bou
ndin
g as
sess
men
ts. R
isk
cont
ribut
ors a
nd
impo
rtanc
e in
form
atio
n ar
e us
ed to
dev
elop
risk
insi
ghts
.
1.2
Per
iodi
c sa
fety
rev
iew
Si
mila
r to
Item
1.1
, PSA
pro
vide
s use
ful i
nsig
hts t
o su
ppor
t a p
erio
dic
safe
ty re
view
. A sa
fety
ass
essm
ent
proc
ess c
onsi
sts i
n id
entif
ying
safe
ty is
sues
, det
erm
inin
g th
eir s
afet
y si
gnifi
canc
e an
d m
akin
g de
cisi
ons o
n th
e ne
ed
for c
orre
ctiv
e m
easu
res.
A m
ajor
ben
efit
of in
clud
ing
PSA
in
per
iodi
c re
view
s is t
he c
reat
ion
of a
n up
-to-d
ate
over
view
of t
he w
hole
pla
nt. P
SA m
ay h
elp
in
iden
tific
atio
n of
real
cos
t-eff
ectiv
e im
prov
emen
ts to
safe
ty.
The
appl
icat
ion
may
invo
lve
mod
ellin
g of
agi
ng e
ffec
ts in
PS
A. T
ypic
ally
ther
e ar
e tw
o ty
pes o
f SSC
s: (1
) SSC
s w
hich
are
per
iodi
cally
rene
wed
or r
epla
ced
(can
be
mod
elle
d ‘a
s new
’), a
nd (2
) SSC
s whi
ch a
re su
bjec
t to
an
agin
g pr
oces
s. C
urre
ntly
, mod
ellin
g of
SSC
agi
ng in
term
s of
PSA
is in
an
expl
orat
ory
stag
e. T
hus,
PSA
trea
tmen
t of
agin
g ef
fect
s is n
ot st
anda
rdly
car
ried
out a
nd is
con
side
red
beyo
nd th
e cu
rren
t sta
te o
f the
art.
In so
me
coun
ties,
PSA
is
requ
ired
for l
ifetim
e ex
tens
ion
and
to su
ppor
t a c
ost
bene
fit e
valu
atio
n of
pos
sibl
e ba
ckfit
s to
redu
ce th
e ris
k of
se
vere
acc
iden
ts.
Agi
ng e
ffec
ts, h
owev
er, a
re ty
pica
lly
addr
esse
d qu
alita
tivel
y.
ΔC
DF A
VE,
ΔLE
RF A
VE,
CD
F AV
E, LE
RF A
VE,
QH
Os,
risk
impo
rtanc
e m
easu
res o
f all
SSC
s and
HEs
, pr
imar
y co
ntrib
utor
s to
risk
In a
dditi
on to
the
disc
ussi
on a
bove
in It
em 1
.1, t
he im
porta
nt is
sues
in th
is a
pplic
atio
n ar
e th
e us
e of
pla
nt-s
peci
fic d
ata,
mod
ellin
g of
as-
built
-as-
oper
ated
pla
nt c
ondi
tions
, and
add
ress
ing
the
poss
ible
impa
ct o
f agi
ng p
heno
men
a an
d co
mpo
nent
life
time
cons
ider
atio
ns o
n th
e ov
eral
l ris
k m
etric
s. Se
nsiti
vity
cal
cula
tions
may
be
requ
ired
to a
sses
s the
pot
entia
l effe
ct o
f age
ing
on
pass
ive
com
pone
nts,
whi
ch a
re n
ot n
orm
ally
mai
ntai
ned
or re
plac
ed.
For t
he c
ost b
enef
it ev
alua
tion
of se
vere
acc
iden
t man
agem
ent a
ltern
ativ
es th
e PS
A n
eeds
to b
e up
date
d to
refle
ct d
esig
n an
d pr
oced
ure
chan
ges a
ssoc
iate
d w
ith e
ach
alte
rnat
ive
(Lev
el-2
and
-3
PSA
. The
cha
nges
in ri
sk m
etric
s are
use
d to
eva
luat
e th
e le
vel o
f ris
k re
duct
ion
asso
ciat
ed w
ith
each
alte
rnat
ive
(see
als
o Ite
m 3
.2.2
).
For e
xam
ple,
whi
le li
cens
ing
an N
PP fo
r con
tinua
tion
of it
s ope
ratio
n be
yond
the
desi
gn li
fetim
e,
a fu
ll sc
ope
PSA
is p
erfo
rmed
to e
nsur
e th
at it
mee
ts th
e co
untry
’s Q
HO
s or s
afet
y go
als.
In
addi
tion,
the
prob
lem
s ass
ocia
ted
with
agi
ng m
ay b
e in
vest
igat
ed a
nd a
ccou
nted
for.
In so
me
coun
tries
, it i
s req
uire
d to
com
pare
the
stat
e an
d de
sign
of a
n op
erat
ing
plan
t aga
inst
ac
tual
det
erm
inis
tic re
gula
tions
. The
safe
ty im
porta
nce
of d
evia
tions
can
be
judg
ed b
y th
e he
lp o
f a
plan
t spe
cific
PSA
. The
nee
d of
bac
kfit
mea
sure
s is d
eriv
ed fr
om th
e ou
tcom
e of
this
as
sess
men
t. Se
e al
so It
em 2
.2.
9 Def
initi
ons o
f ris
k m
etric
s are
pro
vide
d in
App
endi
x I.
144
Brie
f des
crip
tion
of P
SA a
pplic
atio
n PS
A re
sults
and
m
etric
s for
use
in
deci
sion
mak
ing9
Com
men
ts o
n ho
w P
SA m
odel
s can
be
used
to su
ppor
t app
licat
ion
and
exam
ples
1.3
Ana
lysi
s of t
he d
egre
e of
def
ence
aga
inst
ass
umed
te
rror
ist a
ttac
k sc
enar
ios
Ass
essm
ent m
ay in
clud
e id
entif
icat
ion
of v
ital p
lant
are
as,
whi
ch m
ay p
ose
sign
ifica
nt ri
sk to
the
plan
t in
case
of
mal
evol
ent a
cts,
and
of e
xplo
rato
ry d
esig
n op
tions
aim
ed
to re
duce
the
risk.
CC
DP,
CLE
RP,
risk
im
porta
nce
mea
sure
s of p
lant
of
all S
SCs,
HEs
, and
pl
ant a
reas
Vita
l are
as id
entif
icat
ion
wou
ld in
prin
cipl
e re
quire
a fu
ll sc
ope
Leve
l 1 th
roug
h 3
PSA
cov
erin
g al
l ope
ratin
g an
d sh
utdo
wn
mod
es a
nd b
oth
inte
rnal
and
ext
erna
l pla
nt h
azar
ds. H
owev
er,
mea
ning
ful r
esul
ts fo
r vita
l are
a id
entif
icat
ion
can
be o
btai
ned
from
Lev
el-1
inte
rnal
and
ext
erna
l ha
zard
s PSA
. A
fter S
epte
mbe
r 11,
200
1, th
is a
pplic
atio
n w
as in
trodu
ced
to a
naly
se th
e qu
antit
ativ
e de
gree
of
defe
nce
of N
PPs a
gain
st a
ttack
scen
ario
s sim
ilar t
o th
e ob
serv
ed. O
ther
type
s of t
erro
rist a
ttack
sc
enar
ios,
i.e. e
xter
nal e
xplo
sion
s can
be
cons
ider
ed w
ithin
the
scop
e of
this
app
licat
ion.
This
app
licat
ion
requ
ires t
he d
evel
opm
ent o
f spe
cial
ana
lysi
s m
odel
s der
ived
from
the
base
line
mod
el b
y ad
ding
eve
nt tr
ees o
r add
ition
al fa
ult t
rees
to th
e ex
istin
g m
odel
incl
udin
g th
e re
quire
d da
ta. I
t req
uire
s a re
asse
ssm
ent o
f the
HR
A fo
r pos
t-acc
iden
t hum
an a
ctio
ns, a
ccid
ent
man
agem
ent a
ctio
ns a
nd S
AM
G-a
ctio
ns, w
ith sp
ecia
l reg
ard
to h
ardw
are
depe
nden
cies
.
Spec
ial d
eter
min
istic
ana
lysi
s in
supp
ort o
f the
mod
el e
xten
sion
s as a
par
t of t
he e
vent
s seq
uenc
e an
alys
is is
requ
ired,
i.e.
for t
he st
ruct
ural
dyn
amic
s of b
uild
ings
, im
pact
of f
ires a
nd e
xplo
sion
s, et
c. E
vent
sequ
ence
ana
lysi
s may
requ
ire a
dditi
onal
exp
erim
enta
l ana
lysi
s.
2. D
ESI
GN
EV
AL
UA
TIO
N
2.1
App
licat
ion
of P
SA to
supp
ort d
ecis
ions
mad
e du
ring
the
NPP
des
ign
(pla
nt u
nder
des
ign)
The
appl
icat
ion
focu
ses o
n id
entif
icat
ion
of d
esig
n w
eakn
esse
s and
effe
ctiv
e ar
eas f
or im
prov
emen
t in
view
of
plan
t ris
k. A
sses
smen
t may
incl
ude
inve
stig
atio
n of
va
riant
s and
exp
lora
tory
des
ign
optio
ns, s
uffic
ienc
y in
sy
stem
s’ re
dund
ancy
and
div
ersi
ty, e
ffect
iven
ess i
n em
erge
ncy
and
acci
dent
man
agem
ent m
easu
res,
as w
ell a
s de
velo
pmen
t of r
elia
bilit
y an
d av
aila
bilit
y ta
rget
s for
SSC
s to
mee
t saf
ety
goal
s, if
set.
CD
F AV
E, LE
RF A
VE,
CD
P, L
ERP,
QH
Os,
ΔC
DF A
VE,
ΔLE
RF A
VE,
Ris
k im
porta
nce
mea
sure
s of a
ffec
ted
SSC
s and
HEs
(e.g
. F-
V, R
AW
), PS
A
insi
ghts
Use
of P
SA m
odel
is si
mila
r to
Item
1.1
exc
ept f
or th
at a
dditi
onal
ass
umpt
ions
are
nee
ded
in li
eu
of la
ck o
f des
ign
and
oper
atio
nal d
etai
ls; u
ncer
tain
ties i
n ris
k es
timat
es a
re c
orre
spon
ding
ly la
rger
th
an fo
r as-
built
pla
nt.
PSA
resu
lts c
an b
e us
ed to
allo
cate
relia
bilit
y ta
rget
s for
SSC
s the
reby
fo
rmin
g pa
rt of
the
desi
gn sp
ecifi
catio
n. F
or d
esig
n ch
ange
eva
luat
ions
, the
leve
l of d
etai
l of t
he
PSA
mod
el in
the
area
s aff
ecte
d by
the
desi
gn c
hang
es m
ay b
e gr
eate
r tha
n th
at fo
r the
rest
of t
he
plan
t.
Parti
cula
r effo
rt sh
ould
be
mad
e to
iden
tify
uniq
ue in
itiat
ing
even
ts, f
ailu
re m
odes
, eve
nt
sequ
ence
s and
dep
ende
ncie
s tha
t may
be
intro
duce
d by
new
des
ign
feat
ures
. Det
aile
d de
pend
ency
m
atric
es sh
ould
be
deve
lope
d to
iden
tify
and
docu
men
t all
phys
ical
and
func
tiona
l dep
ende
ncie
s am
ong
supp
ort s
yste
ms a
nd fr
ont-l
ine
syst
ems.
All
norm
ally
ope
ratin
g sy
stem
s sho
uld
be
exam
ined
to id
entif
y po
ssib
le in
itiat
ing
even
ts th
at m
ay b
e ca
used
by
loss
of t
he e
ntire
syst
em, o
f a
sing
le sy
stem
trai
n, o
r of c
ombi
natio
ns o
f tra
ins.
Even
t seq
uenc
e di
agra
ms m
ay b
e us
ed to
de
velo
p th
e ac
cide
nt se
quen
ces a
nd id
entif
y ch
alle
nges
to re
lief a
nd sa
fety
syst
ems i
n th
e pe
riod
imm
edia
tely
follo
win
g th
e in
itiat
ing
faul
t.
For e
xam
ple,
the
PSA
can
be
used
as a
supp
ortin
g to
ol to
sele
ct o
r mod
ify th
e de
sign
bas
is
acci
dent
s, to
dec
ide
the
clas
sific
atio
n of
safe
ty re
late
d SS
Cs,
to d
efin
e ge
nera
l des
ign
crite
ria, a
nd
to d
evel
op S
SC re
liabi
lity
and
avai
labi
lity
targ
ets.
145
Brie
f des
crip
tion
of P
SA a
pplic
atio
n PS
A re
sults
and
m
etric
s for
use
in
deci
sion
mak
ing9
Com
men
ts o
n ho
w P
SA m
odel
s can
be
used
to su
ppor
t app
licat
ion
and
exam
ples
2.2
Ass
essm
ent o
f the
safe
ty im
port
ance
of d
evia
tions
be
twee
n an
exi
stin
g pl
ant d
esig
n an
d up
date
d/re
vise
d de
term
inis
tic d
esig
n ru
les
Ass
essm
ent m
ay in
clud
e in
vest
igat
ion
of ri
sk-s
igni
fican
ce
of d
evia
tions
from
revi
sed
desi
gn ru
les;
ofte
n pe
rfor
med
in
the
fram
ewor
k of
a p
erio
dic
safe
ty re
view
.
CD
F AV
E, LE
RF A
VE,
QH
Os, Δ
CD
F AV
E, Δ
LER
F AV
E, R
isk
impo
rtanc
e m
easu
res o
f aff
ecte
d SS
Cs a
nd H
Es (e
.g.
F-V
, RA
W)
The
key
issu
e in
this
app
licat
ion
is th
e po
ssib
le im
pact
of c
hang
es in
the
desi
gn ru
les o
n ris
k as
soci
ated
with
pla
nt o
pera
tion.
Spe
cial
mod
el a
djus
tmen
ts, m
odel
ext
ensi
ons a
nd re
visi
ting
key
assu
mpt
ions
may
be
requ
ired
to m
odel
the
devi
atio
n of
the
plan
t des
ign
from
revi
sed
dete
rmin
istic
ru
les o
f con
cern
. Id
entif
icat
ion
of p
rimar
y co
ntrib
utor
s to
risk
and
com
paris
on w
ith sa
fety
targ
et
valu
es (C
DF,
LER
F) m
ay b
e ne
eded
. Fo
r exa
mpl
e, fo
r the
ope
ratin
g pl
ants
con
stru
cted
in a
ccor
danc
e w
ith th
e ol
d de
sign
rule
s, PS
A
resu
lts, a
nd ri
sk m
etric
s can
be
used
to ju
stify
low
risk
sign
ifica
nce
of c
erta
in d
evia
tions
from
re
vise
d ru
les.
