Quantitative and qualitative analysis of safety parameters in nuclear power plants

Quantitative and qualitative analysis of safetyparameters in nuclear power plantsMuhammad Zubair1,2,*,†, Rizwan Ahmed1 and Gyunyoung Heo1

1Department of Nuclear Engineering, Kyung Hee University, Yongin-si, Gyeonggi-do 446-701, Korea2Department of Basic Sciences, University of Engineering and Technology, Taxila, Pakistan

SUMMARY

After the Fukushima accident, it is necessary to develop some technique that can monitor the progression of severeaccidents in nuclear power plants (NPPs). It is therefore very important for an operator to monitor safety related parametersfor the diagnosis of severe accidents and to manage it properly. So to monitor and to check the availability of plantinstrumentation during severe accidents, this paper presents quantitative and qualitative analyses of safety parameters byusing online risk monitor system (ORMS). An ORMS considers the increasing potential for failure for a workingcomponent due to aging, which appears in the form of component's performance degradation. ORMS therefore requiresa continuous feedback regarding performance and failure probabilities of components, which directly or indirectlycontributes to the failure of a system. ORMS has been designed to automatically update the online risk models andreliability parameters of equipment. A case study of emergency diesel generator (EDG) of Daya Bay NPP has beenperformed, and operational failure rate and demand failure probability of EDG have been calculated with the help ofORMS. The results of ORMS are well matched with data obtained from Daya Bay NPP. ORMS can support indecision-making process for operators and managers at NPPs. Copyright © 2013 John Wiley & Sons, Ltd.

KEY WORDS

living PSA; risk monitoring; reliability parameters; unavailability of system; quantitative and qualitative measures

Correspondence

*Muhammad Zubair, Department of Nuclear Engineering, Kyung Hee University, Yongin-si, Gyeonggi-do 446–701, Korea.†E-mail: [email protected]

Received 24 February 2013; Revised 10 April 2013; Accepted 8 June 2013

1. INTRODUCTION

Over the past years, many nuclear power plant (NPP)organizations and other energy systems such as solar andwind energy [1] have performed probabilistic safetyassessments (PSAs) to enhance the safety level of theirsystems. In nuclear industry, these PSA studies havebecome an effective tool to assist plant management toobtain more benefits for plant safety. However, for anyPSA-based tool to be used to support decision makingmust have a defensible basis; therefore, it is very importantthat regulatory body accept living PSA (LPSA). LPSAprovides basis for risk informed approach to decisionmaking. Risk informed approach is being actively exploredfor the development of power plant design, operation,maintenance and safety. It has also been recognized toprovide a solid basis for the relaxation in alreadydeveloped safety criterion based on conservative approach.

A risk monitor is a plant specific real-time analysis toolused to determine the instantaneous risk based on theactual status of the systems and components. At any given

time, the safety monitor reflects the current plantconfiguration in terms of the known status of the varioussystems and/or components, for example, whether thereare any components out of service for maintenance or tests.The safety monitor model is based on the LPSA [2]. Thefirst risk monitors were put into operation in 1988. Thenumber of risk monitors worldwide has increased to over150. The risk monitors are used for quantitative analysissuch as core damage frequency (CDF), large early releasefrequency (LERF) and qualitative analysis such as safetyfunction, safety system. There are different types of riskmeasures such as the following:

• Baseline risk that is the numerical value of the risk (CDF,LERF, etc.) calculated by the PSA with all componentsavailable to carry out their safety function.

• The average risk that is normally calculated by theLPSA for full power operation. Average risk is cal-culated when average maintenance unavailability isintroduced, and it is always greater than thebaseline risk.

INTERNATIONAL JOURNAL OF ENERGY RESEARCHInt. J. Energy Res. 2014; 38:755–764

Published online 17 July 2013 in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/er.3080

Copyright © 2013 John Wiley & Sons, Ltd. 755

• The point-in-time risk is the level of risk that is relatedto a specific plant. The point-in-time risk will changeas the plant configuration and environmental factorschange as shown in Figure 1. [3].

