Application of EDG AOT Extension Based on the Risk-Informed Method in NPPs

Feng, Yunxin; Hu, Wei

doi:https://doi.org/10.1155/2023/8435835

Science and Technology of Nuclear Installations

On this page

Abstract Introduction Data Availability Conflicts of Interest References Copyright Related Articles

Research Article | Open Access

Volume 2023 | Article ID 8435835 | https://doi.org/10.1155/2023/8435835

Application of EDG AOT Extension Based on the Risk-Informed Method in NPPs

Yunxin Feng¹and Wei Hu²

Academic Editor: Hesham Zakaly

Received02 Aug 2022

Revised01 Nov 2022

Accepted09 Nov 2022

Published05 Jan 2023

Abstract

At present, the allowed outage time (AOT) of an M310 unit emergency diesel generator (EDG) was 3 days, which can be extended to 14 days through replacement of additional diesel units; although it provides a certain online maintenance time, it cannot meet the needs of ten-years overhauls. In order to avoid stopping the reactor for maintenance of NPP due to insufficient of EDG AOT, based on risk-informed method analysis feasibility of extending AOT for EDG to 28 days, we quantitatively calculate the impact of extension of AOT on risk level of nuclear power plants (NPPs). Analysis shows that extension of EDG AOT to 28 days has less impact on NPPs, and safety of NPPs can be further ensured through temporary risk control measures, so the extension of AOT to 28 days is acceptable. By using risk-informed technology to extend AOT for EDG, unnecessary shutdown and maintenance is avoided and the economy of NPPs and flexibility of maintenance work arrangement is greatly improved while ensuring safety, which is of great significance to operation and maintenance of NPPs.

1. Introduction

Nuclear power plants (NPPs) are provided with various levels of electricity to maintain a safe and stable power system, and the emergency diesel generator (EDG) acts as a backup power source, assuring its availability via regular maintenance. Technical specifications (TS) for the operation of NPPs specify its availability, and the TS for the M310 unit say the next EDG’s allowed outage time (AOT) under power conditions is 3 days. When this time limit is exceeded, the NPP’s reactor will be shut down and withdrawn to a safe state. To improve NPPs’ ability to handle an all-plant power loss event, the NPP added a diesel generator as an alternate AC power source, establishing conditions for extending EDG AOT. The National Nuclear Safety Administration (NNSA) approved the AOT of the EDG in TS for extending an NPP from 3 days to 14 days of application. Its TS stipulate that under power operation, the power supply of both columns onsite and offsite power source can be used, and when the EDG is performed with preventive maintenance, it is allowed to replace the unit with an EDG for maintenance work, but it is necessary to meet the following: (1) there is no other first group of events and (2) the total cumulative replacement incident of the maintenance of the two EDGs of the unit shall not exceed 14 days.

EDG’s 14-day AOT provides a certain amount of online repair time, which generally meets the annual overhaul work. However, with increasing operating life of EDG, for instance in a ten-year overhaul, its maintenance time generally takes more than half a month or even a full month. Furthermore, the overhaul data show that EDG preventive maintenance performed during the shutdown time frequently takes up a crucial route of overhaul, which is a significant factor impacting the overhaul length and the unit’s availability rate. Additionally, EDG preventive maintenance is performed during power operation, and if EDG repair test fails to complete the repair within 14 days, the reactor needs to be shut down in accordance with the operating TS, which will have a significant impact on NPPs’ economies [1].

In order to avoid unnecessary shutdowns due to insufficient online maintenance time, the availability and operational flexibility of NPPs is increased and the EDG AOT needs to be extended. Deterministic safety analysis (DSA) in safety assessment techniques analyzes the efficacy and appropriateness of defense-in-depth and security systems using conservative assumptions and evaluation models, but the conclusions cannot be quantified. Probabilistic safety assessment (PSA) technology overcomes DSA’s shortcomings by employing event trees and fault trees, developing risk models based on accident processes and mitigation strategies, combining qualitative and quantitative information, and performing model quantification, uncertainty analysis, and importance ranking [2]. As the PSA technology has matured over time, it gradually developed the risk-informed approach that combines PSA and DSA. It allows qualitative and quantitative evaluation of the impact of equipment changes on the risk of nuclear power plants. Therefore, this document assesses the viability of extending the AOT of EDG of an M310 unit in China from 14 to 28 days based on a risk-informed method and utilizes this as a basis for a one-time application for ten-year EDG service.