3. N
PP O
PER
AT
ION
3.1
NPP
mai
nten
ance
3.1.
1 M
aint
enan
ce p
rogr
am o
ptim
izat
ion
The
appl
icat
ion
incl
udes
ass
essm
ent,
optim
izat
ion
and
esta
blis
hmen
t of m
aint
enan
ce p
lans
and
pro
cedu
res i
n vi
ew
of p
lant
risk
. Mai
nten
ance
act
iviti
es a
re a
sses
sed
to a
ssur
e th
at ri
sk si
gnifi
cant
sys
tem
s and
equ
ipm
ent a
re b
eing
ad
equa
tely
mai
ntai
ned
to su
ppor
t req
uire
d re
liabi
lity,
and
th
at m
aint
enan
ce a
ctiv
ities
do
not r
educ
e pl
ant s
afet
y an
d in
crea
se ri
sk b
y, fo
r exa
mpl
e, e
xten
sive
mai
nten
ance
re
sulti
ng in
incr
ease
d eq
uipm
ent u
nava
ilabi
lity.
Foc
us is
on
equ
ipm
ent w
ith g
reat
est i
mpa
cts o
n pl
ant r
isk.
O
ppor
tuni
ties f
or re
duce
d or
elim
inat
ed m
aint
enan
ce ta
sks
are
defin
ed a
nd e
valu
ated
for S
SCs t
hat h
ave
low
risk
si
gnifi
canc
e an
d fo
r mai
nten
ance
that
doe
s not
supp
ort
criti
cal f
unct
ions
of t
he S
SCs.
Ris
k im
porta
nce
mea
sure
s of a
ffec
ted
SSC
s (e.
g. F
-V,
RA
W), Δ
CD
F AV
E, Δ
LER
F AV
E
Ris
k im
porta
nce
mea
sure
s fro
m th
e ba
se P
SA a
re u
sed
to h
elp
prio
ritiz
e ca
ndid
ate
mai
nten
ance
ch
ange
s: c
hang
es in
CD
F an
d LE
RF
are
used
to ju
stify
acc
epta
ble
risk
impa
cts a
nd to
det
erm
ine
risk
sign
ifica
nce.
Exp
licit
mod
el o
f mai
nten
ance
una
vaila
bilit
ies a
nd c
apab
ility
to p
redi
ct o
r bo
und
the
impa
ct o
f pro
gram
cha
nges
on
failu
re ra
tes a
nd m
aint
enan
ce u
nava
ilabi
litie
s are
nee
ded
to su
ppor
t the
app
licat
ion.
The
leve
l of d
etai
l of t
he P
SA m
odel
in th
e ar
eas a
ffect
ed b
y th
e pr
ogra
m c
hang
es m
ay b
e gr
eate
r tha
n th
at fo
r the
rest
of t
he p
lant
. Fo
r exa
mpl
e, th
e ap
plic
atio
n of
PSA
can
serv
e (a
) to
iden
tify
equi
pmen
t req
uirin
g up
grad
ed
prev
entiv
e m
aint
enan
ce (
as a
n in
crea
se in
its r
elia
bilit
y re
sults
in a
subs
tant
ial g
ain
in sa
fety
), (b
) to
iden
tify
equi
pmen
t req
uirin
g su
stai
ned,
slig
htly
redu
ced
prev
entiv
e m
aint
enan
ce (a
s a d
ecre
ase
in it
s rel
iabi
lity
does
not
affe
ct th
e le
vel o
f saf
ety)
, (c
) to
iden
tify
equi
pmen
t req
uirin
g on
ly
corr
ectiv
e m
aint
enan
ce (a
s its
una
vaila
bilit
y do
es n
ot re
sult
in a
maj
or in
crea
se in
risk
), (d
) to
elim
inat
e m
aint
enan
ce o
n ce
rtain
failu
re m
odes
that
are
not
rele
vant
to th
e ris
k si
gnifi
cant
saf
ety
func
tion,
(e) t
o as
sess
the
impa
ct o
f shi
fting
mai
nten
ance
act
iviti
es fr
om th
e pl
ant o
utag
e to
the
oper
atio
n m
ode
(wou
ld re
quire
a sh
utdo
wn
PSA
).
3.1.
2 R
isk-
info
rmed
hou
se-k
eepi
ng
This
app
licat
ion
is in
tend
ed to
ass
ure
low
risk
co
ntrib
utio
ns fr
om e
xter
nal e
vent
s (e.
g. se
ism
ic) a
nd
inte
rnal
haz
ards
(e.g
. fire
, flo
ods)
by
dire
ctin
g ho
usek
eepi
ng a
ctiv
ities
to ri
sk im
porta
nt a
reas
.
Ris
k im
porta
nce
mea
sure
s of a
ffec
ted
SSC
s (e.
g. F
-V,
RA
W), Δ
CD
F AV
E, Δ
LER
F AV
E
The
resu
lts o
f an
exte
rnal
eve
nt a
nd in
tern
al h
azar
d PS
A a
re u
sed
to a
sses
s the
rela
tive
risk
cont
ribut
ions
of r
oom
s and
are
as a
nd id
entif
y ba
ckfit
ting
mea
sure
s. Fo
r exa
mpl
e, th
e re
sults
of a
n in
tern
al fi
re P
SA m
ay b
e ta
ken
into
acc
ount
for a
djus
ting
trans
ient
co
mbu
stib
le c
ontro
l.
146
Brie
f des
crip
tion
of P
SA a
pplic
atio
n PS
A re
sults
and
m
etric
s for
use
in
deci
sion
mak
ing9
Com
men
ts o
n ho
w P
SA m
odel
s can
be
used
to su
ppor
t app
licat
ion
and
exam
ples
3.1.
3 R
isk-
info
rmed
supp
ort f
or p
lant
age
ing
man
agem
ent p
rogr
am
The
aim
of t
his a
pplic
atio
n is
to o
ptim
ise
the
scop
e of
the
plan
t spe
cific
age
ing
prog
ram
for s
afet
y re
late
d eq
uipm
ent.
It in
clud
es id
entif
icat
ion
of sa
fety
sign
ifica
nt c
ompo
nent
s an
d m
ay in
volv
e m
odel
ling
of a
ging
effe
cts i
n PS
A a
nd
iden
tific
atio
n of
the
risk
sign
ifica
nt S
SCs p
oten
tially
de
grad
ing
due
to a
ging
phe
nom
ena.
Ris
k im
porta
nce
mea
sure
s of a
ll SS
Cs (
e.g.
F-V
, R
AW
), Δ
CD
F AV
E, Δ
LER
F AV
E
The
key
issu
e in
this
app
licat
ion
is th
e po
ssib
le im
pact
of a
ging
phe
nom
ena
and
com
pone
nt
lifet
ime
cons
ider
atio
ns o
n th
e ov
eral
l ris
k m
etric
s. D
epen
ding
on
the
com
pone
nts b
eing
eva
luat
ed
Leve
ls 1
thro
ugh
2 fu
ll-sc
ope
PSA
may
be
need
ed.
3.2
Acc
iden
t miti
gatio
n an
d em
erge
ncy
plan
ning
3.2.
1 D
evel
opm
ent a
nd im
prov
emen
t of t
he e
mer
genc
y op
erat
ing
proc
edur
es
The
syst
emat
ic a
sses
smen
t of p
lant
vul
nera
bilit
ies a
nd th
e in
sigh
ts d
eriv
ed fr
om th
e PS
A p
roce
ss a
re u
sed
to e
stab
lish
or im
prov
e th
e EO
Ps b
y pr
ovid
ing
assu
ranc
e th
at a
bro
ad
scop
e of
vul
nera
bilit
ies i
s add
ress
ed in
a re
alis
tic,
appr
opria
tely
det
aile
d an
d co
nsis
tent
man
ner.
The
inte
gral
vi
ew o
f the
acc
iden
t pro
gres
sion
s pro
vide
s inf
orm
atio
n on
th
e be
nefit
s and
dra
wba
cks o
f var
ious
ope
ratio
ns in
ab
norm
al p
lant
stat
es. T
ypic
ally
, acc
iden
t seq
uenc
e an
alys
is in
PSA
is c
arrie
d ou
t usi
ng e
xist
ing
EOPs
and
as
sess
men
t of a
ssoc
iate
d hu
man
inte
ract
ions
. Thi
s in
turn
pr
ovid
es d
etai
led
info
rmat
ion
for r
econ
side
ring
EOPs
and
ev
entu
al im
prov
emen
ts in
the
light
of P
SA in
sigh
ts. P
SA
can
also
pro
vide
the
basi
s for
spec
ifyin
g th
e de
cisi
on
poin
ts fo
r whe
n th
e tra
nsiti
on in
to th
e SA
MG
pha
se sh
ould
oc
cur.
Ris
k im
porta
nce
mea
sure
s of a
ffec
ted
actio
ns (e
.g. F
-V,
RA
W) a
nd
asso
ciat
ed A
Ss,
ΔC
DF A
VE,
ΔLE
RF A
VE
Impo
rtanc
e m
easu
res f
rom
bas
e PS
A u
sed
to h
elp
prio
ritiz
e ca
ndid
ate
proc
edur
al c
hang
es, c
hang
e in
CD
F an
d LE
RF
used
to ju
stify
acc
epta
ble
risk
impa
cts a
nd to
det
erm
ine
risk
sign
ifica
nce.
The
le
vel o
f det
ail o
f the
PSA
mod
el in
the
area
s aff
ecte
d by
the
proc
edur
e ch
ange
s inc
ludi
ng th
e ac
cide
nt se
quen
ces i
nvok
ing
the
affe
cted
EO
Ps m
ay b
e gr
eate
r tha
n th
at fo
r the
rest
of t
he p
lant
; a
mor
e si
mpl
ified
con
serv
ativ
e tre
atm
ent o
f oth
er p
arts
of t
he m
odel
and
acc
iden
t seq
uenc
es
acce
ptab
le.
The
PSA
mus
t exp
licitl
y re
pres
ent o
pera
tor a
ctio
ns th
at re
fer t
o sp
ecifi
c EO
Ps, a
nd
the
HR
A m
etho
d us
ed in
the
PSA
mus
t be
capa
ble
of p
redi
ctin
g th
e im
pact
of t
he p
roce
dure
ch
ange
s to
supp
ort t
his a
pplic
atio
n.
Exam
ples
incl
ude
deve
lopm
ent a
nd m
odifi
catio
ns o
f eve
nt b
ased
and
sym
ptom
bas
ed p
roce
dure
s, de
velo
ping
pro
cedu
res f
or d
omin
ant a
ccid
ent s
eque
nces
, etc
.
147
Brie
f des
crip
tion
of P
SA a
pplic
atio
n PS
A re
sults
and
m
etric
s for
use
in
deci
sion
mak
ing9
Com
men
ts o
n ho
w P
SA m
odel
s can
be
used
to su
ppor
t app
licat
ion
and
exam
ples
3.2.
2 S
uppo
rt fo
r N
PP a
ccid
ent m
anag
emen
t (se
vere
ac
cide
nt p
reve
ntio
n, se
vere
acc
iden
t miti
gatio
n)
Seve
re a
ccid
ent p
reve
ntio
n: is
bas
ed p
artly
on
PSA
. Ex
istin
g, a
ltern
ativ
e or
add
ition
al sy
stem
s, eq
uipm
ent a
nd
mea
sure
s are
eva
luat
ed a
nd im
plem
ente
d in
the
acci
dent
m
anag
emen
t pro
cedu
res w
ith th
e pu
rpos
e of
rest
orin
g th
e fu
nctio
n of
safe
ty re
late
d sy
stem
s and
for p
reve
ntin
g de
grad
atio
n of
eve
nts i
nto
seve
re a
ccid
ents
.
Seve
re a
ccid
ent m
itiga
tion
incl
udes
PSA
bas
ed
iden
tific
atio
n an
d ca
tego
rizat
ion
of a
ccid
ent s
eque
nces
to
geth
er w
ith d
escr
iptio
ns o
f pla
nt re
spon
ses a
nd
vuln
erab
ilitie
s. PS
A h
elps
to u
nder
stan
d ac
cide
nt
prog
ress
ion,
iden
tific
atio
n of
succ
ess p
aths
and
ass
ocia
ted
stra
tegi
es, p
riorit
isin
g sa
fety
feat
ures
to re
duce
risk
s. Th
e in
tegr
al v
iew
of p
lant
resp
onse
util
ized
in P
SA
met
hodo
logy
is h
elpf
ul in
dis
cern
ing
the
pote
ntia
l for
ne
gativ
e ef
fect
s of c
erta
in m
easu
res.
Ris
k im
porta
nce
mea
sure
s of a
ffec
ted
actio
ns (e
.g. F
-V,
RA
W) a
nd
asso
ciat
ed A
Ss,
ΔC
DF A
VE,
ΔLE
RF A
VE
Impo
rtanc
e m
easu
res f
rom
‘bas
e ca
se P
SA’ a
re u
sed
to h
elp
prio
ritiz
e ca
ndid
ate
acci
dent
m
anag
emen
t pro
cedu
re c
hang
es; c
hang
es in
CD
F an
d LE
RF
are
used
to ju
stify
acc
epta
ble
risk
impa
cts a
nd to
det
erm
ine
risk
sign
ifica
nce.
The
leve
l of d
etai
l of t
he P
SA m
odel
in th
e ar
eas
affe
cted
by
the
chan
ges i
nclu
ding
the
acci
dent
sequ
ence
s inv
okin
g th
e af
fect
ed E
OPs
, AM
Ps, a
nd
affe
cted
SSC
s may
be
grea
ter t
han
that
for t
he re
st o
f the
pla
nt; a
mor
e si
mpl
ified
con
serv
ativ
e tre
atm
ent o
f oth
er p
arts
of t
he m
odel
and
acc
iden
t seq
uenc
es is
acc
epta
ble.
In
the
case
of o
pera
tor
actio
ns to
impl
emen
t acc
iden
t man
agem
ent,
the
PSA
mus
t exp
licitl
y re
pres
ent o
pera
tor a
ctio
ns
that
refe
r to
spec
ific
EOPs
and
AM
Ps, a
nd th
e H
RA
met
hod
used
in th
e PS
A m
ust b
e ca
pabl
e of
pr
edic
ting
the
impa
ct o
f the
pro
cedu
re c
hang
es to
supp
ort t
his a
pplic
atio
n. A
Lev
el 1
PSA
tre
atm
ent o
f ope
rato
r act
ions
can
supp
ort a
ccid
ent m
anag
emen
t pro
cedu
re e
nhan
cem
ent f
or th
ose
actio
ns a
imed
at p
reve
ntin
g se
vere
cor
e da
mag
e, w
hile
a li
mite
d to
full
scop
e Le
vel 2
PSA
is
requ
ired
to a
ddre
ss se
vere
acc
iden
t miti
gatio
n st
rate
gies
. Th
e se
vere
acc
iden
t con
sequ
ence
cod
es
mus
t be
able
to si
mul
ate
the
impl
emen
tatio
n of
the
actio
ns a
nd m
easu
re th
e im
pact
of c
hang
es to
be
eva
luat
ed. I
n th
e ca
se o
f new
har
dwar
e or
des
ign
feat
ures
(e.g
. int
erlo
cks,
new
sign
als,
etc.