The Fukushima accident has opened new horizons ofknowledge for human to think and analyze such aspects ofincidents that usually not occur in normal life. A criticalexamination of the accident reveals that the accumulation ofvarious technical and non-technical lapses only compoundedthe nuclear disaster. Natural disasters, such as earthquakes,Tsunamis, Tornadoes and so on, and external events usuallyinfluence the primary and secondary failure domain of acomponent by causing damage to one or more componentsdirectly and others indirectly. In some cases, more than onecomponent fails because of the same failure cause such aselectricity failure or sudden vibration. Such events are knownas common cause failures, which is also an important aspect ofon a system's safety. Except the passive safety systems, theinstrumentation and control (I&C) at NPP is power operated,and if a station black-out (SBO) follows an initiating event,all power-operated systems would fail. Therefore, at NPPs incase of SBO, the power to I&C is expected to be suppliedby the emergency diesel generators (EDGs). In Fukushimaaccident, EDGs were also failed, and I&C system wasremained devoid of power, and therefore, the accident becameunstoppable [4]. Also to handle such beyond design basisaccidents, research is going on passive safety systems andself-powered I&C, so that the accident propagation can bemonitored and controlled.

The ORMS presented in this article capable to calculatechanges in configuration and reliability of components inNPP. ORMS is based on full power, internal event level1 PSA and update risk models regularly and automatically.

2. STRUCTURE OF ORMS

In the past, many computer codes were developed assupporting tools for reliability and safety analysis butindividually they cover only part of the complete processand require skilled users [5,6].

The basic structure of ORMS consists of five modulesknown as

• reliability data update module (RDUM),• running time update,• redundant system unavailability update,• engineered safety function unavailability update, and• general system update.

The concept of storing and maintaining a plant-specificPSA study as a living document is central to the ORMSdevelopment. ORMS is developed to achieve followings goals:

• to organized components and system data in such amanner that the interface between the technical dataand the PSA is recognizable,

• a PSA tool to support plant specific PSA;• a tool for judging the risk relevance of increasingfailure rates and of observed operational incidents(LPSA), and

• a training tool for plant personnel to highlight theimportance of plant components under incident andaccident conditions.

These five modules are shown in Figure 2. The first twomodules RDUM and running time update receiveinformation from digital instrumentation and controlsystem, analyzed data quantitatively and supply feed backto reliability database. The remaining three modulesreceive information from monitoring unit and systemdesign change unit and analyzed data qualitatively. Thequalitative and quantitative output of these three modulesin combination with reliability database module isprovided to LPSA model, respectively. After obtaininginformation, the online risk model makes a quickcalculation of the following factors:

• CDF,• importance factor,• allowed configuration time, and• qualitative risk information.

In view of calculation, the online risk model makes itpossible to shut down plant if risk exceed over a limit andcontinue updating process if risk levels liaise within limits.

To prevent failures Reliability-Centered Maintenance(RCM) gathered and compares all updated data for analysis.RCM is condition based, with maintenance intervals basedon actual equipment criticality and performance data [7–9].The purpose of comparison in RCM is to identify neededchanges in the existing program, and thereby, optimize thefacility's preventive maintenance program.

The linkage between the PSA and the plant specific qual-itative informationwill help the non-PSA plant experts to sup-port safety related decisions. ORMS integrates the PSA logicmodels with a larger database system, which illuminates thefunctional dependence between components, systems and in-cident mitigation. Our scheme to provide a run-time feedbackFigure 1. Average, baseline and point in time risk.

Calculation and updating of safety parameters in nuclear power plantsM. Zubair, R. Ahmed and G. Heo

756Int. J. Energy Res. 2014; 38:755–764 © 2013 John Wiley & Sons, Ltd.DOI: 10.1002/er

to LPSA model is shown in Figure 3. Qualitative analysessuch as failure mode and effect analysis (FMEA), hazardand operability study (HAZOP) and others should be usedto develop fault tree/event tree (FT/ET) through master logicdiagram (MLD). This scheme would be helpful to identifycritical components at an early design stage, and resourcescould be properly allocated for the health monitoring of thosecritical components. At a particular instant of systemoperation the systematic integration of health monitoring sig-nals using suitable failure prognosis approach would lead toan estimation of current failure probability, which is to beregarded as a feedback for LPSA model.