2. Power System Description

The Class IV, III, II, and I levels of energy are offered by the NPP’s power plant system. The Class IV power system can tolerate a prolonged power outage without compromising the NPP’s ability to safely shut down. It is connected to the main external power grid at 500 kV and the auxiliary external power grid at 220 kV outside the plant. Two 6.6 KV AC distribution systems and EDGs make up the Class III power system. These systems can endure short power outages and feature an EDG as a backup to guarantee that the safe shutdown load will always have power. Class I and Class II power systems form an uninterruptible power supply system that provides power for important instruments and valves [3]. A schematic representation of the NPP’s circuit is shown in Figure 1.

3. Extension of EDG AOT Using Risk-Informed Approaches

The risk-informed approach was created primarily to support regulatory decision-making, PSA results and engineering experience constitute an input. Examples include making sure there are enough safety margins, maintaining defense-in-depth and complying to current regulatory standards, guidelines, and performance monitoring [4].

The feasibility of extending EDG AOT from 14 to 28 days under the power conditions of an NPP was investigated in this research using a risk-informed methodology. The major focus was on whether the regulatory criteria are satisfied. DSA and PSA are analyzed, and the flowchart is presented in Figure 2.

3.1. Defense-In-Depth Analysis

Defense-in-depth employs a number of compensating measures to either prevent NPP accidents or mitigate the consequences of accidents following accidents.

NPPs are equipped with four barriers, including the fuel matrix, fuel element envelope, primary loop pressure boundary, and containment, as well as five levels of progressively stronger and mutually reinforcing defenses, including the following [5]:(i)To prevent system malfunctions and alterations from regular operation(ii)To stop operational deviations from turning into accidents(iii)To limit the radiological effects of accidents(iv)To avoid developing accidents in response to overdesign baseline accidents and to lessen the effects of design expansion conditions(v)Off-plant emergency response to lessen the effects of radioactive material released into the environment.

As a result, the multilayer physical barrier set up by the NPP is unaffected by the extension of the EDG AOT. Additionally, the NPP’s power consumption system implements the defense-in-depth concept of design safety regulations and is equipped with a variety of plant power supplies, such as offsite main power source, offsite auxiliary power source, onsite power source, emergency diesel generator set, and battery [6]. The expansion of EDG AOT does not compromise the plant power system’s dependability. As the NPPs’ backup power supply, the EDG is separated into columns P and Q for mutual redundancy. Despite the fact that EDG AOT extension reduces power supply redundancy, it still guarantees that a column of EDGs is available during maintenance periods, satisfies the criteria for deterministic accident analysis, and does not materially raise the NPP’s risk, without affecting the original preventive measures. Additionally, the NPP is built with additional diesel engines to replace useless EDGs, each of which can guarantee a safe reactor shut down and cooling. As a result, the present NPPs’ defense-in-depth system is not considerably altered by the expansion of EDG AOT.

3.2. Safety Margin

Safety margin analysis is an evaluation of the ability of NPPs to cope with beyond design basic accident. This time, we mainly evaluate whether the impact of EDG AOT extension on the NPP is consistent with the principle of maintaining an adequate safety margin.

It is known that the NPP has taken sufficient safety margins into consideration, according to the Final Safety Analysis Report (FSAR) of the NPP. If two of the unit’s EDGs fail in a loss of offsite power (LOOP) scenario while there is power, it will progress to a station blackout (SBO) accident. The steam generator may be utilized to reduce decay heat in the case of SBO for at least 30 minutes. However, the expansion of EDG AOT will not have any negative effects on its water storage capacity. Operators may also turn on the emergency water supply system to hydrate the steam generator. According to the analysis, AOT may still provide a sufficient safety margin for NPPs even when EGD is extended.

3.3. PSA Model Development

PSA is a quantitative risk assessment method based on probability theory, which combines fault tree (FT) and event tree (ET) to quantitatively calculate the impact of EDG AOT extension on the safety level of NPPs by building a first-level PSA model.

According to the actual situation of NPP, a first-level PSA model of NPP was constructed, which consisted of multiple ETs and detailed FTs to reflect actual operation of the NPP. Among them, ET starting with a specific initiating event or state, through a series of mitigation events to ultimately reach final state of success or failure. FT in accordance with system design and ET analysis in the success criteria of each system response, from the failure angle to define the top event and from top to bottom step by step to the basic event.