) to
impl
emen
t acc
iden
t man
agem
ent r
efer
to It
em 2
.1.
Exam
ples
:
1) S
ever
e ac
cide
nt p
reve
ntio
n: A
typi
cal e
xam
ple
is th
e us
e of
fire
wat
er fo
r coo
ling
safe
ty re
late
d eq
uipm
ent i
f ess
entia
l ser
vice
wat
er is
lost
.
2) S
ever
e ac
cide
nt m
itiga
tion:
A ty
pica
l exa
mpl
e fo
r PW
R re
acto
rs c
onsi
sts i
n re
-fill
ing
of st
eam
ge
nera
tors
with
wat
er d
urin
g a
stea
m g
ener
ator
tube
rupt
ure
initi
ated
seve
re a
ccid
ent i
n or
der t
o en
hanc
e re
tent
ion
of ra
dioa
ctiv
e m
ater
ials
.
3.2.
3 S
uppo
rt fo
r N
PP e
mer
genc
y pl
anni
ng
Bas
ed o
n PS
A, i
mpo
rtant
ele
men
ts o
f em
erge
ncy
plan
ning
ar
e ex
plor
ed a
nd a
ppro
pria
te st
rate
gies
are
dev
elop
ed. T
he
issu
es to
be
expl
ored
are
: the
cha
ract
eris
tics o
f the
pla
nt,
the
plan
t site
and
the
diff
eren
t pos
sibl
e co
unte
rmea
sure
s (s
uch
as sh
elte
ring,
eva
cuat
ion,
iodi
ne p
roph
ylax
is, l
ong
term
relo
catio
n, la
nd d
econ
tam
inat
ion,
food
ban
s). T
his
requ
ires a
Lev
el 3
PSA
. Sp
ecifi
c ap
plic
atio
ns in
clud
e po
ssib
le a
djus
tmen
ts to
the
emer
genc
y pl
anni
ng z
ones
(E
PZ),
refin
emen
t of e
mer
genc
y ac
tion
leve
ls, a
nd
focu
sing
the
reso
urce
s for
eva
cuat
ion
and
shel
terin
g.
QH
Os,
Early
and
la
tent
risk
and
dos
e fo
r diff
eren
t em
erge
ncy
plan
ning
re
spon
ses
This
app
licat
ion
requ
ires a
full
scop
e Le
vel 3
PSA
cov
erin
g al
l mod
es a
nd a
ll in
tern
al a
nd
exte
rnal
pla
nt h
azar
ds a
nd th
e ca
pabi
lity
to p
redi
ct th
e ris
k im
pact
s of a
ny c
hang
es to
the
emer
genc
y pl
an th
at a
re to
be
eval
uate
d in
clud
ing
alte
rnat
ive
evac
uatio
n, sh
elte
ring,
and
food
im
poun
dmen
t stra
tegi
es.
An
exam
ple
is to
supp
ort t
he d
eter
min
atio
n of
EPZ
dis
tanc
e, e
mer
genc
y ac
tion
leve
ls, a
nd
plan
ning
and
trai
ning
for e
vacu
atio
n an
d sh
elte
ring
activ
ities
.
148
Brie
f des
crip
tion
of P
SA a
pplic
atio
n PS
A re
sults
and
m
etric
s for
use
in
deci
sion
mak
ing9
Com
men
ts o
n ho
w P
SA m
odel
s can
be
used
to su
ppor
t app
licat
ion
and
exam
ples
3.3.
Per
sonn
el tr
aini
ng
3.3.
1 Im
prov
emen
t of o
pera
tor
trai
ning
pro
gram
PSA
is u
sed
to im
prov
e op
erat
or tr
aini
ng p
rogr
am b
y pr
ovid
ing
info
rmat
ion
on th
e ac
cide
nt p
roce
sses
, the
re
lativ
e lik
elih
ood
of th
e do
min
ant a
ccid
ent s
eque
nces
, and
th
e as
soci
ated
ope
rato
r act
ions
requ
ired
to p
reve
nt o
r m
itiga
te c
ore
dam
age.
Sim
ilarly
, the
rela
tive
cons
eque
nces
of
var
ious
ope
rato
r err
ors a
nd th
e PS
A-p
redi
cted
cha
nce
of
failu
re c
an b
e us
ed to
sele
ct th
ose
actio
ns th
at w
ould
be
nefit
from
em
phas
ized
trai
ning
. Int
rodu
ctio
n of
SA
MG
s ne
cess
itate
s to
mak
e op
erat
ors u
nder
stan
d se
vere
acc
iden
t sc
enar
ios.
Des
crip
tion
of
dom
inan
t ASs
for
CD
F AV
E and
LE
RF A
VE i
n w
hich
H
Es p
lay
a si
gnifi
cant
role
, ris
k im
porta
nce
mea
sure
s (e.
g. F
-V
and
RA
W) o
f HEs
an
d as
soci
ated
SS
Cs, Δ
CD
F AV
E, Δ
LER
F AV
E
Des
crip
tion
of d
omin
ant a
ccid
ent s
eque
nces
and
ope
rato
r act
ions
to im
plem
ent E
OPs
, rec
over
y ac
tions
, and
SA
MG
s (re
quire
s Lev
el 2
PSA
) with
hig
h ris
k im
porta
nce
are
suff
icie
nt to
enh
ance
tra
inin
g. If
adv
ance
d tra
inin
g is
to b
e ev
alua
ted
as a
cha
nge
to th
e ris
k pr
ofile
, the
HR
A tr
eatm
ent
mus
t be
capa
ble
of m
easu
ring
the
affe
cted
cha
nges
, and
cha
nge
in ri
sk m
etric
s use
to e
valu
ate
the
sign
ifica
nce
and
acce
ptab
ility
of t
he p
ropo
sed
chan
ge.
An
exam
ple
is to
sele
ct d
omin
ant a
ccid
ent s
eque
nces
from
the
PSA
and
incl
ude
som
e of
thes
e in
th
e op
erat
or si
mul
ator
trai
ning
.
3.3.
2 Im
prov
emen
t of m
aint
enan
ce p
erso
nnel
trai
ning
pr
ogra
m
Trai
ning
of m
aint
enan
ce st
aff i
s enh
ance
d ba
sed
on
insi
ghts
and
info
rmat
ion
from
the
PSA
. Foc
us is
on
pote
ntia
l ris
k si
gnifi
cant
impa
cts o
f mai
nten
ance
act
iviti
es,
such
as c
omm
on c
ause
failu
re a
nd m
aint
enan
ce-in
duce
d fa
ilure
of m
ultip
le sy
stem
trai
ns.
This
resu
lts in
an
incr
ease
d fo
cus o
n ris
k-si
gnifi
cant
SSC
s and
on
risk-
sign
ifica
nt fu
nctio
ns a
nd fa
ilure
mod
es th
at m
ust b
e ad
dres
sed
in th
e m
aint
enan
ce p
rogr
am a
s wel
l as
oppo
rtuni
ties t
o op
timiz
e m
aint
enan
ce ta
sks t
hat a
re n
ot
sign
ifica
nt to
risk
man
agem
ent.
Ris
k im
porta
nce
mea
sure
s (e.
g. F
-V,
RA
W) o
f aff
ecte
d SS
Cs,
pre-
acci
dent
H
Es, a
nd b
asic
ev
ents
dea
ling
with
m
aint
enan
ce a
nd
CC
Fs, Δ
CD
F AV
E, Δ
LER
F AV
E
The
risk
impo
rtanc
e m
easu
res a
re u
sed
to ra
nk c
ompo
nent
mai
nten
ance
una
vaila
bilit
ies a
nd p
re-
acci
dent
hum
an e
rror
s and
ass
ocia
ted
com
pone
nt fa
ilure
s tha
t cou
ld b
e in
fluen
ced
by m
aint
enan
ce
prog
ram
cha
nges
; cha
nge
in ri
sk m
etric
s use
d to
eva
luat
e th
e si
gnifi
canc
e an
d ac
cept
abili
ty o
f the
pr
opos
ed c
hang
e to
trai
ning
.
An
exam
ple
is to
trai
n th
e m
aint
enan
ce p
erso
nnel
on
the
SSC
s in
the
scop
e of
the
mai
nten
ance
pr
ogra
m th
at a
re m
ost a
nd le
ast r
isk
sign
ifica
nt a
nd w
hich
SSC
failu
re m
odes
shou
ld g
et th
e m
ost
prio
rity.
Ano
ther
exa
mpl
e is
to u
se P
SA in
sigh
ts to
hel
p m
anag
e th
e m
aint
enan
ce b
ackl
og.
149
Brie
f des
crip
tion
of P
SA a
pplic
atio
n PS
A re
sults
and
m
etric
s for
use
in
deci
sion
mak
ing9
Com
men
ts o
n ho
w P
SA m
odel
s can
be
used
to su
ppor
t app
licat
ion
and
exam
ples
3.3.
3 Im
prov
emen
t of p
lant
man
agem
ent t
rain
ing
prog
ram
The
appl
icat
ion
incl
udes
ade
quat
e co
mm
unic
atio
n of
the
tech
niqu
es, a
pplic
atio
ns a
nd im
plic
atio
ns o
f PSA
to p
lant
m
anag
emen
t to
deve
lop
an in
tegr
al u
nder
stan
ding
in te
rms
of m
anag
emen
t res
pons
ibili
ties.
Furth
erm
ore,
pla
nt
man
agem
ent i
s ulti
mat
ely
resp
onsi
ble
for d
ecis
ions
take
n w
ithin
the
fram
ewor
k of
SA
MG
s. Th
is re
quire
s a g
ood
unde
rsta
ndin
g of
impo
rtant
seve
re a
ccid
ent s
cena
rios,
thei
r fr
eque
ncie
s and
con
sequ
ence
s, as
wel
l as t
he re
latio
nshi
p be
twee
n pl
ant d
esig
n an
d op
erat
iona
l fea
ture
s tha
t im
pact
th
e PS
A re
sults
.
CD
F AV
E, LE
RF A
VE,
QH
Os,
risk
impo
rtanc
e m
easu
res o
f all
mod
elle
d ev
ents
, de
scrip
tion
of
dom
inan
t AS,
risk
in
sigh
ts
The
PSA
resu
lts a
nd a
det
aile
d qu
alita
tive
sum
mar
y of
the
resu
lts a
nd a
ssoc
iate
d ris
k in
sigh
ts a
nd
risk
impo
rtanc
e of
all
mod
elle
d SS
Cs a
nd e
vent
s are
nee
ded
in th
is a
pplic
atio
n to
add
risk
-in
form
ed in
sigh
ts to
the
safe
ty c
ultu
re. I
n ad
ditio
n, th
e pl
ant m
anag
emen
t’s a
ctiv
e pa
rtici
patio
n in
al
l ris
k-in
form
ed a
pplic
atio
n w
ould
bui
ld a
n aw
aren
ess o
f how
to m
anag
e th
e ris
ks. H
ow w
ell t
he
PSA
mod
el re
flect
s the
as-
built
and
as-
oper
ated
pla
nt n
eces
sary
for t
he m
anag
emen
t to
have
co
nfid
ence
in th
e PS
A re
sults
, is o
ne o
f the
mos
t im
porta
nt a
ttrib
utes
for t
his a
pplic
atio
n. T
his
mus
t be
acco
mpa
nied
by
a ba
sic
cour
se in
PSA
con
cept
s and
met
hods
so th
at th
e re
sults
can
be
inte
rpre
ted
prop
erly
.
A st
rikin
g ex
ampl
e is
to im
prov
e th
e sa
fety
cul
ture
and
to e
ngag
e th
e pl
ant m
anag
ers i
n co
nsid
erat
ion
and
man
agin
g th
e ris
k of
acc
iden
ts.
3.4.
Ris
k-ba
sed
conf
igur
atio
n co
ntro
l/ R
isk
Mon
itors
3.4.
1 C
onfig
urat
ion
plan
ning
(e.g
. sup
port
for
plan
t m
aint
enan
ce a
nd te
st a
ctiv
ities
)
Not
e: D
iffer
ent c
ombi
natio
ns o
f equ
ipm
ent c
onfig
urat
ion,
te
sts a
nd m
aint
enan
ce a
ctiv
ities
will
resu
lt in
diff
eren
t le
vels
of r
isk.
The
mai
n be
nefit
of r
isk-
info
rmed
co
nfig
urat
ion
cont
rol i
s the
redu
ctio
n of
risk
pea
ks a
nd th
e co
ntro
l of t
he c
umul
ativ
e, o
r ave
rage
, ris
k. It
hel
ps to
en
sure
that
, as f
ar a
s pos
sibl
e, th
e pl
ant d
oes n
ot e
nter
cr
itica
l, hi
gh-r
isk
situ
atio
ns, t
he p
erio
ds o
f inc
reas
ed ri
sk
are
min
imiz
ed, a
nd th
at o
ther
risk
sign
ifica
nt
conf
igur
atio
ns a
re a
void
ed. T
here
are
two
mai
n ta
sks i
n th
e ris
k-ba
sed
conf
igur
atio
n co
ntro
l: Ta
sk (1
) - ri
sk p
lann
ing
and
Task
(2) -
risk
ass
essm
ent a
nd fo
llow
-up
(see
Item
3.
4.2
on th
e la
tter)
.
This
app
licat
ion
is d
ealin
g w
ith T
ask
(1).
Ris
k pl
anni
ng is
a
forw
ard-
look
ing
appl
icat
ion
of P
SA a
nd it
con
sist
s of
supp
ortin
g th
e pr
epar
atio
n, p
lann
ing
and
sche
dulin
g of
pl
ant a
ctiv
ities
and
com
pone
nt c
onfig
urat
ions
. Thi
s ap
plic
atio
n ca
n be
per
form
ed w
ith a
n on
-line
or o
ff-li
ne
PSA
mod
el.