3. SPECIFICATION OF MODULES INORMS

3.1. RDUM and running time update

The RDUM work in such a way that it uses Bayes' theoremand combination of different distributions for the calculationand updating of parameters, Figure 4 describe this conceptclearly. Two types of distributions have been used.

(1) Beta distribution with binomial distribution aslikelihood function for the calculation of demand failureprobability. Equations (1) and (2) explain the key resultsof these distributions, and the calculation process or stepscan be seen from literature [10].

αpost ¼ k þ αprior (1)

βpost ¼ n-kþ βprior (2)

(2) Gamma distribution with Poisson likelihoodfunction to update running time, Equations (3) and (4)explain final results.

α post ¼ xþ αprior (3)

βpost ¼ tþ βprior (4)

3.2. Redundant, engineered safety functionand general system unavailability update

The function of these three modules is to make qualitativeanalysis of data and provide this information to LPSA

FMEA

FT/ET

HAZOP

Critical Components

Feed

back

MLD

Others.

Living PSA ModelEnginering

System

Failure Prognosis

HealthMonitoring

Figure 3. Flow of feedback from qualitative approaches to living probabilistic safety assessment.

Reliability DataBase

Living PSA Model

Online-Risk modelcalculation

Over-Risk limit

Shut Down

Redundant Sys.unavailability

update

ESF Unav. update

General sys update

RDUM

D-I&C

Running TimeUpdate

Record-Unit

Record-Unit

OSSRCMYes

No

Monitoring unit

Monitoring unit

Sys. Designchange

Figure 2. Structure of online risk monitor systems.

Calculation and updating of safety parameters in nuclear power plants M. Zubair, R. Ahmed and G. Heo

757 Int. J. Energy Res. 2014; 38:755–764 © 2013 John Wiley & Sons, Ltd.DOI: 10.1002/er

model. The redundant and engineered safety functionmodules receive information from monitoring unit,whereas general system module updated as changes occurin system design. The logical configuration of monitoringsystem is shown in Figure 5, and the main steps of thisprocess summarized in the following discussion:

(i) signal generation process, which includes humanoperator's judgment and proper action (push button),normal operation of command generation equipment;

(ii) success of command transmission through electri-cal wire or pressure sensing line;

(iii) normal response of the actuating device to agiven command. The FT analysis is made tofind the unreliability (failure probability) in thecontrol command generation process.

The system unavailability increase risk level. IfR1 is the in-creased risk level in CDF with the component assumed downor the component unavailability equal to 1. [10,11]. R0 is thereduced CDF with the component assumed up, that is, thecomponent unavailability equal to zero (means component

available). In terms of R1 and R0, the increase ΔR in risk levelassociated with the allowed outage time (AOT), then

ΔR ¼ R1-R0

Using the earlier expression, the single-event AOT risk andthe yearly AOT risk can be expressed as

r ¼ single-event AOT risk

¼ R1-R0ð Þ*d

And

Ry ¼ yearly AOT risk contribution

¼ f :r

¼ f : R1-R0ð Þ*d

R1 can be calculated by setting the component down event to atrue state in the PSA. Similarly, R0 can be calculated by settingthe component down event to a false state in the PSA.

4. QUALITATIVE ANALYSIS

Efforts in all types of PSA are centered at discovering thecauses of system failures contributed by individualsubsystems and individual components and by operator'smistakes. Generally, the failure modes of a componentare classified as primary, secondary and command failures[12]. A primary failure is the failure of the component itselfand belongs to its design envelop. The secondary failure ofa component are the induced failures due to the failure ofother component nearby, and command failures arecharacterized by the improper control signals, noise orhuman error. This classification accounts for the failuresof components interacting within a system, and failureprobabilities can be assigned accordingly. However, for a

RDUM

Bayes’ Theorem

Calculation ofparameters

Use of combinedistribution

Updating of parameters

Figure 4. Function of RDUM.

Determine theCondition of

Severe accident

Plant InternalInformation

Availability ofInstruments

MonitoringSystem

Fault ProtectionDevice (Valve or

Pump)

SignalGeneration

Transmitter

Decision

Figure 5. Logical configuration of monitoring system.



system, we have to discover secondary failures in detail forwhich FT/ET analyses are adopted. In some cases, morethan one component fails because of the same failure causesuch as electricity failure or sudden vibration. Such eventsare known as common cause failures, which is also an im-portant aspect on a system's safety. Another factor thatcontributes to the failure of systems is the unavailabilityof a component where a component expected to work doesnot work (demand failure) and sometimes working compo-nent suddenly fails (time-related failure). Binomial andPoisson failure probability models are utilized to character-ize demand failures and time-related failures, respectively.