Other initiating event frequency and reliability data for the model's parameters incorporate operational data from domestic NPPs, French EPS900, and French EPS900 and 1300 common data, in addition to certain special reliability metrics [7].

Figures 3 and 4 show ET for LOOP and FT for EDG at this NPP, respectively. There are three failure modes of EDG in the FT model, which are test repair unavailability, start-up failure, and operational failure.

When the model was developed, modeling analysis was done using the Risk Spectrum software. Then, the accident sequence that causes core damage is identified, and frequency and minimum cut set (MCS) of the accident sequence’s final state are determined. ET and FT of the mitigation system were merged, and quantitative analysis of the accident sequence was completed using the event tree.

When performing EDG AOT optimization, ET and FT models in NPPs were reviewed in more detail to determine parameters of PSA model that could be affected. Under power conditions, EDG AOT is prolonged, which will lead to EDG being unavailable for a certain period of time, and in ET. Additionally, in ET, the EDG’s maintenance unavailability rises as a mitigating event, changing the NPP’s core damage frequency (CDF). However, EDG AOT extension does not introduce new initiation events and does not affect the response to NPP accidents, so conservative consideration does not require modifications to ET, FT model, initiation tree, and equipment reliability other than EDG.

3.4. Quantitative Analysis

For EDG AOT extension, unavailability of EDG in the FT model is changed, impact of the EDG AOT extension on the risk of NPP was quantitatively calculated, and quantitative acceptance criteria for response are determined to be met or not. The EDG AOT extension scheme is extended from 14 to 28 days; calculation is made using the power operating state and solely with the EDG test maintenance as the foundation, not the 14-day AOT.

Moreover, under the baseline case, EDG unavailability only includes corrective repairs, and when AOT is extended to 28 days, it is assumed that corrective maintenance unavailability of EDG does not change, but due to the increase the time of online maintenance, preventive maintenance unavailability of EDG also needs to be considered. The total maintenance unavailability of the year when EDG AOT is extended to 28 days is 8.54E − 02 per reactor year, according to calculations based on the operating time of NPP power condition of 8040 hours and EDG AOT of 28 days. The preventive maintenance unavailability for the current year is 8.36E − 02/reactor year. Table 1 displays the results of calculating the EDG AOT extension of an M310 NPP.

Using RG1.174 “An approach for using probabilistic risk assessment in risk-informed decisions on plant-specific changes to the licensing basis” and RG1.177 “Plant-specific, risk-informed decision making: technical specifications,” it is determined whether EDG AOT satisfies the quantitative acceptance criteria after quantitative calculation [4, 8].

The average risk level of the unit is primarily constrained by RG1.174, and Figure 5 depicts the RG1.174 risk acceptable criterion. If ΔCDF is smaller than 1.0E − 06 per reactor year (i.e., the increase in CDF falls within Region III of Figure 5), the change is considered regardless of whether there is a calculation of the total CDF. When the calculated increase in CDF is in the range of 1.0E − 06 per reactor year to 1.0E − 05 per reactor year (i.e., the increase in CDF falls within Region II of Figure 5), applications are considered only if it can be reasonably shown that total CDF is less than 1.0E − 04 per reactor year. Applications that result in increases to CDF above 1.0E − 05 per reactor year (i.e., the increase in CDF falls within Region I of Figure 5) would not normally be considered. It is best to keep the risk within Region III, while taking into account the cumulative effect of all changes to the unit [8].

The calculations in Table 1 show that when the EDG AOT of the NPP is increased to 28 days for preventive maintenance, the average risk level of the unit increases very slightly, to 1.10E − 07/yr, which is in Region III of Figure 5 and is significantly less than the limit value of 1.0E − 06/yr, within the acceptable risk criterion.

The main goal of RG1.177 is to reduce the risk increase brought on by a single device outage. For the needs of RG1.177 unit configuration status and TS for NPP operation, the zero maintenance model serves as the reference model for an EDG AOT that is conducted in a certain unit configuration state. CDF₁ is calculated according to the modified model and CDF₀ is used with the reference model. In order to get ΔCDF, the two are subtracted. Then, ΔCDF multiplies with the maintenance duration ΔT to calculate incremental conditional core damage probability (ICCDP). The limit of ICCDP is 1.0E − 06/yr. The calculation method is shown in Figure 6.