CD
F{t}
, LER
F{t}
, IC
CD
P, IC
LER
P,
risk
impo
rtanc
e m
easu
res o
f SSC
s as
a fu
nctio
n of
tim
e
The
PSA
mod
el u
sed
for t
he ‘b
ase
case
PSA
’ mus
t be
mod
ified
to h
ave
the
poss
ibili
ty to
el
imin
ate
time
aver
aged
mai
nten
ance
una
vaila
bilit
ies a
nd a
vera
ge m
odel
s for
alte
rnat
ive
conf
igur
atio
ns, a
nd re
plac
e th
em w
ith b
inar
y (‘
On’
, ‘O
ff’)
type
mod
els t
hat m
ake
the
CD
F an
d LE
RF
resu
lts d
epen
dent
on
spec
ific
plan
t con
figur
atio
ns a
nd e
quip
men
t out
-of-
serv
ice
cond
ition
s to
be
eval
uate
d. M
odel
ling
sim
plifi
catio
n to
trea
t sym
met
ric tr
ains
with
shar
ed b
asic
eve
nts m
ust
be e
xpan
ded
to m
odel
eac
h tra
in e
xplic
itly.
Tru
ncat
ion
issu
es m
ust b
e re
solv
ed so
the
PSA
resu
lts
are
valu
ed w
ith a
ny c
ombi
natio
n of
equ
ipm
ent t
o be
eva
luat
ed a
ssum
ed to
be
out o
f ser
vice
. A
m
eans
of s
peci
fyin
g pl
ant s
tate
cha
nges
, as a
func
tion
of ti
me
into
the
Ris
k M
onito
r mus
t be
prov
ided
. The
risk
impo
rtanc
e m
easu
res i
n th
is a
pplic
atio
n ar
e us
ed to
dev
elop
‘ret
urn
to se
rvic
e’
prio
ritie
s and
‘rem
ain
in se
rvic
e’ p
riorit
ies f
or e
ach
SSC
. Int
erfa
ce w
ith sc
hedu
ling
softw
are
is
help
ful.
The
PSA
mod
el sh
ould
be
capa
ble
of p
redi
ctin
g th
e te
mpo
ral c
hang
es in
initi
atin
g ev
ent
freq
uenc
ies,
com
pone
nt u
nava
ilabi
litie
s due
mai
nten
ance
and
oth
er c
onfig
urat
ion
chan
ges o
n C
DF
and
LER
F.
In c
ase
the
appl
icat
ion
is a
imed
to a
sses
s the
risk
ass
ocia
ted
with
tran
sitio
ns b
etw
een
diff
eren
t po
wer
mod
es, t
he P
SA m
odel
shou
ld in
corp
orat
e th
e IE
s and
syst
em c
onfig
urat
ions
for d
iffer
ent
plan
t ope
ratin
g st
ates
with
in th
e sc
ope
of p
ower
PSA
(e.g
. ope
ratio
n w
ith o
ne tu
rbin
e, o
pera
tion
with
no
turb
ine
abov
e 2%
of n
omin
al p
ower
, con
nect
ion
to re
serv
e ex
tern
al g
rid).
An
exam
ple
is th
e us
e of
a R
isk
Mon
itor t
ool t
o ev
alua
te th
e tim
e-de
pend
ent r
isk
prof
ile fo
r a
futu
re ti
me
perio
d, in
whi
ch a
serie
s of p
lant
con
figur
atio
n ch
ange
s is b
eing
pla
nned
.
150
Brie
f des
crip
tion
of P
SA a
pplic
atio
n PS
A re
sults
and
m
etric
s for
use
in
deci
sion
mak
ing9
Com
men
ts o
n ho
w P
SA m
odel
s can
be
used
to su
ppor
t app
licat
ion
and
exam
ples
3.4.
2 R
eal t
ime
conf
igur
atio
n as
sess
men
t and
con
trol
(r
espo
nse
to e
mer
ging
con
ditio
ns)
This
app
licat
ion
is d
ealin
g w
ith T
ask
(2) d
iscu
ssed
abo
ve
in It
em 3
.4.1
.
Ris
k as
sess
men
t and
follo
w-u
p in
volv
es th
e on
line
use
of
the
PSA
by
plan
t per
sonn
el in
ord
er to
kee
p th
e ris
k du
e to
ac
tual
con
figur
atio
ns, p
lant
act
iviti
es a
nd u
nant
icip
ated
ev
ents
at a
n ac
cept
able
leve
l.
CD
F{t}
, LER
F{t}
, IC
CD
P, IC
LER
P,
risk
impo
rtanc
e m
easu
res o
f SSC
s as
a fu
nctio
n of
tim
e
Use
of P
SA m
odel
is e
ssen
tially
the
sam
e as
des
crib
ed in
Item
3.4
.1 e
xcep
t for
the
time
fram
e ov
er w
hich
the
risk
to b
e ev
alua
ted
is d
iffer
ent (
i.e. c
ondi
tione
d by
the
dura
tion
of e
mer
ging
co
nditi
ons)
.
An
exam
ple
is th
e us
e of
a R
isk
Mon
itor t
ool t
o pe
rfor
m p
ost m
orte
m e
valu
atio
n of
the
time
depe
nden
t ris
k pr
ofile
for a
pre
viou
s tim
e pe
riod
in w
hich
a se
ries o
f pla
nt c
onfig
urat
ion
chan
ges
has o
ccur
red.
This
app
licat
ion
may
als
o re
quire
revi
ewin
g th
e pe
rfor
man
ce o
f the
mon
itorin
g to
ols t
o en
sure
th
ey a
re a
ble
to m
easu
re th
e ris
k im
pact
s of a
ll ac
tiviti
es th
at w
ere
expe
rienc
ed.
3.4.
3 E
xem
ptio
ns to
TS
and
just
ifica
tion
for
cont
inue
d op
erat
ion
As a
com
preh
ensi
ve to
ol d
escr
ibin
g th
e ris
k as
soci
ated
w
ith a
par
ticul
ar p
lant
con
figur
atio
n, th
e PS
A c
an p
rovi
de
usef
ul su
ppor
t to
TS e
xem
ptio
n ju
stifi
catio
ns a
nd/o
r to
prop
osal
s for
miti
gatio
n or
com
pens
ator
y m
easu
res,
or to
ju
stify
the
rele
vanc
e of
thes
e m
easu
res.
ΔC
DF A
VE,
ΔLE
RF A
VE,
ICC
DP,
IC
LER
P
The
scop
e of
this
app
licat
ion
is n
orm
ally
con
fined
to a
subs
et o
f SSC
s tha
t are
cur
rent
ly in
clud
ed
in th
e ba
se c
ase
PSA
mod
el; o
ther
wis
e th
e PS
A is
upd
ated
to in
corp
orat
e al
l affe
cted
SSC
s ex
plic
itly.
The
PSA
mod
el m
ust e
xplic
itly
mod
el th
e ar
eas a
ffect
ed b
y th
e TS
cha
nge.
The
ch
ange
in ri
sk m
etric
s is u
sed
to e
valu
ate
the
risk
sign
ifica
nce
and
acce
ptab
ility
of t
he p
ropo
sed
chan
ge.
This
app
licat
ion
is d
ealin
g w
ith te
mpo
rary
cha
nges
and
hen
ce th
e de
cisi
on c
riter
ia m
ay b
e le
ss
rest
rictiv
e th
an fo
r the
cas
e of
per
man
ent c
hang
es b
ecau
se o
f one
-tim
e na
ture
of t
he e
xem
ptio
n.
An
exam
ple
is th
e fa
ilure
of a
n em
erge
ncy
feed
wat
er p
ump
shaf
t tha
t req
uire
s a w
eek
to re
pair
and
a ju
stifi
catio
n to
rela
x th
e 72
hou
r AO
T on
an
one-
time
basi
s whi
le ta
king
com
pens
atin
g m
easu
res t
o m
inim
ize
the
risk
impa
cts.
3.4.
4 D
ynam
ic r
isk-
info
rmed
TS
Typi
cally
, cla
ssic
al T
Ss c
onsi
st o
f a ri
gid
fram
ewor
k of
pr
escr
iptio
ns fo
r ind
ivid
ual e
quip
men
t and
syst
ems
invo
lvin
g fix
ed g
race
tim
es, f
or e
xam
ple.
The
pur
pose
of
this
rigi
d fr
amew
ork
is to
kee
p pl
ant f
eatu
res w
ithin
the
licen
sing
bas
is fo
r a re
ason
ably
larg
e fr
actio
n of
tim
e.
Dyn
amic
risk
-info
rmed
TS
rela
xes s
ome
of th
is ri
gidi
ty
base
d on
the
inte
gral
vie
w o
f a P
SA. A
OTs
are
cal
cula
ted
for e
ach
plan
t sta
te ta
king
into
acc
ount
the
com
plet
e pi
ctur
e of
pla
nt c
onfig
urat
ion
and
equi
pmen
t out
-of-
serv
ice
com
bina
tions
. In
som
e ca
ses t
he c
alcu
late
d A
OT
may
be
shor
ter t
han
the
stan
dard
fixe
d te
chni
cal s
peci
ficat
ion
vers
ion
and
in so
me
case
s a lo
nger
AO
T is
just
ified
, but
in
all c
ases
a c
aref
ul e
valu
atio
n is
mad
e at
all
times
of t
he
com
plet
e pi
ctur
e of
pla
nt c
onfig
urat
ions
incl
udin
g sa
fety
an
d no
n-sa
fety
rela
ted
SSC
s.
CD
F{t}
, LER
F{t}
, IC
CD
P, IC
LER
P Th
is a
pplic
atio
n is
sim
ilar t
o Ite
m 3
.4.3
exc
ept t
hat n
ew A
OTs
are
not
fixe
d in
the
tech
nica
l sp
ecifi
catio
n do
cum
ent b
ut d
ynam
ical
ly c
alcu
late
d ba
sed
on th
e st
atus
of a
ll SS
Cs i
n th
e pl
ant a
nd
a tim
e de
pend
ent R
isk
Mon
itor.
An
exam
ple
of th
is is
a R
isk
Mon
itor t
hat c
alcu
late
s a n
ew A
OT
for e
ach
adve
rse
conf
igur
atio
n ch
ange
mad
e by
the
plan
t.
151
Brie
f des
crip
tion
of P
SA a
pplic
atio
n PS
A re
sults
and
m
etric
s for
use
in
deci
sion
mak
ing9
Com
men
ts o
n ho
w P
SA m
odel
s can
be
used
to su
ppor
t app
licat
ion
and
exam
ples
4. P
ER
MA
NE
NT
CH
AN
GE
S T
O T
HE
OPE
RA
TIN
G P
LA
NT
4.1
Pla
nt c
hang
es
4.1.
1 N
PP u
pgra
des,
back
-fitt
ing
activ
ities
and
pla
nt
mod
ifica
tions
Iden
tific
atio
n of
wea
knes
ses a
nd e
ffec
tive
area
s for
im
prov
emen
t in
plan
t des
ign
and
oper
atio
nal f
eatu
res i
n vi
ew o
f pla
nt ri
sk. A
sses
smen
t may
incl
ude
inve
stig
atio
n of
var
iant
s and
of e
xplo
rato
ry o
ptio
ns. P
SA a
rgum
ents
are
us
ed to
supp
ort t
he se
lect
ion,
des
ign,
impl
emen
tatio
n,
just
ifica
tion,
and
lice
nsin
g of
pla
nt u
pgra
des.
Ris
k im
porta
nce
mea
sure
s (e.
g. F
-V,
RA
W) o
f aff
ecte
d SS
Cs a
nd h
uman
ac
tions
, ΔC
DF A
VE,
ΔLE
RF A
VE
Impo
rtanc
e m
easu
res f
rom
‘bas
e ca
se P
SA’ a
re u
sed
to h
elp
prio
ritiz
e ca
ndid
ate
desi
gn c
hang
es;
chan
ge in
CD
F an
d LE
RF
is u
sed
to ju
stify
acc
epta
ble
risk
impa
cts a
nd to
det
erm
ine
risk
sign
ifica
nce.
The
leve
l of d
etai
l of t
he P
SA m
odel
in th
e ar
eas a
ffec
ted
by th
e de
sign
cha
nges
may
be
gre
ater
than
that
for t
he re
st o
f the
pla
nt; a
mor
e si
mpl
ified
con
serv
ativ
e tre
atm
ent o
f oth
er
parts
of t
he m
odel
acc
epta
ble.
Dat
a fo
r new
add
ition
al e
quip
men
t may
not
be
avai
labl
e; th
eref
ore,
tre
atm
ent o
f suc
h eq
uipm
ent i
n PS
A m
odel
shou
ld b
e ju
stifi
ed.
A ty
pica
l exa
mpl
e fo
r suc
h ap
plic
atio
n is
the
intro
duct
ion
of th
e pr
imar
y fe
ed a
nd b
leed
feat
ure
in
a PW
R N
PP, w
hich
wou
ld in
clud
e ha
rdw
are
upgr
ades
such
as i
nsta
llatio
n of
relie
f val
ves w
hich
ar
e qu
alifi
ed fo
r fee
d an
d bl
eed
and
the
elab
orat
ion
and
impl
emen
tatio
n of
ass
ocia
ted
proc
edur
es.
4.1.
2 L
ifetim
e ex
tens
ion
The
appl
icat
ion
is o
ften
refe
rred
as a
sub-
case
of t
he
perio
dic
safe
ty re
view
with
the
cons
ider
atio
n of
agi
ng
effe
cts b
eyon
d th
e de
sign
life
time.
Invo
lves
mod
ellin
g of
ag
ing
effe
cts i
n PS
A. (
See
also
Item
1.2
.)
CD
F AV
E, LE
RF A
VE,
CD
P, L
ERP,
QH
Os,
risk
impo
rtanc
e m
easu
res o
f all
SSC
s and
IEs,
prim
ary
cont
ribut
ors
to ri
sk
A fu
ll sc
ope
PSA
is n
eede
d to
add
ress
the
appl
icat
ion
in c
ompl
ete
and
cons
iste
nt m
anne
r. Th
e ke
y is
sue
in th
is a
pplic
atio
n is
the
poss
ible
impa
ct o
f agi
ng p
heno
men
a an
d co
mpo
nent
life
time
cons
ider
atio
ns b
eyon
d th
e de
sign
life
time
on th
e ov
eral
l ris
k m
etric
s. M
odel
ling
the
agin
g ph
enom
ena
is in
the
expl
orat
ory
stag
e; in
prin
cipl
e th
e PS
A sh
ould
be
capa
ble
of e
stim
atin
g or
bo
undi
ng th
e po
ssib
le e
ffec
ts o
f agi
ng o
n pa
ssiv
e co
mpo
nent
s tha
t are
not
nor
mal
ly m
aint
aine
d or
re
plac
ed. T
ime
trend
ana
lyse
s in
rela
tion
to IE
freq
uenc
ies,
equi
pmen
t fai
lure
rate
s, ca
ble
mat
eria
l pr
oper
ties,
etc.
supp
ort t
he a
pplic
atio
n. T
he a
naly
sis r
esul
ts p
rovi
de a
dditi
onal
info
rmat
ion
for
regu
lato
rs w
hile
lice
nsin
g th
e lif
etim
e ex
tens
ion.
