Approach for Risk-Based Regulation and Risk Management of Nuclear Power Plants. H.P. Berg, Bundesamt für Strahlenschutz, Salzgitter, Federal Republic of Germany
INTRODUCTION
At international level, risk analysis and risk assessment techniques
are increasingly used in assessing, accepting or validating the
current safety state of a nuclear power plant built to earlier
standards. This has led to a more stringent incorporation of
the risk assessment into the regulatory framework in some countries.
In the Federal Republic of Germany, the nuclear licensing procedure
is essentially based on deterministic safety analysis. In the
context of periodic safety reviews of nuclear power plants in
operation, also probabilistic considerations can be taken into
account; this is a first smoothly step towards the international
activities, but probabilistic safety assessment (PSA), at present,
only supports but does not determine regulatory decision making.
However, when properly applied, the results of a PSA can be used
to identify and prioritize the importance of hardware, human actions
(operation and maintenance staff activities) and plant procedures
to plant risk. The information contained in a PSA is also important
in the development of a sound risk management programme that could
be used for decision-making purposes.
An integral part of a comprehensive risk management programme
at a nuclear power plant would be a living PSA that could be used
as the basis for day-to day operational and maintenance activities
and for the short and long-term assessment and prioritization
of safety-related needs. Regarding risk management, the idea
of such a living PSA has been supported in the framework of the
German Nuclear Regulatory Research Programme.
RISK BASED REGULATION
Risk-based regulation is the utilization of the modem PSA tool
in order to better distribute the resources of both the regulator
and the nuclear industry. More specifically, resources would
be distributed according to risk significance. Those items or
events that have high risk significance would receive the most
attention, while those with little risk content would command
fewer resources.
Risk-based regulation has the potential of both improving nuclear
power plant safety and reducing plant operating costs. This modem
form of regulation could be applied to present operating plants
and to advanced designs. In fact, it would help to quantify the
safety improvements of advanced designs.
The application of PSA technology to the regulatory process can
reduce public risks in several ways: by finding design weaknesses,
by improving plant operations, and in developing severe accident
management programmes. For example, a traditional product of
a level I PSA is some estimate of the likelihood of a nuclear
power plant having a core damage or core melt event. The overall
core melt frequency is estimated by summing up many thousands
of accident sequences, each providing some increment of core melt
frequency. If a level 2 PSA is performed, then there will also
be estimates of the containment failure frequency and the releases
of radioactive material to the environment associated with each
containment failure. A large sum, e.g., a high core melt frequency
or high containment failure frequency, can be an indication of
a poor design. Further, by examining the different contributors
to the aggregate value, particular areas of design weakness can
be pin-pointed. Therefore, PSA results can be used to evaluate
the design of nuclear power plants. Numerous plant-specific design
improvements have already been implemented in various nuclear
plants based on PSA insights, thereby lowering nuclear risks.
More recently, PSA techniques have been applied in evaluating
the operation of nuclear power plants focussing the interest on
how plant risks vary with time. There are several mechanisms
that can cause plant risks to change over time. The performance
of individual components and whole systems may degrade due to
aging or improve due to design modification or enhanced maintenance.
Plant configurations also change from time-to-time as certain
components are removed from (or restored to) service for tests
and/or maintenance, while others may be removed through failure.
Configurations also change when going from one plant operating
mode to another, such as going from power operation to shutdown.
Since the risk significance of a component or system is also
a function of the plant's configuration, changing configurations
yield different risk levels.
Just as earlier applications of integral PSA results were utilized
to reduce the risks due to design weaknesses, present specific
applications are increasingly dedicated to minimizing operational
weaknesses, e.g., avoiding high risk plant configurations.
A major step towards risk-based regulation is the Final Policy
Statement on the Use of Probabilistic Risk Assessment Methods
in Nuclear Regulatory Activities" published by the US Nuclear
Regulatory Commission in August 1995 which establishes an overall
policy on the use of PSA methods in nuclear regulatory activities.
It is stated that already existing probabilistic safety criteria
and subsidiary numerical objectives are to be used with appropriate
consideration of uncertainties in making regulatory judgments
on the need for proposing and backfitting new generic requirements
on nuclear power plant licensees.