We need to check that ICCDP will not go over the allotted limit while doing equipment repairs, while the equipment is powered on after establishing the length of the equipment outage. If the limit value is not exceeded, a check that ICCDP will not go over the allotted limit while doing equipment repairs while the n increase in risk is considered acceptable; otherwise, it is undesirable.

The results are shown in Table 2 and are calculated in accordance with RG1.177. Analysis reveals that when EDG AOT is prolonged to 28 days, ICCDP is 6.69E − 08/yr, which is much less than the limit of 1.0E − 06/yr. Risk acceptability guidelines RG1.177 are met by its risks [4].

3.5. Importance Analysis

From a safety standpoint, we also need to examine how EDG in NPPs affects the safety level, identify equipment that significantly affects the NPP risk level, which can be ranked after importance calculation, reflecting the quantitative risk level as the probability of events in the risk model changes, and identify the NPP weak points that result in risks.

Important measures commonly used include Fussell–Vesely (F-V), risk decrease factor (RDF), and risk increase factor (RIF) [9].

F-V which is used to determine the importance of a single MCS containing a fundamental event to risk. It is defined as follows:where is probability of all minimum cut sets containing event, representing the baseline risk [2].

RDF is a factor that reduces frequency of core damage when the current basic event is set to 0. It measures the amount of risk reduction when current event never occurs. It is calculated as follows:

RIF is a multiple of the increase in CDF when the current basic event probability is set to 1, which measures the total amount of system risk change in the worst case assuming the failure of a certain unit. Even if the failure rate of the equipment is relatively low, it may quantify the significance of the functions carried out by the equipment and identify the equipment that significantly contributes to safety. The calculation is as follows:

Table 3 displays the results of the importance calculation. We can observe that the unavailability of EDG AOT was 8.54E − 02/yr when it was increased to 28 days. With an FV significance of 1.85E − 02, RDF of 1.02E + 00, and RIF of 1.20E + 00, which are both quite modest and have a low ranking, CDF importance for the NPP was rated 33rd at this time. It little affects the NPP.

3.6. Uncertainty Analysis

When using PSA results for risk analysis or decision-making, it is important to take these uncertainties into account due to the lack of clarity regarding the analyst's level of confidence in the model's predictions and their level of model comprehension. In order to determine how uncertainty affects the final results, this article examines the veracity of the outcomes of the quantitative risk assessment. Parameter uncertainty, model uncertainty, and incomplete uncertainty are the three primary categories of uncertainty that have an impact on PSA results [10].

Parameter uncertainty is mainly caused by the lack of equipment failure data or the inability to obtain valid data. This type of uncertainty is expressed in terms of the degree of confidence of analyst at the current level of these parameters [11].

Using the Risk Spectrum software’s CDF and ICCDP parameters as samples and using the Monte Carlo simulation approach can help reduce parameter uncertainty. To get the quantile values of the parameters at the 5 percent, 50 percent, and 95 percent levels, we execute 10000 simulation samples using 1234 as the beginning value of the random variable in the simulation computation. Table 1 displays that the 95 percent confidence level for ∆CDF equals 4.10E − 07/yr when EDGAOT is extended to 28 days, and the remaining findings are both in Tables 1 and 2 that contain calculations.

When analyzing the accident process of the PSA model, a variety of alternative approaches contribute to model uncertainty, and the appropriateness of the methodologies, models, assumptions, and approximations utilized in the analysis process cannot be fully understood. On analysis results, sensitivity analysis or comparable analysis techniques are typically used. Sensitivity analysis is used to address this; see Section 3.7.

Completeness uncertainty is caused by the amount of cognition and other factors in the model that have not been analyzed or are not analyzed enough. Therefore, the need to assess the impact of risk of unanalyzed part on the results can be evaluated in the following ways:(i)Expansion of the PSA model, fill in the unanalyzed parts or increase the level of detail of the model(ii)Impact of the unanalyzed part of analysis model on the outcome can be ignored(iii)Conservative methods quantify risks that are not analyzed in detail in the model.