It has also been well known that the characteristics offailure modes do not remain constant throughout the lifeof the component, and it is also dependent on how the sys-tem is installed and operated [12–14]. To avoid systemfailures, it is necessary to identify the modes of potentialfailures and to keep the track of performance degradationin the due course of equipment operational life.

In a safety analysis, the prime objective of a qualitativeapproach is to identify the potential sources of systemfailure. These sources belong to the components, processmaterials, operating procedures, working personnel,process instrumentation and so on. Apart from generalengineering evaluation, several techniques have beendeveloped for the identification of potential sources offailures and provide useful information for FT and ETanalyses. Some of the famous techniques includechecklists, preliminary hazard analysis (PHA), FMEA,HAZOP, MLD and so on. Some of these procedures havebeen implemented using computers in a much easier,convenient and interactive way, and in some programs,there is a provision to perform two or more types ofanalyses jointly [15–19].

Preference of selecting one or two methods amongthese is solely dependent upon the analyst, because thereis no strict rule. However, some of these methods havebecome common practice in some industries, and standardprocedures have been developed to extract specificinformation for their particular objectives. For example,checklists are more famous for systems where hazardousmaterials are used in huge quantities, and theiruncontrolled leakage, reaction, combustion and so onwould give potential to property damage and health effects.PHA is one step ahead of checklists and used to quantifythe event sequences that transform an initiator into anaccident, corrective measures and consequences of theaccident. In nuclear industry, the product of PHA wouldprovide the classification of frequencies and severities ofinitiating events and consequences, which is useful forHAZOP. A similar example in chemical industry is Doxindex rating system, which provides penalties for hazardsand credits for safety equipment and procedures [15].HAZOP is well accepted as an effective procedure foridentifying hazards in a chemical industry. This approachconsiders all of the possible ways that process, andoperational failures may occur. It starts with the collectionof detailed information on the process such as process flow

diagrams, process and instrumentation diagrams, detailedequipment specifications, materials of construction, massand energy balances and so on. Furthermore, the detailedflow sheet is broken into number of smaller process units,and each process unit is then studied individually byselecting several nodes such as lines, vessels, operatinginstruction and so on. with respect to a process parametersuch as flow rate, temperature, pressure, concentrationand so on. At each node the deviations in processparameter are analyzed and side-by-side performance ofprotection systems are studied. The analysis concludeswith the evaluation of consequences against each deviationnot controlled by the protective systems. Even though, themethodology is quite mature, there is no unique way ofapplying HAZOP procedure, and therefore, most of thecompanies customize their approach to address theircritical issues.

Failure mode and effect analysis deals with every failuremode associated with a component and analyze their effectson the surrounding components and on the whole system.This is an inductive approach that systematically coversall possible failure modes and identifies their resultingeffects on the system. FMEA has become very famousregarding single-random-failure analysis for the standardi-zation of process and safety equipment such as The Instituteof Electrical and Electronics Engineers (IEEE) and USNuclear Regulatory Commission. An extended version ofFMEA is failure mode, effect and criticality analysis(FMECA) in which the effect of a particular failure is con-sidered with respect to the process and all possible modes offailures for each and every equipment in the process areprovided in a tabulated form. The ranking of a failure modein FMECA table is a representation of combined influenceof severity and probability of occurrence [20]. An MLD isa systematic way of constructing FTs and avoids most ofthe errors in decomposing an event into simpler events tillthe potential basic events are identified. Other methods thatare available for identifying hazards include what-if andhuman error analyses. What-if analysis helps to foreseepotential problems and decides the solving strategy.Human error analysis is important for procedures wherehuman intervention to the system is inevitable. Al-though most of these methods work in failure domain,that is, analysis of system failure characteristics, successdomain analysis sometimes provides useful insight fordesign characteristics [21]. Several interesting resultshave been found by combining success domain andfailure domain techniques for better design and safetyapplications. System failure modes that are character-ized by their installation and operational characteristicsare sometimes revealed more prominently in the successdomain analysis [22,23].