An
exam
ple
is th
e ev
alua
tion
of th
e in
crea
se in
risk
due
to a
ging
of p
lant
equ
ipm
ent p
ast t
he
desi
gn li
fetim
e. T
ypic
al e
quip
men
t of m
ajor
inte
rest
are
: re
acto
r ves
sel,
stea
m g
ener
ator
, pip
ing,
et
c.
152
Brie
f des
crip
tion
of P
SA a
pplic
atio
n PS
A re
sults
and
m
etric
s for
use
in
deci
sion
mak
ing9
Com
men
ts o
n ho
w P
SA m
odel
s can
be
used
to su
ppor
t app
licat
ion
and
exam
ples
4.2
Tech
nica
l spe
cific
atio
n ch
ange
s
4.2.
1 D
eter
min
atio
n an
d ev
alua
tion
of c
hang
es to
al
low
ed o
utag
e tim
e an
d ch
ange
s to
requ
ired
TS
actio
ns
Req
uire
d ac
tions
in T
S ha
ve b
een
typi
cally
der
ived
on
a cl
assi
cal e
ngin
eerin
g ba
sis.
This
invo
lves
, for
exa
mpl
e,
mod
ified
surv
eilla
nce
activ
ities
to c
ompe
nsat
e fo
r red
uced
av
aila
bilit
y of
equ
ipm
ent.
Such
item
s can
be
re-e
valu
ated
ba
sed
on th
e PS
A a
nd c
hang
ed e
vent
ually
acc
ordi
ng to
ris
k-si
gnifi
canc
e. F
ocus
is o
n th
e ris
k im
pact
due
to th
e A
OT
perio
d. T
his r
equi
res a
sses
smen
t of t
hree
type
s of
risks
: (a)
inst
anta
neou
s (co
nditi
onal
) ris
k w
hile
the
com
pone
nt is
in m
aint
enan
ce; (
b) c
umul
ativ
e (in
tegr
ated
) ris
k ov
er th
e A
OT
perio
d; (c
) ave
rage
risk
ove
r a lo
ng
perio
d (e
.g. y
early
), ta
king
into
acc
ount
the
freq
uenc
y of
m
aint
enan
ce p
erfo
rmed
on
a co
mpo
nent
. Opt
imum
AO
T m
ay in
volv
e tra
de-o
ffs b
etw
een
exte
nded
equ
ipm
ent
unav
aila
bilit
y du
ring
pow
er o
pera
tion
and
unav
aila
bilit
y of
th
e sa
me
equi
pmen
t dur
ing
shut
dow
n co
nditi
ons.
The
ultim
ate
goal
is to
find
the
optim
um A
OT
for e
ach
SSC
co
vere
d in
the
tech
nica
l spe
cific
atio
n w
ith re
spec
t to
how
it
cons
train
s pla
nt o
pera
tion
stat
es a
nd h
ow it
is u
sed
to
man
age
risks
of e
quip
men
t bei
ng o
ut o
f ser
vice
.
In a
dditi
on, t
he P
SA m
ay b
e us
ed to
supp
ort t
he
optim
izat
ion
of m
aint
enan
ce ta
sks w
ith re
spec
t to
whe
ther
th
ey m
ust b
e do
ne d
urin
g ou
tage
s or w
heth
er o
n-lin
e m
aint
enan
ce is
app
ropr
iate
.
Ris
k im
porta
nce
mea
sure
s of a
ffec
ted
SSC
s, Δ
CD
F AV
E, Δ
LER
F AV
E, IC
CD
P,
ICLE
RP
The
scop
e of
this
app
licat
ion
is n
orm
ally
con
fined
to a
subs
et o
f SSC
s tha
t are
cur
rent
ly in
clud
ed
in th
e ‘b
ase
case
PSA
’ mod
el; o
ther
wis
e th
e PS
A is
upd
ated
to in
corp
orat
e al
l affe
cted
SSC
s ex
plic
itly.
The
leve
l of d
etai
l of t
he P
SA m
odel
in th
e ar
eas a
ffect
ed b
y th
e A
OT
chan
ges m
ay b
e gr
eate
r tha
n th
at fo
r the
rest
of t
he p
lant
. The
PSA
mod
el m
ust e
xplic
itly
mod
el th
e m
aint
enan
ce
unav
aila
bilit
y fo
r all
SSC
s who
se A
OTs
hav
e be
en c
hang
ed.
The
mod
el sh
all b
e ca
pabl
e to
pro
perly
refle
ct a
ll ef
fect
s of s
yste
m/c
ompo
nent
una
vaila
bilit
y:
- se
tting
com
pone
nts/
syst
em to
una
vaila
ble
stat
e;
- ba
lanc
ed e
ffect
of u
nava
ilabi
lity
of p
artic
ular
redu
ndan
t tra
in/c
ompo
nent
(sym
met
ric
mod
el, e
.g. s
team
line
rupt
ure
is re
pres
ente
d by
rupt
ure
on S
G1,
so th
e ef
fect
of
the
unav
aila
bilit
y of
SG
1 is
olat
ion
valv
e is
ove
rest
imat
ed a
nd th
e ef
fect
of u
nava
ilabi
litie
s of
othe
r equ
ival
ent i
sola
tion
valv
es is
und
eres
timat
ed).
The
chan
ges i
n ris
k m
etric
s are
use
d to
eva
luat
e th
e ris
k si
gnifi
canc
e an
d ac
cept
abili
ty o
f the
pr
opos
ed c
hang
e an
d th
e in
crem
enta
l ris
k m
etric
s are
use
d to
eva
luat
e th
e ac
cept
abili
ty o
f the
new
pr
opos
ed A
OT.
Exam
ple:
One
of t
he m
ost c
omm
on e
xam
ples
is a
n ex
tens
ion
of th
e ED
G A
OTs
to p
erm
it on
-line
ove
rhau
ls
of th
e co
mpo
nent
s dur
ing
pow
er o
pera
tion.
153
Brie
f des
crip
tion
of P
SA a
pplic
atio
n PS
A re
sults
and
m
etric
s for
use
in
deci
sion
mak
ing9
Com
men
ts o
n ho
w P
SA m
odel
s can
be
used
to su
ppor
t app
licat
ion
and
exam
ples
4.2.
2 R
isk-
info
rmed
opt
imis
atio
n of
TS
The
tech
nica
l spe
cific
atio
ns d
efin
e lim
its a
nd c
ondi
tions
fo
r ope
ratio
n, te
stin
g, a
nd m
aint
enan
ce a
ctiv
ities
as a
way
to
ass
ure
that
the
plan
t is o
pera
ted
safe
ly. F
rom
tim
e to
tim
e, th
e pl
ant o
pera
tor m
ay n
eed
a TS
exe
mpt
ion
due
to
oper
atio
nal b
urde
ns a
nd c
onst
rain
ts. T
his a
pplic
atio
n is
us
ed to
opt
imis
e TS
pro
visi
ons.
Bes
ide
risk
insi
ghts
, oth
er n
ot ri
sk-b
ased
par
amet
ers m
ay
have
to b
e us
ed a
s con
stra
ints
in th
e op
timis
atio
n pr
oces
s.
Ris
k im
porta
nce
mea
sure
s of a
ffec
ted
SSC
s, Δ
CD
F AV
E, Δ
LER
F AV
E, IC
CD
P,
ICLE
RP
This
app
licat
ion
is si
mila
r to
Item
4.2
.1 d
epen
ding
on
the
natu
re o
f the
TS
actio
n to
be
chan
ged.
This
app
licat
ion
invo
lves
the
defin
ition
of c
onst
rain
ing
para
met
ers b
esid
e ris
k m
etric
s to
assu
re
effic
ient
resu
lts (e
.g. c
ost-b
enef
it co
rrel
atio
ns).
An
exam
ple
is a
pro
posa
l to
rem
ove
as te
chni
cal s
peci
ficat
ion
requ
irem
ent t
o te
st a
n op
erab
le
EDG
eve
ry h
our w
hile
a re
dund
ant E
DG
trai
n is
out
of s
ervi
ce.
4.2.
3 D
eter
min
atio
n an
d ev
alua
tion
of c
hang
es to
su
rvei
llanc
e te
st in
terv
als
PSA
bas
ed e
valu
atio
n of
surv
eilla
nce
test
inte
rval
s (ST
Is)
cons
ider
s the
risk
from
una
vaila
bilit
y du
e to
und
etec
ted
failu
res,
and
the
risk
from
una
vaila
bilit
y du
e to
test
s and
te
st in
duce
d fa
ilure
s. Th
e go
al is
to o
ptim
ize
the
STIs
with
re
spec
t to
thei
r im
pact
on
equi
pmen
t rel
iabi
lity
and
how
th
ese
test
s im
pact
the
cost
of o
pera
tions
. H
uman
err
ors
durin
g ST
Is th
at m
ay h
ave
an a
dver
se im
pact
on
safe
ty, f
or
exam
ple
by le
adin
g to
pla
nt tr
ips a
nd in
itiat
ing
even
ts
norm
ally
is c
onsi
dere
d in
dec
idin
g th
is o
ptim
izat
ion.
Ris
k im
porta
nce
mea
sure
s (e.
g. F
-V,
RA
W) o
f aff
ecte
d SS
Cs, Δ
CD
F AV
E, Δ
LER
F AV
E
The
scop
e of
this
app
licat
ion
is n
orm
ally
con
fined
to a
subs
et o
f SSC
s tha
t are
cur
rent
ly in
clud
ed
in th
e ‘b
ase
case
PSA
’ mod
el; o
ther
wis
e th
e PS
A is
upd
ated
to in
corp
orat
e th
e af
fect
ed S
SCs
expl
icitl
y if
they
can
be
used
in a
ccid
ent m
itiga
tion.
The
leve
l of d
etai
l of t
he P
SA m
odel
in th
e ar
eas a
ffect
ed b
y th
e ST
I cha
nges
may
be
grea
ter t
han
that
for t
he re
st o
f the
pla
nt.
The
PSA
m
odel
mus
t exp
licitl
y m
odel
test
una
vaila
bilit
y of
the
SSC
and
pro
vide
a c
apab
ility
to p
redi
ct th
e im
pact
of c
hang
es to
the
STI o
n ea
ch a
ffect
ed c
ompo
nent
una
vaila
bilit
y du
e to
a ra
ndom
failu
re.
R
isk
impo
rtanc
e m
easu
res c
an b
e us
ed to
prio
ritiz
e an
d ra
nk th
e ca
ndid
ates
for S
TI c
hang
e. T
he
chan
ge in
risk
met
rics i
s use
d to
eva
luat
e th
e ris
k si
gnifi
canc
e an
d ac
cept
abili
ty o
f the
pro
pose
d ch
ange
and
the
incr
emen
tal r
isk
met
rics a
re u
sed
to e
valu
ate
the
acce
ptab
ility
of t
he n
ew p
ropo
sed
STI.
An
unde
rsta
ndin
g of
how
hum
an e
rror
s dur
ing
test
ing
cont
ribut
e to
initi
atin
g ev
ent
freq
uenc
ies a
nd c
ompo
nent
failu
res i
s nee
ded
to b
alan
ce th
e po
sitiv
e an
d ne
gativ
e as
pect
s of
surv
eilla
nce
test
ing.
Una
vaila
bilit
y of
equ
ipm
ent d
ue to
hum
an e
rror
s to
prop
erly
rest
ore
norm
al
alig
nmen
ts a
fter t
estin
g is
to b
e ta
ken
into
acc
ount
. If i
t is k
now
n th
at a
test
may
lead
to a
hig
her
prob
abili
ty o
f an
initi
atin
g ev
ent (
initi
atin
g ev
ent f
requ
ency
is re
late
d to
test
freq
uenc
y) th
en th
is
rela
tions
hip
mus
t be
take
n in
to a
ccou
nt if
the
test
freq
uenc
y is
cha
nged
.
A ty
pica
l exa
mpl
e is
the
test
of s
afet
y in
ject
ion
train
s by
runn
ing
one
train
via
a fu
ll ca
paci
ty
bypa
ss li
ne b
ack
to th
e su
ppre
ssio
n po
ol (B
WR
) or b
ack
to th
e bo
rate
d w
ater
stor
age
tank
(PW
R).
Typi
cally
, the
se s
yste
ms a
re a
utom
atic
ally
reco
nfig
ured
from
the
test
con
figur
atio
n an
d st
arte
d w
hen
a re
al d
eman
d ha
ppen
s. Th
us, w
hen
incr
easi
ng te
st fr
eque
ncy,
ther
e is
a tr
ade-
off b
etw
een
redu
ced
com
pone
nt u
nava
ilabi
lity,
incr
ease
d un
avai
labi
lity
of e
quip
men
t dur
ing
the
test
due
to
real
ignm
ent o
f val
ves,
actu
atio
n of
con
trol c
ircui
ts, o
peni
ng o
f AC
or D
C c
ircui
t bre
aker
s, et
c.
154
Brie
f des
crip
tion
of P
SA a
pplic
atio
n PS
A re
sults
and
m
etric
s for
use
in
deci
sion
mak
ing9
Com
men
ts o
n ho
w P
SA m
odel
s can
be
used
to su
ppor
t app
licat
ion
and
exam
ples
4.2.
4 R
isk-
info
rmed
in-s
ervi
ce te
stin
g
Use
of P
SA to
supp
ort t
he IS
T pr
ogra
mm
e, ta
king
into
ac
coun
t the
rela
tive
risk
sign
ifica
nce
of th
e co
mpo
nent
s to
be te
sted
, is i
n th
e fo
cus o
f the
app
licat
ion.
Thi
s app
licat
ion
is n
orm
ally
lim
ited
to p
umps
and
val
ves i
n sa
fety
rela
ted
syst
ems,
but i
n pr
inci
ple
can
be a
pplie
d to
any
com
pone
nt
in th
e IS
T pr
ogra
m. T
he re
lativ
e ris
k si
gnifi
canc
e is
as
sess
ed u
sing
a b
lend
of p
roba
bilis
tic a
nd d
eter
min
istic
m
etho
ds b
efor
e an
y te
st in
terv
al is
cha
nged
and
the
aggr
egat
e im
pact
of t
he c
hang
es is
eva
luat
ed.
This
resu
lts
in re
laxa
tion
of te
stin
g re
quire
men
ts fo
r low
risk
si
gnifi
cant
SSC
s and
SSC
func
tions
and
incr
ease
d re
quire
men
ts fo
r hig
her r
isk
sign
ifica
nt S
SCs y
ield
ing
an
optim
ized
test
ing
prog
ram
.