Since the NPP's PSA model is not full-scale, it is necessary to explain the parts outside the scope of analysis, mainly reflected in the external events. This is a qualitative analysis of the PSA model without external events at the beginning of this paragraph. According to the description in the text, four types of external events such as floods, earthquakes, strong winds, and fires are analyzed in this paper. Here, the effects of earthquakes and strong winds on EDG are analyzed. In the case of strong winds or earthquakes, NPP may LOOP as a result, but the NPP's two emergency diesel generators set are earthquake-resistant and wind-proof, and as long as any EDG can be guaranteed, it can ensure the normal shutdown and cooling of reactor, even if the additional diesel generator set is not considered. The NPP also has an LLS diesel generator set, which guarantees that the main pump emergency shaft seal can avoid the creation of small breaks, minimizing and enduring the effects of earthquakes and severe winds.

Additional attention needs to be paid to the impact of internal fires. Due to the implementation of preventive maintenance in a EDG set plant, a large amount of work on the site may introduce a fire source and change the ignition frequency, which may have an impact on the CDF results of the unit. However, as long as the fire rain valve in EDG set plant is always available and on-site fire operation is strictly controlled and special personnel are carried out, the impact of fire can be mitigated to a certain extent. At present, there is no EDG set fire accident in Chinese nuclear industry and there is no major fire accident in NPPs. Impact of the fire is generally controllable and it can be expected that the contribution to the CDF is limited.

In addition to incomplete external events, the lack of a secondary PSA model for the NPP, which could not quantify the impact of LRF, also causes uncertainty. Since AOT extension of EDG is mainly based on the ΔCDF of first-level PSA model, it is supplemented by qualitative analysis. Based on past experience, unavailability of EDGs does not lead to containment bypass, LERF is not very influential on the results of this time, and when EDG AOT is extended to 28 days, the impact on LERF does not exceed the risk acceptable guidelines.

After uncertainty analysis, it can be seen that calculation result of extension of EDG AOT to 28 has a high degree of credibility, and an unanalyzed part has little impact on the safety level of NPPs and can be ignored.

3.7. Sensitivity Analysis

Sensitivity analysis can identify which changes in reliability parameters in the risk model have a significant impact on final risk evaluation results.

Screening of equipment through importance analysis and engineering experience, it analyzes the impact of a certain multiplication of equipment unavailability in an NPP on the risk and determine whether it is sensitive [12].

This is usually done for one assumption or one parameter at a time, and if necessary, a sensitivity analysis can also be performed for a combination of related assumptions.

The following formula is generally used for calculation:where FTopU (FTopL) denotes the CDF after multiplying (dividing) parameters of a basic or initiating event by the sensitivity factor, which is generally taken as 10 in the calculation, and calculation results are shown in Table 4.

At the same time, there were 17 initiating events for fault tree analysis of the NPP, and the values of each initiating event are shown in Figure 7 for baseline case of the NPP and the EDG AOT of 28 days. Combined with the analysis of initiating events causing CD, there is a significant change in the value of LOOP on the probability of causing CD when EDG AOT is extended to 28 days, as shown in the figure CD-LOOP, which indicates a high sensitivity of LOOP to EDG AOT extension. However, it is seen in Figure 7 that LOOP event contributes less to CD as an initiating event, with a sensitivity calculation of 1.34E + 00, ranking 21st.

The power operation condition loss of all heat traps (CD-OQ) and feed pipe break (IE-VL) are initiating events that have contributed to CD and are therefore ranked higher in Table 4. In addition, the results of event EDG set LHP001AP test repair reflect the sensitivity of EDG AOT duration, ranking 33rd at 1.19E + 00.

For a more in-depth analysis of sensitivity of LOOP and EDG AOT duration, further calculations were performed, as shown in Table 5. As seen in Table 5, when LOOP frequency increases from 1.94E − 02/yr to 0.1/yr, the NPP’s CDF is still within the risk acceptable guidelines limit. If LOOP frequency continues to increase, the risk acceptable guidelines for NPPs is no longer met. As seen from EDG AOT extension duration, the impact of AOT extension from 14 days to 28 days on the CDF of the NPP is very small.

In summary, the CDF is more sensitive to LOOP event and less sensitive to the timing of EDG AOT. Therefore, the reliability of the external grid is critical to control the increased risk to the NPP during the repair of EDG.