The failure characteristics of a component vary with thetime in a complex manner, especially in the last part of itsworking life where the sudden failures are quiteunpredictable. This is due to the limited understanding ofthe physics of degradation to date. However, the failurecharacteristics of a working component are adequately



modeled by Weibull distribution, which accounts for allthree phases of failure namely early failure, random failureand wear-out failures. Early failures are marked bydecreasing failure rate and represent the failures due tomajor design faults and operational mistakes. Randomfailures are generally belong to the secondary failure andcommand failure domain and attributed to excessivestresses posed by environment, neighboring componentsand plant personnel. Under normal conditions, the randomfailures are assumed to occur at constant until thecomponent suffers from continuous and rapid performancedegradation due to aging in the last part of its working life.At any time of a component's life, the prediction of itsfuture failure generally depends on the operation life,environmental conditions, power and so on, and theirvariations. Several metrics have been defined to estimatethe time of failure of a component. When the degradationof a component exceeds a particular threshold for normaloperation, the component suffers from degradation at rapidand marches toward ultimate failure. Tracking ofperformance degradation by a metric health indicator intime is the key of prognostic study. With componentdegradation, the performance of component itself andperformance of overall system both deteriorate.Performance degradation is a key parameter to realizecorresponding effect on failure probability. A fall inperformance of a component means a rise in failureprobability. At this stage, an estimate of Remaining UsefulLife (RUL), so that the component can be used withoutfailure, is necessary to avoid surprise failures. For passivecomponents such as piping, structures and so on, the prog-nostics problem essentially means to predict fatigue orwear-out failures, for which conventional non-destructiveexamination and probabilistic fracture mechanics areapplied. And for active components, the damage prognosisis essentially the stressor-based prognostics, which requiremeasurements of several parameters, monitoring of mate-rial properties and stressor monitoring. The tracking of

degradation is then accomplished by utilizing modelsrelate stressors, degradation precursors and degradationgrowth rate. Computational techniques have been devel-oped to utilize three types of models for prognostic studies.

failure data-based prognosisstress-based prognosiseffect-based prognosis

Failure data-based prognosis is also known as type-Iprognosis for which Weibull analysis is an example. This isbased on the historical failure probabilities. The stress-basedprognosis values the environmental conditions and is knownas type-II prognosis. A famous example of type-II prognosisis proportional hazards model. The effect-based prognosis isessentially based on degradation models, where degradationis traced through Markov chain based models, general pathmodel or by shock models. The selection of any of thesemodels is dependent upon the availability of informationrequired to execute a particular procedure.

To address the safety problem of nuclear powerreactor run-time systems reliability evaluation byORMS requires a parameter to represent performancedegradation of overall system. At a particular instantof system operation, the systematic integration of healthmonitoring information and failure prognosis wouldgive that metric for run-time failure probability toupdate the LPSA model. The qualitative risk measuresare related to safety function, safety system andtransient state. The qualitative risk information of

Table I. Meaning of colors in online risk monitor system.

Unacceptable riskHigh riskModerate riskLow risk

Table II. Ten years data of emergency diesel generator.

Time (years) Operation time (h)

Failure time Failure rate (λ)

Start timeOperational

failureDemandfailure

Operationalfailure rate(per hour)

Demand failureprobability(per day)

1997 187.5 0 1 0.00E+00 5.33E-03 761998 99 1 1 1.01E-02 1.01E-02 551999 48.22 0 3 0.00E+00 6.22E-02 522000 44.65 1 2 1.39E-03 4.47E-02 482001 62.95 2 0 3.17E-02 0.00E+00 592002 57 0 2 0.00E+00 3.50E-02 572003 66.3 1 2 1.50E-02 3.01E-02 622004 50.2 1 0 3.98E-02 0.00E+00 532005 63 1 1 1.58E-02 1.58E-02 602006 59.7 0 0 0.00E+00 0.00E+00 51



ORMS is presented in the form of color-coded bands,which gives a clear visual indication of level of riskas shown in Table I.