Ris
k im
porta
nce
mea
sure
s (e.
g. F
-V,
RA
W) o
f aff
ecte
d SS
Cs, Δ
CD
F AV
E, Δ
LER
F AV
E
Ris
k im
porta
nce
mea
sure
s fro
m th
e ba
se P
SA u
sed
to h
elp
prio
ritiz
e ca
ndid
ate
chan
ges t
o IS
T pr
ogra
m fo
r sel
ecte
d pu
mps
and
val
ves,
chan
ge in
CD
F an
d LE
RF
used
to ju
stify
acc
epta
ble
risk
impa
cts a
nd to
det
erm
ine
risk
sign
ifica
nce.
Exp
licit
mod
el o
f tes
t and
mai
nten
ance
un
avai
labi
litie
s and
cap
abili
ty to
pre
dict
or b
ound
the
impa
ct o
f pro
gram
cha
nges
on
com
pone
nt
unav
aila
bilit
y du
e to
a ra
ndom
failu
re a
nd te
st a
nd m
aint
enan
ce u
nava
ilabi
litie
s nee
ded
to su
ppor
t th
is a
pplic
atio
n.
The
PSA
can
be
used
to a
naly
se h
ow a
cha
nge
in te
st in
terv
als a
ffec
ts th
e pl
ant r
isk
taki
ng in
to
acco
unt n
egat
ive
effe
cts s
uch
as p
oten
tially
incr
ease
d fr
eque
ncy
of p
lant
tran
sien
ts, e
.g. t
estin
g st
rate
gy fo
r pre
ssur
izer
relie
f val
ves,
MSI
Vs,
etc.
4.2.
5 R
isk-
info
rmed
in-s
ervi
ce in
spec
tions
The
risk-
info
rmed
in-s
ervi
ce in
spec
tion
(RI-
ISI)
m
etho
dolo
gy c
onsi
sts o
f ran
king
the
elem
ents
for
insp
ectio
n, su
ch a
s wel
ds in
pip
ing
syst
ems,
acco
rdin
g to
th
eir r
isk
sign
ifica
nce
and
deve
lopi
ng th
e in
spec
tion
stra
tegy
(fre
quen
cy, m
etho
d, sa
mpl
e si
ze, e
tc.)
com
men
sura
te w
ith th
eir r
isk
sign
ifica
nce.
It p
rovi
des a
fr
amew
ork
for e
ffec
tive
allo
catio
n of
insp
ectio
n re
sour
ces
and
help
s to
focu
s the
insp
ectio
n ac
tiviti
es w
here
they
are
m
ost n
eede
d. In
add
ition
, an
unde
rsta
ndin
g of
the
mos
t lik
ely
degr
adat
ion
mec
hani
sms i
s dev
elop
ed, w
hich
is u
sed
to fo
cus r
equi
red
insp
ectio
ns to
use
the
mos
t app
ropr
iate
in
spec
tion
met
hods
for t
he a
ntic
ipat
ed d
amag
e m
echa
nism
s.
Com
pone
nt fa
ilure
ra
tes f
or d
iffer
ent
insp
ectio
n st
rate
gies
(e
.g. o
btai
ned
usin
g PF
M o
r Mar
kov
mod
el),
CC
DP,
C
LER
P, Δ
CD
F AV
E, Δ
LER
F AV
E
This
app
licat
ion
is n
orm
ally
lim
ited
to p
ipin
g sy
stem
insp
ectio
ns, b
ut in
prin
cipl
e ca
n be
app
lied
to a
ny p
assi
ve c
ompo
nent
cov
ered
in th
e In
-Ser
vice
Insp
ectio
n (I
SI) p
rogr
am. T
hese
pas
sive
co
mpo
nent
s are
nor
mal
ly n
ot e
xplic
itly
mod
elle
d in
a ‘b
ase
case
PSA
’. H
ence
, spe
cial
ana
lyse
s m
ust b
e pe
rfor
med
to e
stim
ate
com
pone
nt (e
.g. w
eld)
leve
l fai
lure
rate
s as a
func
tion
of le
vel a
nd
type
of i
nspe
ctio
n, a
nd c
onse
quen
ces o
f pip
e fa
ilure
in te
rms o
f the
CC
DP
and
CLE
RP
due
to th
e lo
ss o
f fun
ctio
n an
d se
cond
ary
flood
ing
and
othe
r con
sequ
ence
s of s
yste
m p
ipe
brea
ks.
Thes
e sp
ecia
l ana
lyse
s are
use
d to
dev
elop
risk
impo
rtanc
e m
easu
res o
r alte
rnat
ive
risk
rank
ing
mat
rices
w
hich
are
use
d to
hel
p pr
iorit
ize
cand
idat
e ch
ange
s to
ISI p
rogr
am fo
r sel
ecte
d w
eld
loca
tions
, ch
ange
in C
DF
and
LER
F us
ed to
just
ify a
ccep
tabl
e ris
k im
pact
s and
to d
eter
min
e ris
k si
gnifi
canc
e. T
he b
ase
PSA
mod
el m
ust b
e ca
pabl
e of
supp
ortin
g es
timat
es o
f the
CC
DP
and
CLE
RP
of a
ny a
ssum
ed fa
ilure
mod
e w
ithin
the
scop
e of
the
pipi
ng sy
stem
s sel
ecte
d fo
r the
RI-
ISI p
rogr
am.
To d
ate,
mos
t exa
mpl
es in
volv
e in
-ser
vice
insp
ectio
ns o
f wel
ds in
NPP
pip
ing
syst
ems i
n w
hich
ca
se th
e nu
mbe
r, fr
eque
ncy,
and
met
hod
of n
on-d
estru
ctiv
e ex
amin
atio
n (N
DE)
are
var
ied
to
impr
ove
the
allo
catio
n of
insp
ectio
n re
sour
ces t
o th
e m
ost r
isk
sign
ifica
nt p
ipe
elem
ents
and
to
man
age
the
risk
of in
spec
tions
with
resp
ect t
o pi
pe ru
ptur
es. F
utur
e ex
ampl
es c
over
the
brea
dth
of
SSC
s cur
rent
ly c
over
ed in
ISI p
rogr
ams.
155
Brie
f des
crip
tion
of P
SA a
pplic
atio
n PS
A re
sults
and
m
etric
s for
use
in
deci
sion
mak
ing9
Com
men
ts o
n ho
w P
SA m
odel
s can
be
used
to su
ppor
t app
licat
ion
and
exam
ples
4.3
Est
ablis
hmen
t of g
rade
d Q
A p
rogr
am fo
r SSC
4.3.
1 E
quip
men
t ris
k si
gnifi
canc
e ev
alua
tion
PSA
pro
vide
s the
nec
essa
ry in
sigh
ts th
at a
re u
sed
to
dete
rmin
e th
e re
lativ
e sa
fety
sign
ifica
nce
of p
lant
eq
uipm
ent.
Thes
e pr
obab
ilist
ic in
sigh
ts a
re fo
r exa
mpl
e ut
ilize
d to
hel
p id
entif
y lo
w/h
igh
safe
ty si
gnifi
cant
SSC
s th
at a
re c
andi
date
s for
redu
ctio
ns/im
prov
emen
ts in
QA
tre
atm
ent.
Ris
k im
porta
nce
mea
sure
s of a
ffec
ted
SSC
s (e.
g. F
-V,
RA
W)
Ris
k im
porta
nce
mea
sure
s are
use
d to
cla
ssify
the
risk
and
safe
ty si
gnifi
canc
e of
SSC
s. T
his
info
rmat
ion
is c
onsi
dere
d in
con
nect
ion
with
the
curr
ent s
afet
y cl
assi
ficat
ion
of S
SCs a
nd
asso
ciat
ed Q
A a
nd sp
ecia
l tre
atm
ent r
equi
rem
ents
; thi
s is u
sed
to id
entif
y an
d ra
nk c
andi
date
SS
Cs f
or p
ropo
sed
chan
ge in
QA
and
spec
ial t
reat
men
t req
uire
men
ts.
An
exam
ple
is p
laci
ng a
ll pl
ant S
SCs i
nto
diffe
rent
cat
egor
ies b
ased
on
safe
ty re
late
d cl
assi
ficat
ion
and
risk
impo
rtanc
e us
ing
F-V
and
RA
W ty
pe o
f mea
sure
s.
4.3.
2 E
valu
atio
n of
ris
k im
pact
of c
hang
es to
QA
re
quir
emen
ts
Cha
nges
in Q
A tr
eatm
ent o
f SSC
s are
inve
stig
ated
or
expl
ored
with
in th
e fr
amew
ork
of P
SA.
Ris
k im
porta
nce
mea
sure
s (e.
g. F
-V,
RA
W) o
f aff
ecte
d SS
Cs, Δ
CD
F AV
E, Δ
LER
F AV
E
In a
dditi
on to
the
disc
ussi
on p
rovi
ded
in It
em 4
.3.1
, sen
sitiv
ity st
udie
s are
requ
ired
to a
ssur
e ro
bust
dec
isio
n m
akin
g. C
hang
e in
risk
met
rics a
re u
sed
to d
eter
min
e th
e ris
k si
gnifi
canc
e an
d ris
k ac
cept
abili
ty o
f the
pro
pose
d ch
ange
.
An
exam
ple
is e
valu
atin
g th
e ch
ange
in ri
sk a
ssoc
iate
d w
ith re
laxa
tion
of Q
A re
quire
men
ts.
5. O
VE
RSI
GH
T A
CT
IVIT
IES
5.1
Per
form
ance
mon
itori
ng
5.1.
1 P
lann
ing
and
prio
ritiz
atio
n of
insp
ectio
n ac
tiviti
es (r
egul
ator
y an
d in
dust
ry)
PSA
bas
ed ra
nkin
g of
des
ign
and
oper
atio
nal f
eatu
res i
s us
ed to
focu
s res
ourc
es fo
r reg
ulat
ory
and
indu
stry
in
spec
tions
on
impo
rtant
issu
es a
nd e
quip
men
t.
CD
F AV
E, LE
RF A
VE,
QH
Os,
risk
impo
rtanc
e m
easu
res o
f all
SSC
s and
HEs
, pr
imar
y co
ntrib
utor
s to
risk
, ΔC
DF A
VE,
ΔLE
RF A
VE,
CC
DP,
C
LER
P
The
insi
ghts
from
bas
elin
e PS
A re
sults
are
use
d to
supp
ort s
ettin
g th
e ag
enda
and
prio
ritie
s for
sp
ecifi
c in
spec
tions
so th
at th
e ar
eas o
f the
pla
nt a
nd o
pera
tor a
ctio
ns th
at a
re m
ost r
isk
sign
ifica
nt
refle
ct th
e hi
ghes
t prio
rity.
An
exam
ple
coul
d be
the
deci
sion
to fo
cus t
he sc
ope
of a
n in
spec
tion
on th
e m
ater
ial c
ondi
tion
of
SSC
s fou
nd to
be
resp
onsi
ble
for t
he d
omin
ant r
isk
sequ
ence
s in
the
plan
t’s P
SA.
156
Brie
f des
crip
tion
of P
SA a
pplic
atio
n PS
A re
sults
and
m
etric
s for
use
in
deci
sion
mak
ing9
Com
men
ts o
n ho
w P
SA m
odel
s can
be
used
to su
ppor
t app
licat
ion
and
exam
ples
5.1.
2 L
ong
term
ris
k-ba
sed
perf
orm
ance
indi
cato
rs
The
long
term
risk
bas
ed in
dica
tors
focu
s on
mon
itorin
g pl
ant b
ehav
iour
in o
rder
to g
et in
sigh
ts o
n th
e pa
st h
isto
ry
of N
PP sa
fety
and
to u
pdat
e th
e ca
lcul
ated
ave
rage
CD
F.
Long
term
use
incl
udes
ana
lysi
s of p
ast p
lant
beh
avio
ur
inte
grat
ing
the
even
ts o
ccur
red,
failu
res a
nd
unav
aila
bilit
ies.
This
info
rmat
ion
(incl
udin
g C
DF
trend
s, co
mpa
rison
bet
wee
n ex
pect
ed a
nd c
alcu
late
d C
DF,
etc
.) is
of
inte
rest
to re
gula
tors
and
hig
h-le
vel p
lant
man
agem
ent.
Long
term
risk
bas
ed in
dica
tors
can
als
o he
lp to
pin
poin
t ag
ing
effe
cts o
n co
mpo
nent
s and
syst
ems.
This
info
rmat
ion
is im
porta
nt fo
r the
pla
nt st
aff a
nd c
an in
itiat
e de
sign
ch
ange
s or m
odifi
catio
ns to
test
ing
and
mai
nten
ance
st
rate
gies
, etc
. Sim
ilarly
, lon
g te
rm ri
sk in
dica
tors
can
be
draw
n up
for p
lann
ing
purp
oses
. For
long
term
pla
nnin
g,
the
assu
mpt
ions
rega
rdin
g pl
anne
d de
sign
cha
nges
, ex
pect
ed c
ompo
nent
beh
avio
ur, e
tc. c
an b
e in
trodu
ced
in
the
PSA
mod
els a
nd d
ata
and
can
be a
naly
sed
to o
btai
n th
e ex
pect
ed a
vera
ge C
DF
for t
he n
ext p
erio
d.
CD
F AV
E, LE
RF A
VE,
CD
F{t}
, LER
F{t}
, Q
HO
s, ris
k im
porta
nce
mea
sure
s of a
ll SS
Cs a
nd H
Es,
prim
ary
cont
ribut
ors
to ri
sk
The
PSA
resu
lts c
an b
e us
ed to
det
erm
ine
the
appr
opria
te se
t of p
erfo
rman
ce in
dica
tors
. Fo
r ex
ampl
e, th
e hi
gh ri
sk si
gnifi
cant
SSC
s can
be
used
to d
efin
e SS
C u
nava
ilabi
lity
and
failu
re
perf
orm
ance
met
rics t
hat a
re h
ighl
y co
rrel
ated
to si
gnifi
cant
CD
F an
d LE
RF
impa
cts.
If th
ese
risk
met
rics a
re u
pdat
ed o
ver a
long
per
iod
of ti
me,
agi
ng e
ffec
ts m
ay b
e in
dica
ted.
Spec
ial i
ndic
ator
s mig
ht b
e us
eful
that
are
der
ived
from
pla
nt sp
ecifi
c da
ta a
nd o
pera
ting
expe
rienc
e. F
or th
is p
urpo
se, t
he u
se o
f pla
nt-s
peci
fic c
ompo
nent
relia
bilit
y da
ta is
impo
rtant
. The
co
mpo
nent
s and
SSC
to b
e an
alys
ed c
an b
e de
rived
with
the
use
of im
porta
nce
mea
sure
s.
Ris
k M
onito
r can
be
used
as a
supp
ortin
g to
ol to
der
ive
aver
aged
CD
F es
timat
es d
eriv
ed b
y in
tegr
atio
n of
inst
anta
neou
s CD
F fo
r the
obs
erve
d pl
ant c
onfig
urat
ions
.