3.8. Decision-Making

Demonstration of the feasibility of extending EDG AOT to 28 days based on a risk-informed approach. First, EDT AOT extension meets current Chinese regulations (HAF 102 HAF 103) [13, 14], guidelines (HAD 102/17, HAD103/01, and HAD103/06) [15–17], and relevant technical policies (e.g., the 2010 NNSA Technical Policy: Application of Probabilistic Safety Analysis Techniques in Nuclear Safety) [18]. Then, after DSA, it is concluded that EDG AOT extension satisfies the principle of defense-in-depth and maintains a sufficient safety margins. The quantitative calculation of PSA shows that extension of EDG AOT to 28 days will have a minimal impact on the risk level of the NPP. The challenges to containment integrity and the minimal impact on the reliability of the containment system, fully compliant with regulatory requirements of quantitative acceptance guidelines RG1.174, RG1.177 and relevant regulations, guidelines, policy statements, and TS. Therefore, it is technically perfectly feasible. In addition, EDG AOT extension will also reduce the risk during an NPP shutdown as it allows EDG to be repaired during power operation and therefore both emergency diesel trains will be available during an NPP shutdown.

In order to do a good job of risk control during EDG maintenance, it is necessary to take certain temporary measures to prevent NPPs from entering a high-risk configuration state during EDG maintenance.

4. Temporary Risk Management Measures

During EDG AOT extensions, additional plant outages at the NPP may lead to potentially high risk configurations [19], and various other factors may also significantly increase the risk during EDG AOT extensions. So, the potential impact of plant risks is comprehensively assessed, identified, and effective risk management measures are implemented.(i)Maintenance limitations. During EDG preventive maintenance, the temporary risk of the NPP is higher than annual average risk, at this time, if additional equipment stops running, the NPP is likely to enter a high-risk configuration. So, when formulating maintenance measures, you can refer to the MCS and importance results of other equipment under maintenance. By checking the MCS of CD of the NPP under operating conditions of the power rate, the MCS caused by repair of other equipment at the same time as EDG maintenance is found, as shown in Table 6. By adjusting the maintenance cycle of other equipment, the risk of increased CDF caused by the maintenance of other equipment at the same time as the EDG maintenance is avoided. For example, according to MCS in Table 6, such as 8, 9, and 10, it can be seen that the equipment in column P of the NPP should be maintained and available. It can be seen from MCS 1 and other MCSs that while EDG maintenance try to avoid the maintenance of RRI/SEC heat exchangers and charging pumps (i.e., high-pressure safety injection pumps) and other related pumps, to ensure that the NPP has sufficient cooling means to remove residual heat during emergency shutdown.(ii)Defense against human error. According to TS, only one of two EDGs can be allowed to be serviced at a time. To prevent the wrong compartment being used for maintenance and inadvertently entering another EDG, the NPP has clearly labeled the two EDGs that are physically separated in the EDG plant room, effectively preventing human error.(iii)Defense against common cause failure(CCF). CCF due to maintenance errors is a potential problem where two EDG sets fail to perform their designated functions. The CCF issue may be solved by utilizing various maintenance workers, improved maintenance processes, training initiatives, impartial inspectors, and post-repair testing.(iv)Grid and weather conditions. The factors affecting grid reliability are complex and beyond the scope of NPP management. However, consensus can be reached with the network regulator prior to the work being performed to ensure that the EDG should not be scheduled for online maintenance when grid conditions are not appropriate. In addition, the plant will ensure that extreme weather conditions have been predicted not to occur during planned EDG preventive maintenance.(v)Emergency management procedures for SBO. Nuclear power plants have developed emergency operating procedures for SBO accident to ensure adequate core cooling and containment integrity during SBO. In addition, plant operators must be provided with sufficient training to use the emergency operating procedures in response to SBO accident.(vi)Fire risk. Maintenance activities typically increase the potential for fire due to the presence of transient combustibles and ignition sources (e.g., oil, chemicals, and welding). The control of combustibles and ignition sources within the EDG maintenance area will follow the NPP-related procedures to reduce risk of increased fires from all causes. In addition, the availability of fire protection rain dampers in the EDG room will be maintained to reduce the consequences of fire in the event of a fire.

Adopting the abovementioned restrictions can prevent, as much as possible, the NPP from entering high-risk configurations during EDG maintenance.