5. CASE STUDY OF EDG

The data for EDG considered here has been collected fromJanuary 1997 to December 2006 as shown in Table II.

The equipment failure data is sample from experiencefeedback system. Each nuclear power generating units ofdiesel generator system consists of two identical entitiesseparate and independent series A (LHP) and series B(LHQ) component, each diesel generator sets and relatedauxiliary equipment installed in separated factories. In caseof electricity loss, EDG supplies 6.6 keV power to both Aand B series. Each diesel generator set includes thefollowing equipment:

(i) Two diesel engines and its immediate installation ofequipment.

(ii) A generator and the excitation and protectionequipment.

5.1. EDG failure rate calculations withORMS

The ORMS enables a user to calculate and update datawithin a few minutes. The login screen and main page isshown in Figure 6.

When logged on as an operator, the user is allowedto view the current risk, assess the safety of somehypothetical configurations, view plant's current config-uration data, failure data and so on. However, the oper-ator has no permission to make changes in current plantconfiguration, failure data and so on. Administrators

Figure 6. Login screen and main page of online risk monitor systems.

Table III. Failure rates obtained from online risk monitor system.

Time(years)

Failure time

Operational failure rate (per hour) Demand failure probability (per day)

1997 1.19E-02 4.02E-031998 1.03E-02 1.02E-021999 0.00E+00 5.70E-022000 1.00E-03 4.35E-022001 2.25E-02 0.00E+002002 0.00E+00 2.90E-022003 1.03E-02 3.00E-022004 3.21E-02 0.00E+002005 1.80E-02 1.43E-022006 0.00E+00 0.00E+00



have no limitations in using the risk monitor. They arethe only group that can change the account type orpassword and compare current risk level with existingdata. The operational failure rate and demand failureprobability has been calculated with ORMS as shownin Table III.

After providing user name and password, the mainpage of ORMS open. Now at this stage, if user wantsto calculate operational failure rate than after assign

the values of number of failures and number ofdemands, RDUM-1 will provide required results, andif it is needed to update running time than RDUM-2execute updating process; these steps are shown inFigure 7.

A comparison of failure rates of EDG specific dataobtained from Daya Bay NPP and data calculated withORMS has been carried out as shown in Figures 8and 9. The results showed that the operational failure

Figure 7. Working steps of online risk monitor systems.

0.00E+00

5.00E-03

1.00E-02

1.50E-02

2.00E-02

2.50E-02

3.00E-02

3.50E-02

4.00E-02

4.50E-02

1997

Op

erat

ion

al f

ailu

re

rate

(P

er H

ou

r)

1998

1999

2000

2001

2002

2003

2004

2005

2006

Data from ORMS

Times (years)

Figure 8. Comparison of operational failure rate.



rate and demand failure probability decreases when datacalculated with ORMS.

Online risk monitor system also enables a user tocompare generic data with specific data of NPP. Ifgeneric data is coming from two or more sources, thenuser can also analyze these values by making graphicalpattern and choose best for updating components orequipment (Figure 10).

6. CONCLUSION

To achieve safety standards, the utilization of LPSA indecision-making process seems obvious. In thisresearch, a methodology for LPSA and ORMS has beendeveloped; with the help of ORMS, the operator canupdate PSA model to LPSA model and make

qualitative and quantitative analysis as well. By usingORMS operational failure rate and demand failureprobability of EDG in Daya Bay NPP has beencalculated. The results showed that the failure ratesobtained from ORMS are low as compare with specificdata at Daya Bay NPP. In the future, the use of ORMSwill make it easy to update PSA data, which providesbetter understanding with LPSA.

ACKNOWLEDGEMENTS

The author is pleased to thank the National ResearchFoundation (NRF) of Korea to provide support for thisresearch work. The first author is also grateful to theUniversity of Engineering and Technology (UET), Taxilaand Kyung Hee University, Korea for providing peacefulresearch environment.

0.00E+00

1.00E-02

2.00E-02

3.00E-02

4.00E-02

5.00E-02

6.00E-02

7.00E-02

1997 1998 1999 2000 2001 2002 2003 2004 2005 2006

Dem

and

fai

lure

p

rob

abili

ty (

Per

Day

)

Time (years)

Figure 9. Comparison of demand failure probability.