Quantitative safety criteria and objectives -- correlated with
the risk of each single individual in the vicinity of the plant
and/or the societal risk of the population as a whole -- are used
in the decision-making process, for example, in the United Kingdom
and in the Netherlands. In both countries, this safety concept
is not restricted to nuclear installations but it has been adopted
as a more global safety policy regarding all potential hazardous
industries and activities.
BENEFITS AND DISADVANTAGES OF RISK-BASED REGULATION
Although some countries, in particular USA, are strongly discussing
a proposed transition process from deterministic to risk-based
regulation, the pros and cons of risk-based regulation including
challenges of such a transition process should be taken into account
which are summarized in the following.
Main benefits of a risk-based regulation are:
On the other hand, there are a lot of disadvantages and difficulties
which are posed by such a goal-setting approach:
Challenges which are associated with developing and implementing
risk-based approaches to regulation are:
As desirable as it might be to write regulations in terms of the
ultimate measure of probabilities, it is not even nearly possible
to define the probability of a possible accident sequence with
enough precision and enough replicability to use such probabilities
as terms in the regulations' bottom line.
The fact that PSA results are not sufficiently robust is the main
reason that PSA could not be the sole tool or basis for creating
a new regulatory regime in the near future. Therefore, the determination
of probabilistic safety goals is not supported in Germany from
the legal point of view, neither as probabilistic limits nor as
orientation values.
RISK MANAGEMENT TOOLS IN GERMANY
While many PSA projects were originally performed to address a
specific need or decision, the living PSA concept is based on
a dynamic, regularly updated model. Such a living PSA tool is,
in particular, of most benefit to the utilities for raising the
reliability of plants and increasing their availability. Nevertheless,
it has been seen as a federal task to support the idea of such
a living PSA.
Therefore, the tool Safety Analysis and Information System (SAIS)
has been developed in the Federal Republic of Germany. SAIS consists
of a plant specific level 1 + PSA including PSA models, data and
computer tools for the modification and reevaluation of the event
and fault trees. Moreover, system and component data and graphics
are also part of SAIS so as to provide supporting information
for plant engineers. This second option of SAIS enables to record
plant specific data and experiences of the personnel which has
been seen to be helpful in case of the assessment of the current
safety status of nuclear power plants built to an earlier standard,
e.g., in case of the Russian nuclear power plant in Kola. However,
the use of PSA as a living PSA in German plants is -- at present
-- still very limited.
The second example for a risk management tool is the computerized
Reliability Adviser System (RELADS) which can be adopted and used
by safety analysts as a living PSA and/or by the responsible plant
staff as a risk monitor. This system is still under development.
The main aim of RELADS is to provide the user on-line with the
following informations
based on event and fault trees and cut sets of an already existing
level 1 PSA.
The risk-level change is calculated and presented on three levels:
loss of system function, occurrence of an event sequence and occurrence
of a core damage (which could lead to a major accident). An optimization
routine calculates the repair prioritization if more than one
component is inoperable.
One example of an already running risk monitor on international
level is the Essential System Status Monitor developed in the
United Kingdom and implemented at Heysham 2 to provide power station
operators with an on-line aid for planning plant unavailabilities
required for maintenance in a coordinated manner.
CONCLUSIONS
For the time being, the deterministic and probabilistic methodologies
are mainly kept separately. In a first step, all the deterministic
rules have to be interpreted from a PSA and risk management point
of view. Furthermore, the results have to be integrated into
a consistent and realistic framework. This is certainly a major
task (involving a large number of judgements) which may be worthwhile
to be started in the future.
Considerations on possible probabilistic (i.e. quantitative) safety
goals and criteria are, at present, not performed with high emphasis
in Germany, but they may become more important with the progress
of future reactor concepts like the European Pressurized Water
Reactor, a common French-German project where the vendors have
determined internal probabilistic safety goals to be reached by
the design of such plant.
In particular, a risk-based procedure in the regulatory framework
of the Federal Republic of Germany -- as highlighted by the US
Nuclear Regulatory Commission -- is not part of current revisions
of existing ordinances and safety criteria in the near future.
On the other hand, first developments of risk management tools
are underway and have to prove their benefits in practical applications
as living PSA or risk monitor.