5. Summary

This paper uses a risk-informed approach to demonstrate that the risk of extending EDG AOT to 28 days under power conditions is acceptable. The approach combines the advantages of qualitative analysis of DSA and PSA that can be calculated quantitatively, while using methods such as Monte Carlo for model quantification, uncertainty analysis, and importance ranking and using sensitivity analysis to identify parameter devices that have a large impact on the NPP for overall decision-making. In addition, the analysis in this paper identifies interim risk control measures to further ensure the avoidance of significant risks to the plant configuration during EDG maintenance under NPP power conditions. The EDG AOT extension by power working condition can make the maintenance work arrangement more flexible. It ensures safety while greatly improving the economics of NPPs and is of great importance to the operation and maintenance of NPPs.

The PSA model in this study is incomplete and the external events are not modeled. In the future, we can gradually improve the PSA model and deepen the study on the reliability of diesel engines to more accurately calculate and grasp the impact of EDG AOT extension on NPPs.

Data Availability

The data used to support the findings of this study are included within the article.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

References

B. Chang, J. Guo, and J. Chen, “Probability safety assessment for the extension of allowed outage time of emergency diesel generator in Daya Bay NPP,” Chinese Journal of Nuclear Science and Engineering, vol. 27, no. 4, pp. 349–354, 2007.
View at: Google Scholar
H. Zheng and H. Zhou, Probability Safety Assessment, National Defense Industry Press, Beijing, China, 2011.
L. Kang, Research on the Design Scheme of the Auxiliary Power System of Nuclear Power Plant, North China Electric Power University, Beijing, China, 2015.
S. Min, Plant-specific, Risk-Informed decision making: technical specifications, Nuclear Regulatory Commission, Rockville, MD, USA, Revision 2 edition, 2021.
J. Zhu and J. Shan, Nuclear Power Plant safety, China Electric Power Press, Beijing, China, 2010.
NNSA, Power System Design for Nuclear Power Plants. HAD 102/13-2021, National Nuclear Safety Administration, Washington, DC, USA, 2021.
NNSA, China Nuclear Power Plants Equipment Reliability Data Report, National Nuclear Safety Administration, Washington, DC, USA, 2020.
G. Anders, An approach for using probabilistic risk assessment in Risk-informed decisions on plant-specific changes to the licensing-basis, Nuclear Regulatory Commission, Rockville, MD, USA, Revision 3 edition, 2018.
Q. Liang, M. Liu, P. Xiao, Y. Guo, J. Xiao, and C. Peng, “Reliability assessment for a safety-related digital reactor protection system using event-tree/fault-tree (ET/FT) method,” Science and Technology of Nuclear Installations, vol. 2020, Article ID 8839399, 9 pages, 2020.
View at: Publisher Site | Google Scholar
Z. Huang, Y. Chu, H. Li, Y. Yi, H. Qian, and H. Xu, “Uncertainty analysis in Risk-Informed probabilistic safety assessment applications,” Chinese Journal of Nuclear Science and Engineering, vol. 37, no. 5, pp. 136–144, 2017.
View at: Google Scholar
H. Ding, Development of the Uncertainty and the Sensitivity Analysis Function Module in the Nuclear Power Station PSA Software, Hefei University of Technology, Hefei, China, 2005.
NNSA, Nuclear Power Plant Level 1 Probabilistic Safety Analysis, National Nuclear Safety Administration, Washington, DC, USA, 2021.
NNSA, Nuclear Power Plant Design Safety Regulations: HAF 102-2016, National Nuclear Safety Administration, Washington, DC, USA, 2016.
NNSA, Operational Safety Regulations for Nuclear Power Plants, HAF103. National Nuclear Safety Administration, Washington, DC, USA, 2004.
NNSA, Nuclear Power Plant Safety Evaluation and Verification: HAD 102/17, National Nuclear Safety Administration, Washington, DC, USA, 2006.
NNSA, Conditions and Operating Procedures for Operating Limits of NPPs. HAD103/01, National Nuclear Safety Administration, Washington, DC, USA, 2004.
NNSA, Organization and Safety Operation Management of NPPs Operating Unit, HAD103/06, National Nuclear Safety Administration, Washington, DC, USA, 2006.
NNSA, Technology Policy: Application of Probabilistic Safety Analysis Techniques in the Field of Nuclear Safety, National Nuclear Safety Administration, Washington, DC, USA, 2010.
NNSA, Technical Policy on Risk Management of Nuclear Power Plants Configuration (Trial Implementation), National Nuclear Safety Administration, Washington, DC, USA, 2019.

Copyright

Copyright © 2023 Yunxin Feng and Wei Hu. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

318

Downloads

338

Citations