Figure 10. Comparison of data from different sources.



REFERENCES

1. Tina G, Gagliano S. Probabilistic analysis of weather datafor a hybrid solar/wind energy system. InternationalJournal of Energy Research 2011; 35(03):221–232.

2. IAEA. Living probabilistic safety assessment(LPSA). International Atomic Energy Agency.TECDOC-1106, 1999.

3. NEA/CSNI/R. Living PSA development and applicationin member countries. Nuclear Energy Agency Committeeon the Safety of Nuclear Installation, NEA/CSNI/R 1996;2(95):1–31.

4. Lamarre G, Lazo T, Jackson D, Nakoski J, Okyar HB.The NEA integrated response to the FukushimaDaiichi nuclear accident. NEA News 2012; 30(1):1–32.

5. Reddy BV, Chui KF, Gnanapragasam NV, Prasad RC.Energy and exergy analyses of a CFB-based indirectlyfired combined cycle power generation system. Interna-tional Journal of Energy Research 2009; 33(15):1309–1320.

6. Kris RV, William DD. Reliability of power stations:stochastic versus derated power approach. InternationalJournal of Energy Research 2004; 28(02):117–129.

7. IAEA. Application of reliability centred maintenanceto optimize operation and maintenance in nuclearpower plants. International Atomic Energy Agency.TECDOC-1590, 2007.

8. Zhang Q, Keiichi NI, Benjamin CM, Tetsuo T. An anal-ysis methodology for integrating renewable and nuclearenergy into future smart electricity systems. InternationalJournal of Energy Research 2012; 36(15):1416–1431.

9. Sahin S, Sahin HM, Al- Kusayer TA, Sefidvash F. Aninnovative nuclear reactor for electricity and desalina-tion. International Journal of Energy Research 2011;35(02):96–102.

10. Zubair M, Zhijian Z. Reliability data update methodfor emergency diesel generator of Daya Baynuclearpower plant. Annals of Nuclear Energy 2011;38:2575–2580.

11. NURGE/CR-6141. Hand book of methods for risk-basedanalysis of technical specifications, 1994.

12. Kumamoto H, Henley EJ. Probabilistic Risk Assessmentand Management for Engineers and Scientists (2nd).IEEE press: USA, 1996.

13. Hines WJ, Usynin A. Current computational trends inequipment prognostics. International Journal ofComputational Intelligence Systems 2008; 1:94–102.

14. Bond LJ, Ramuhalli P, Tawfik MS, Lybeck NJ.Prognostics and life beyond 60 year for nuclearpower plants. IEEE International Conference onPrognostics and Health Management 2011.

15. Crowl DA, Louvar JF. Chemical Process Safety:Fundamentals with Applications (2nd). PrenticeHall Inc. Upper Saddle River: USA, 2002.

16. Venkatasubramanian V, Vaidhyanathan R. Aknowledge based framework for automatingHAZOP analysis. AICHE Journal 1994; 40(3):496–505.

17. Russomanno DJ, Bonnel RD, Bowles JB.Functional reasoning in a failure modes and effectanalysis (FMEA) expert system. Annual Reliabilityand Maintainability Symposium 1993; 339–347.

18. Relex Reliability Studio. Relex SoftwareCorporation 2008.

19. Sang HH, Ho GL, Joon EY. AIMS-PSA a softwarefor integrating various types of PSAs. IntegratedSafety Assessment Division. Korea Atomic EnergyResearch Institute: Korea, 2010.

20. Holloway NJ. A Method for Pilot Risk Studies inImplications of Probabilistic Risk Assessment. ElsevierApplied Science: New York, 1987; 125–140.

21. Axiomatic Design Solutions, Inc., Acclaro DFSS,Boston: USA; 2006.

22. Heo G, Lee T, Do SH. Interactive system designusing the complementarity of axiomatic design andfault tree analysis. Nuclear Engineering andTechnology 2007; 39(1):51–62.

23. Ahmed R, Koo JM, Jeong YH, Heo G. Design ofsafety-critical systems using the complementaritiesof success and failure domains with a case study.Reliability Engineering and System Safety 2011;96:201–209.



Documents

Quantitative and qualitative analysis of safety parameters in nuclear power plants