An
exam
ple
is th
e tre
ndin
g of
the
num
ber o
f fai
lure
s or u
nava
ilabl
e ho
urs o
f a h
ighl
y ris
k si
gnifi
cant
SSC
s.
5.1.
3 S
hort
term
ris
k ba
sed
perf
orm
ance
indi
cato
rs
Ris
k ba
sed
indi
cato
rs fo
r sho
rt te
rm u
se re
quire
in
stan
tane
ous e
valu
atio
n of
risk
. Thi
s typ
e of
app
licat
ion
prov
ides
info
rmat
ion
on c
hang
es in
CD
F du
e to
pla
nt
even
ts a
nd ri
sk a
ssoc
iate
d w
ith p
lann
ed a
ctiv
ities
.
CD
F AV
E, LE
RF A
VE,
CD
F{t}
, LER
F{t}
, Q
HO
s, ris
k im
porta
nce
mea
sure
s of a
ll SS
Cs a
nd H
Es,
prim
ary
cont
ribut
ors
to ri
sk
The
PSA
resu
lts c
an b
e us
ed to
det
erm
ine
the
appr
opria
te se
t of p
erfo
rman
ce in
dica
tors
. Fo
r ex
ampl
e, th
e hi
gh ri
sk si
gnifi
cant
SSC
s can
be
used
to d
efin
e SS
C u
nava
ilabi
lity
met
rics t
hat a
re
high
ly c
orre
late
d to
sign
ifica
nt C
DF
and
LER
F im
pact
s.
Sim
ilar t
o Ite
m 5
.1.2
, use
of p
lant
-spe
cific
dat
a is
impo
rtant
.
Ris
k M
onito
r is a
n ap
prop
riate
tool
to e
valu
ate
inst
anta
neou
s CD
F.
An
exam
ple
is th
e id
entif
icat
ion
of th
e ab
norm
al c
ondi
tions
for e
quip
men
t ope
ratio
n le
adin
g to
in
crea
se in
thei
r fai
lure
pro
babi
litie
s.
157
Brie
f des
crip
tion
of P
SA a
pplic
atio
n PS
A re
sults
and
m
etric
s for
use
in
deci
sion
mak
ing9
Com
men
ts o
n ho
w P
SA m
odel
s can
be
used
to su
ppor
t app
licat
ion
and
exam
ples
5.2
Perf
orm
ance
ass
essm
ent
5.2.
1 A
sses
smen
t of i
nspe
ctio
n fin
ding
s
This
type
of a
pplic
atio
n pr
ovid
es in
form
atio
n on
cha
nges
in
risk
mea
sure
s ass
ocia
ted
with
insp
ectio
n fin
ding
s. C
hang
e in
risk
met
rics a
nd c
ondi
tiona
l ris
k m
etric
s can
be
used
to e
valu
ate
the
risk
impa
ct o
f deg
rada
tions
or i
ssue
s th
at a
re fo
und
durin
g th
e in
spec
tions
and
to e
valu
ate
poss
ible
cor
rect
ive
actio
ns.
Ris
k im
porta
nce
mea
sure
s of a
ll SS
Cs a
nd H
Es,
prim
ary
cont
ribut
ors
to ri
sk, C
DF A
VE,
LER
F AV
E, Δ
CD
F AV
E, Δ
LER
F AV
E
This
app
licat
ion
is si
mila
r to
the
risk
eval
uatio
n of
sign
ifica
nt e
vent
s in
term
s of h
ow th
e PS
A is
us
ed to
eva
luat
e th
e ris
k si
gnifi
canc
e of
a p
lant
con
ditio
n th
at m
ay b
e co
nsid
ered
for d
iffer
ent
leve
ls o
f ins
pect
ions
dep
endi
ng o
n th
e re
sults
. O
ften,
sim
plifi
ed g
ener
ic P
SA m
odel
s are
use
d to
pe
rfor
m a
con
serv
ativ
e sc
reen
ing
eval
uatio
n fir
st a
nd if
sign
ifica
nt, i
t may
be
follo
wed
up
with
a
mor
e re
alis
tic a
nd d
etai
led
eval
uatio
n. D
epen
ding
on
the
area
of i
nspe
ctio
n fin
ding
s, PS
A o
f di
ffere
nt sc
ope
mig
ht b
e ne
eded
.
Exam
ple:
Use
of P
SA m
odel
s to
estim
ate
the
risk
sign
ifica
nce
of a
n in
spec
tion
findi
ng th
at a
fire
ba
rrie
r had
bee
n im
prop
erly
rem
oved
from
a N
PP.
5.2.
2 E
valu
atio
n an
d ra
ting
of o
pera
tiona
l eve
nts
By
PSA
bas
ed e
xtra
pola
tion
of o
pera
tiona
l eve
nts t
o ac
cide
nt sc
enar
ios w
ith se
rious
con
sequ
ence
s, va
luab
le
insi
ghts
can
be
gain
ed re
gard
ing
acci
dent
s on
the
basi
s of
min
or in
cide
nts,
with
out s
uffe
ring
thei
r rea
l con
sequ
ence
s. PS
A c
an b
e us
ed to
ana
lyse
pla
nt e
vent
s, w
hich
may
in
itiat
e a
plan
t trip
, deg
rade
or d
isab
le sa
fety
syst
ems,
or
both
sim
ulta
neou
sly.
The
app
licat
ion
can
then
pro
vide
an
estim
ate,
in te
rms o
f a c
ondi
tiona
l pro
babi
lity,
of t
he
avai
labl
e m
argi
n fo
r an
acci
dent
with
una
ccep
tabl
e co
nseq
uenc
es. T
hus,
the
basi
c pu
rpos
e of
PSA
bas
ed
oper
atio
nal e
vent
ana
lysi
s is t
o de
term
ine
how
an
oper
atio
nal e
vent
cou
ld h
ave
dege
nera
ted
into
an
acci
dent
w
ith m
ore
serio
us c
onse
quen
ces a
nd to
der
ive
the
cond
ition
al p
roba
bilit
y of
cor
e da
mag
e du
e to
such
eve
nt.
CC
DP,
CLE
RP,
C
DF A
VE,
LER
F AV
E If
the
even
t in
ques
tion
is a
n in
itiat
ing
even
t, th
e PS
A m
odel
is u
sed
to e
stim
ate
the
CC
DP
and
CLE
RP,
who
se v
alue
s are
use
d to
det
erm
ine
the
safe
ty c
lass
ifica
tion
of th
e ev
ent.
The
pre
curs
or
even
t ana
lysi
s is a
lso
part
of th
is a
pplic
atio
n.
If th
e ev
ent i
n qu
estio
n im
pact
s the
ava
ilabi
lity
of o
ne o
r mor
e SS
Cs a
nd/o
r ope
rato
r act
ions
but
is
not a
n in
itiat
ing
even
t, th
e PS
A m
odel
is u
sed
to c
alcu
late
the
CD
F an
d LE
RF
taki
ng in
to a
ccou
nt
the
unav
aila
bilit
y of
the
affe
cted
SSC
s. R
isk
Mon
itor i
s an
appr
opria
te to
ol to
eva
luat
e th
e im
pact
of
such
eve
nts.
The
PSA
mod
el m
ust b
e ca
pabl
e of
eva
luat
ing
the
appr
opria
te im
pact
s ass
esse
d fo
r the
eve
nt.
Exam
ple:
Eva
luat
ing
the
cond
ition
al p
roba
bilit
y of
cor
e da
mag
e or
larg
e ea
rly re
leas
e fr
om a
si
gnifi
cant
safe
ty e
vent
such
as a
n in
itiat
ing
even
t acc
ompa
nied
by
degr
adat
ion
or fa
ilure
of
mul
tiple
SSC
s and
/or h
uman
act
ions
.
6. E
VA
LU
AT
ION
OF
SAFE
TY
ISSU
ES
6.1
Ris
k ev
alua
tion
6.1.
1 R
isk
eval
uatio
n of
cor
rect
ive
mea
sure
s
Bas
ed o
n PS
A in
sigh
ts c
orre
ctiv
e m
easu
res r
egar
ding
sa
fety
issu
es a
re d
evel
oped
. Thi
s may
incl
ude
expl
orat
ory
inve
stig
atio
n on
diff
eren
t var
iant
s to
reso
lve
a pa
rticu
lar
issu
e.
ΔC
DF A
VE,
ΔLE
RF A
VE
Cha
nge
in ri
sk m
etric
s are
use
d to
det
erm
ine
the
risk
sign
ifica
nce
and
risk
acce
ptab
ility
of t
he
prop
osed
cha
nge
base
d on
risk
cha
ract
eriz
atio
n.
Exam
ple:
Ris
k ev
alua
tion
of m
easu
res t
aken
to re
duce
the
risk
of re
acto
r ves
sel h
ead
corr
osio
n.
158
Brie
f des
crip
tion
of P
SA a
pplic
atio
n PS
A re
sults
and
m
etric
s for
use
in
deci
sion
mak
ing9
Com
men
ts o
n ho
w P
SA m
odel
s can
be
used
to su
ppor
t app
licat
ion
and
exam
ples
6.1.
2 R
isk
eval
uatio
n to
iden
tify
and
rank
safe
ty is
sues
As a
resu
lt of
a P
SA, i
mpo
rtant
new
pla
nt sp
ecifi
c sa
fety
is
sues
and
gen
eric
issu
es m
ay b
e id
entif
ied.
Fur
ther
mor
e,
PSA
is u
sed
for e
valu
atin
g th
e re
lativ
e im
porta
nce
of
exis
ting
and
new
safe
ty is
sues
.
CD
F AV
E, LE
RF A
VE,
QH
Os,
risk
impo
rtanc
e m
easu
res o
f all
SSC
s and
HEs
, pr
imar
y co
ntrib
utor
s to
risk
, key
as
sum
ptio
ns
impa
ctin
g re
sults
Con
tribu
tors
to ri
sk a
nd ri
sk im
porta
nce
mea
sure
s are
use
d to
iden
tify
and
rank
safe
ty is
sues
. A
lso
safe
ty is
sues
iden
tifie
d ou
tsid
e th
e PS
A c
an b
e ev
alua
ted
by th
e PS
A to
det
erm
ine
thei
r ris
k si
gnifi
canc
e on
ce th
e is
sues
hav
e be
en a
sses
sed
for r
isk
char
acte
rizat
ion,
i.e.
det
erm
inat
ion
of
affe
cted
initi
atin
g ev
ents
, acc
iden
t seq
uenc
es, S
SCs a
nd o
pera
tor a
ctio
ns. S
ome
safe
ty is
sues
may
re
quire
ext
ensi
ons t
o PS
A m
odel
to e
valu
ate.
Exam
ple:
Elim
inat
ion
of a
n ite
m fr
om th
e lis
t of u
nres
olve
d sa
fety
issu
es b
ased
on
risk
insi
ghts
.
6.2
Reg
ulat
ory
deci
sion
s
6.2.
1 L
ong
term
reg
ulat
ory
deci
sion
s
PSA
insi
ghts
are
use
d to
gui
de lo
ng te
rm p
riorit
izat
ion
of
regu
lato
ry o
bjec
tives
and
requ
irem
ents
, and
of r
elat
ed
safe
ty re
sear
ch.
CD
F AV
E, LE
RF A
VE,
QH
Os,
risk
impo
rtanc
e m
easu
res o
f all
SSC
s and
HEs
, pr
imar
y co
ntrib
utor
s to
risk
, ΔC
DF A
VE,
ΔLE
RF A
VE,
CC
DP,
C
LER
P
PSA
resu
lts a
re u
sed
to d
evel
op ri
sk in
sigh
ts, a
nd st
rate
gies
to m
aint
ain
or re
duce
risk
leve
ls a
re
devi
sed.
Cha
nge
in ri
sk m
etric
s are
use
d to
eva
luat
e po
ssib
le c
hang
es to
requ
irem
ents
nee
ded
to
impl
emen
t the
risk
man
agem
ent s
trate
gy.
Exam
ple:
Dec
isio
n to
shut
dow
n th
e pl
ant o
r ter
min
ate
plan
t ope
ratio
n un
til th
e ne
cess
ary
glob
al
mod
ifica
tions
aim
ed to
redu
ce ri
sk a
ssoc
iate
d w
ith p
lant
ope
ratio
n w
ould
be
perf
orm
ed.
6.2.
2 In
teri
m r
egul
ator
y de
cisi
ons
PSA
is u
sed
to a
llevi
ate
a re
gula
tory
con
cern
, whi
le lo
nger
-te
rm so
lutio
ns c
an b
e ev
alua
ted.
Issu
es th
at ty
pica
lly
requ
ire a
n in
terim
dec
isio
n ar
e: (a
) nee
d fo
r reg
ulat
ory
actio
n in
resp
onse
to a
n ev
ent a
t a p
lant
, (b)
one
-tim
e ex
empt
ions
from
TS
or o
ther
lice
nsin
g re
quire
men
ts, a
nd
(c) t
empo
rary
mod
ifica
tions
to h
ardw
are
conf
igur
atio
n or
pr
oced
ures
.
CD
F AV
E, LE
RF A
VE,
QH
Os,
risk
impo
rtanc
e m
easu
res o
f all
SSC
s and
HEs
, pr
imar
y co
ntrib
utor
s to
risk
, ΔC
DF A
VE,
ΔLE
RF A
VE,
CC
DP,
C
LER
P
The
use
of P
SA in
rega
rd to
this
app
licat
ion
is e
ssen
tially
the
sam
e as
in It
em 6
.2.1
; dep
endi
ng o
n th
e su
bjec
t of t
he in
terim
regu
lato
ry d
ecis
ion
may
be
deal
ing
with
diff
eren
t ris
k ev
alua
tion
aspe
cts
(see
App
licat
ion
Gro
up 6
.1).
Exam
ple:
Dec
isio
n to
term
inat
e pl
ant o
pera
tion
until
the
mod
ifica
tions
aim
ed to
redu
ce ri
sk
asso
ciat
ed w
ith p
lant
ope
ratio
n w
ould
be
perf
orm
ed o
r dec
isio
n to
allo
w c
erta
in c
hang
es a
t the
pl
ant a
imed
to in
crea
se c
ost e
ffic
ienc
y of
pla
nt o
pera
tion
if in
sign
ifica
nt ri
sk in
crea
se w
ould
be
just
ified
.
159
Appendix III
MAPPING THE PSA ELEMENTS TO THE PSA TASKS ADDRESSED IN THE IAEA PSA GUIDELINES
The table below shows the relation between the PSA elements defined in this publication and PSA technical tasks from the IAEA PSA Procedure Guide ‘Procedures for Conducting PSA of NPPs (Level 1)’, Safety Series No. 50-P-4, 1992. The table helps to realize what tasks from the Procedure Guide are correspondent to the PSA elements.
ID PSA ELEMENT IN TECDOC TASKS FROM SAFETY SERIES No. 50-P-4
IE Initiating Events Analysis Task 13: Selection of initiating events
Task 17: Grouping of the initiating events
Task 24: Assessment of the frequency of initiating events
AS Accident Sequence Analysis Task 12: Definition of core damage states or other consequences
Task 14: Determination of safety functions
Task 15: Assessment of function/system relationships
Task 18: Event sequence modelling
Task 22: Impact of physical processes on development of logic models
Task 23: Classification of accident sequences into plant damage states
Task 27: Determination of accident sequence Boolean equations
SC Success Criteria and Supporting Analysis
Task 16: Assessment of plant system requirements (success criteria)
SY Systems Analysis Task 19: System modelling
Task 22: Impact of physical processes on development of logic models
HR Human Reliability Analysis Task 20: Human performance analysis
Task 26: Assessment of human error probabilities
DA Data Analysis Task 25a: Assessment of component reliability
Task 25b: Assessment of common cause failure probabilities
DF Dependent Failures Analysis Task 21: Qualitative dependence analysis
MQ Model Integration and CDF Quantification
Task 28: Initial quantification of the accident sequences
Task 29: Final quantification of the accident sequences
Task 30: Uncertainty analysis
RI Results Analysis and Interpretation Task 31: Importance and sensitivity analysis
Task 34: Preparation of documentation
161
REFERENCES
[1] INTERNATIONAL ATOMIC ENERGY AGENCY, Safety Assessment and Verification for Nuclear Power Plants, Safety Guide, IAEA Safety Standards Series No. NS-G-1.2, IAEA, Vienna (2002).
[2] INTERNATIONAL ATOMIC ENERGY AGENCY, Procedures for Conducting Probabilistic Safety Assessments of Nuclear Power Plants (Level 1), Safety Series No. 50-P-4, IAEA, Vienna (1992).
[3] INTERNATIONAL ATOMIC ENERGY AGENCY, Procedures for Conducting Probabilistic Safety Assessments of Nuclear Power Plants (Level 2): Accident Progression, Containment Analysis and Estimation of Accident Source Terms: A Safety Practice, Safety Series No. 50-P-8, IAEA, Vienna (1995).
[4] INTERNATIONAL ATOMIC ENERGY AGENCY, Procedures for Conducting Probabilistic Safety Assessments of Nuclear Power Plants (Level 3): Off-Site Consequences and Estimation of Risks to the Public: A Safety Practice, Safety Series No. 50-P-12, IAEA, Vienna (1996).
[5] INTERNATIONAL ATOMIC ENERGY AGENCY, Procedures for Conducting Common Cause Failure Analysis in Probabilistic Safety Assessment, IAEA-TECDOC-648, IAEA, Vienna (1992).
[6] INTERNATIONAL ATOMIC ENERGY AGENCY, Human Reliability Analysis in Probabilistic Safety Assessment for Nuclear Power Plants: A Safety Practice, Safety Series No. 50-P-10, IAEA, Vienna (1996).
[7] INTERNATIONAL ATOMIC ENERGY AGENCY, Applications of Probabilistic Safety Assessment (PSA) for Nuclear Power Plants, IAEA-TECDOC-1200, IAEA, Vienna (2001).
[8] THE AMERICAN SOCIETY OF MECHANICAL ENGINEERS, Standard for Probabilistic Risk Assessment for Nuclear Power Plant Applications, ASME RA-S-2002, ASME, New York (2002).
[9] INTERNATIONAL ATOMIC ENERGY AGENCY, A Framework for a Quality Assurance Programme for PSA, IAEA-TECDOC-1101, IAEA, Vienna (1999).
[10] INTERNATIONAL ATOMIC ENERGY AGENCY, IPERS Guidelines for the International Peer Review Service. Second Edition. Procedures for Conducting Independent Peer Reviews of Probabilistic Safety Assessments, IAEA-TECDOC-832, IAEA, Vienna (1995).
[11] INTERNATIONAL ATOMIC ENERGY AGENCY, Defining Initiating Events for Purpose of Probabilistic Safety Assessment, IAEA-TECDOC-719, IAEA, Vienna (1993).
[12] THE AMERICAN NUCLEAR SOCIETY, External Events in PRA Methodology, American Nuclear Society Standard ANSI/ANS-58.21-2003, ANS (2003).
[13] US NUCLEAR REGULATORY COMMISSION, Guidelines on Modelling CCFs in PSA, NUREG/CR-5485 prepared by A. Mosleh, D. M. Rasmuson and F. M. Marshall for USNRC, USNRC, Washington, DC (1998).
[14] US NUCLEAR REGULATORY COMMISSION, Handbook of Human Reliability Analysis with Emphasis on Nuclear Power Plant Applications, NUREG/CR-1278, USNRC, Washington, DC (1983).
[15] US NUCLEAR REGULATORY COMMISSION, Technical Basis and Implementation Guidelines for a Technique for Human Event Analysis (ATHEANA), Revision 1, NUREG-1624, USNRC, Washington, DC (1999).
[16] INTERNATIONAL ATOMIC ENERGY AGENCY, Case Study on the Use of PSA Methods: Station Blackout Risk at Millstone Unit 3, IAEA-TECDOC-593, IAEA, Vienna (1991).
163
[17] US NUCLEAR REGULATORY COMMISSION, Severe Accident Risks: an Assessment for Five U.S. Nuclear Power Plants, NUREG-1150, USNRC, Washington, DC (Vol. 1 and Vol. 2: December 1990), (Vol. 3: January 1991).
[18] US NUCLEAR REGULATORY COMMISSION, Interim Reliability Evaluation Program Procedures Guide, NUREG/CR-2728, USNRC, Washington, DC (1983).
[19] INTERNATIONAL ATOMIC ENERGY AGENCY, Review of Probabilistic Safety Assessments by Regulatory Bodies, Safety Report Series No. 25, IAEA, Vienna (2002).
[20] INTERNATIONAL ATOMIC ENERGY AGENCY, Regulatory Review of Probabilistic Safety Assessment (PSA) – Level 1, IAEA-TECDOC-1135, IAEA, Vienna (2000).
164
ABBREVIATIONS
AC alternating current
AMP accident management procedure
AOT allowed outage time
AS accident sequence
ASME American Society of Mechanical Engineers
ATHEANA a technique for human event analysis
ATWS anticipated transient without scram
BDBA beyond design basis accident
BDD binary decision diagram
BWR boiling water reactor
CANDU CANada Deuterium Uranium
CCCG common cause component group
CCDP conditional core damage probability
CCF common cause failure
CCI common cause initiator
CDF core damage frequency
CLERP conditional large early release probability
DBA design basis accident
DC direct current
DG diesel generator
ECCS emergency core cooling system
EDG emergency diesel generator
EOP emergency operating procedure
EPZ emergency planning zone
ESF engineered safety feature
ET event tree
FMEA failure mode effect analysis
FT fault tree
165
F-V Fussell-Vesely (importance measure)
GA general attribute
HE human error
HEP human error probability
HFE human failure event
HPCI high pressure coolant injection
HPECC high pressure emergency core cooling
HRA human reliability analysis
I&C instrumentation and control
ICCDP incremental conditional core damage probability
ICLERP incremental conditional large early release probability
IE initiating event
IPSART international probabilistic safety assessment review team
ISI in-service inspection
ISLOCA interfacing system LOCA
IST in-service testing
LERF large early release frequency
LOCA loss of coolant accident
LOOP loss of offsite power
LWR light water reactor
MCP main coolant pump
MMI man-machine interface
MSIV main steam isolation valve
NDE non-destructive examination
NPP nuclear power plant
P&IDs piping and instrumentation diagram
PFM probabilistic fractural mechanics
PORV pressurizer power operated relief valve
PRA probabilistic risk assessment
166
PSA probabilistic safety assessment
PSF performance shaping factor
PWR pressurized water reactor
QA quality assurance
QHO quantitative health objective
RAW risk achievement worth
RHR residual heat removal
RI-ISI risk-informed in-service inspection
RPS reactor protection system
RPV reactor pressure vessel
SA special attribute
SAMG severe accident management guideline
SAR safety analysis report
SG steam generator
SGSV steam generator safety valve
SLOCA small LOCA
SSC systems, structures, and components
STI surveillance test interval
TECDOC technical document
THERP technique for human error rate prediction
TS technical specification
167
CONTRIBUTORS TO DRAFTING AND REVIEW
Alsop, C.J. British Energy/ NNC International Consulting (BENIC), United Kingdom
Alzbutas, R. Lithuanian Energy Institute, Lithuania
Angaloor, V.K. Safety Directorate NPCIL, India
Bagdonas, A. Ignalina NPP, Lithuania
Bennemo, L.J.G. Swedish Nuclear Power Inspectorate, Sweden
Berg, H.P. Bundesamt für Strahlenschutz, Germany
Bertucio, R. SCIENTECH, United States of America
Bradley, R.E. Nuclear Energy Institute, United States of America
Chakraborty, S. Swiss Federal Nuclear Safety Inspectorate, Switzerland
Comanescu, L. Atomic Energy of Canada Limited, Canada
De Gelder, P. AVN, Belgium
Dinnie, K.S. Nuclear Safety Solutions Ltd, Canada
Drouin, M. U. S. Nuclear Regulatory Commission, United States of America
El-Shanawany, M. International Atomic Energy Agency
Elter, J. Paks NPP, Hungary
Eriksson, P. S. RINGHALS, Sweden
Evans, M. G. K. Jacobsen Engineering Ltd, United Kingdom
Fleming, K. Karl N. Fleming Consulting Services, United States of America
Gabco, P. Bohunice NPP, Slovakia
Ghelbereu, S. Cernavoda NPP, Romania
Gheorghe, R. Canadian Nuclear Safety Commission (CNSC), Canada
Godinez, V. Comisión Nacional De Seguridad Nuclear Y Salvaguardias, Mexico
Gomez-Cobo, A. Nuclear Installations Inspectorate Health and Safety Executive, United Kingdom
169
Grantom, C.R. South Texas Project Nuclear Operating Company, United States of America
Grint, G. Nuclear Installations Inspectorate, United Kingdom
Gubler, R. Ingburo Dr. Reinhard Gubler, Switzerland
Habib, A. Pakistan Nuclear Regulatory Authority, Pakistan
Hahn, L. GRS, Germany
Hamar, K. Hungarian Nuclear Safety Directorate, Hungary
Hellstrom, P. RELCON AB, Sweden
Hellstrom, P. E. RELCON AB, Sweden
Hendrickx,I. Tractebel Engineering, Belgium
Hörtner, H. GRS, Germany
Husarcek, J. Slovak Nuclear Regulatory Authority, Slovakia
Hustak, S. Nuclear Research Institute Rez, Czech Republic
Ilieva, M. Risk Engineering Ltd, Bulgaria
Ishaq, S. Karachi Nuclear Power Complex, Pakistan
Islamov, R. International Nuclear Safety Center, Ministry for Atomic Energy of the Russian Federation, Russian Federation
Jakes, M. Nuclear Safety State Office for Nuclear Safety, Czech Republic
Jang, S.C. Korean Atomic Energy Research Institute, Republic of Korea
Jonsson, O.B.V. OKG, Sweden
Kajimoto, M. Japan Nuclear Energy Safety Organization (JNES), Japan
Kaufer, B. OECD/NEA
Kichev, E. CENS
Kirchsteiger, C. European Commission, JRC, Netherlands
Klevtsov, S. ETD, Ukraine
Klügel, J.U. Goesgen NPP, Switzerland
Kobilicova, M. CENS
170
Koeberlein, K. GRS, Germany
Kolesov, S. National Nuclear Energy Generating Co. ‘EnergoAtom’, Ministry of Fuel and Energy, Ukraine
Kompella, J.D. Safety Directorate NPCIL, India
Kouzmina, I. International Atomic Energy Agency
Krasnukha, S. South-Ukrainian NPP, Ukraine
Kubanyi, J. European Commission Joint Research Centre
Kulig, M.J. ENCONET, Austria
Lanore, J.M. IRSN, France
Lehner, J. Brookhaven National Laboratory, United States of America
Lopez, R.M. National Commission of Nuclear Safety and Safeguards, Mexico
Lyubarskiy, A. SEC NRS Gosatomnadzor RF, Russian Federation
Macsuga, G. Nuclear Safety Directorate Hungarian Atomic Energy Authority, Hungary
Marinova, B. Risk Engineering Ltd, Bulgaria
May, R. European Commission, JRC, Netherlands
Mlady, O. Temelin NPP, Czech Republic
Moir, G. R. British Energy, United Kingdom
Morozov, V. Atomenergoproject, Russian Federation
Niehaus, F. International Atomic Energy Agency
Novakova, H. Relko Ltd, Slovakia
Papazov, V. Kozloduy NPP, Bulgaria
Parry, G. US NRC, United States of America
Patrik, M. Nuclear Research Institute Rez, Czech Republic
Petri, M.C. Argonne National Laboratory, United States of America
Prochaska, J. VUJE Trnava Inc. Engineering, Slovakia
Ranguelova, V. International Atomic Energy Agency
171
Reinhart, F.M. US NRC, United States of America
Rybar, J. Nuclear Regulatory Authority, Slovakia
Schoen, G. HSK, Switzerland
Schultz, R. HSK, Switzerland
Serbanesku, D. Pebble Bed Module Reactor (PBMR) Ltd, South Africa
Shapiro, H. S. Atomic Energy of Canada Limited, Canada
Sheronov, Y. Rovno NPP, Ukraine
Shiversky, E. RDIPE, Russian Federation
Sholly, S. Institute of Risk Research University of Vienna, Austria
Sloane, B. Westinghouse Electric Co. LLC, United States of America
Suransky, L. Mochovce NPP, Slovakia
Svirmickas, S. State Nuclear Power Safety Inspectorate (VATESI), Lithuania
Tokmachev, G. Atomenergoproject, Russian Federation
Tong, J. Institute Of Nuclear Energy Technology, Tsinghua University, People’s Republic of China
Tudor, C. Cernavoda NPP, Romania
Utenkov, S. ROSENERGOATOM, Russian Federation
Van Graan, H. Pebble Bed Module Reactor (PBMR) Ltd, South Africa
Varde, P.V. Bhabha Atomic Research Centre, India
Vazquez, T. CSN, Spain
Versteeg, M.F. Ministry of Housing, Spatial Planning and the Environment, Netherlands
Vojnovic, D. Slovenian Nuclear Safety Administration, Ministry of the Environment, Slovenia
Yang, J.E. Korean Atomic Energy Research Institute, Republic of Korea
Yllera, J. International Atomic Energy Agency
172
